Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast Detecting Win32 Wali Cryp [Solved]

Started by SilentCloud9 , Feb 26 2010 10:47 AM

  • This topic is locked This topic is locked

#1
SilentCloud9
Posted 26 February 2010 - 10:47 AM

SilentCloud9

    New Member

  • Member
  • Pip
  • 6 posts
I have been receiving Avast notifications every few hours telling me that it has detected Win32 Wali Cryp. I completed the Malware & Spyware Cleaning guide (I had constant unexpected shutdowns when trying to run the GMER), but the worm/virus is still there. I am posting the logs that I have (sans GMER) below. I would really appreciate the help.

MBAM

Malwarebytes' Anti-Malware 1.44
Database version: 3787
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/24/2010 9:31:53 PM
mbam-log-2010-02-24 (21-31-53).txt

Scan type: Quick Scan
Objects scanned: 113714
Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ieocxapp.ieocx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieocxapp.ieocx.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b360243e-09e8-402f-8721-00b6798089ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysav (Rogue.WinPCDefender) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.



OLT.txt

OTL logfile created on: 2/26/2010 10:47:48 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Sheena\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 35.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 47.63 Gb Free Space | 33.87% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.41 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SILENTCLOUD
Current User Name: Sheena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/26 10:45:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Sheena\Downloads\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:47:39 | 000,159,280 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/06/20 16:37:44 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/20 16:37:34 | 001,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/25 20:27:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 19:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 18:27:50 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/10/18 14:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/18 14:27:50 | 000,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/10/03 14:15:40 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/26 06:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/09/06 08:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2007/07/10 05:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/05/16 09:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/03/20 17:23:40 | 001,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/02/13 13:38:36 | 000,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/30 21:59:14 | 000,505,520 | ---- | M] (Symantec Corporation) -- C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
PRC - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 10:45:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Sheena\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/10/18 14:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/10 05:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/17 09:31:12 | 000,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 11:36:58 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}:0.6.8

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 18:58:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/29 14:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/29 14:33:27 | 000,000,000 | ---D | M]

[2010/01/29 14:48:52 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Extensions
[2010/02/25 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions
[2010/02/23 11:33:13 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010/02/12 18:11:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/05 19:57:32 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\[email protected]
[2010/02/23 11:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions
[2010/01/29 14:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {599E271D-79FA-2D84-6D1D-14D30A573A63} - C:\Windows\System32\nnci.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Google Update] C:\Users\Sheena\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sys63B1.exe] C:\Windows\Sys63B1.exe File not found
O4 - HKCU..\Run: [Sys63C1.exe] C:\Windows\Sys63C1.exe File not found
O4 - HKCU..\Run: [Sys81BC.exe] C:\Windows\Sys81BC.exe File not found
O4 - HKCU..\Run: [Sys90D9.exe] C:\Windows\Sys90D9.exe File not found
O4 - HKCU..\Run: [Sys90DA.exe] C:\Windows\Sys90DA.exe File not found
O4 - HKCU..\Run: [Sys9C3E.exe] C:\Windows\Sys9C3E.exe File not found
O4 - HKCU..\Run: [Sys9C4E.exe] C:\Windows\Sys9C4E.exe File not found
O4 - HKCU..\Run: [Sys9C6D.exe] C:\Windows\Sys9C6D.exe File not found
O4 - HKCU..\Run: [Sys9C6E.exe] C:\Windows\Sys9C6E.exe File not found
O4 - HKCU..\Run: [SysA266.exe] C:\Windows\SysA266.exe File not found
O4 - HKCU..\Run: [SysA801.exe] C:\Windows\SysA801.exe File not found
O4 - HKCU..\Run: [SysE10B.exe] C:\Windows\SysE10B.exe File not found
O4 - HKCU..\Run: [SysE10C.exe] C:\Windows\SysE10C.exe File not found
O4 - HKCU..\Run: [SysF1DC.exe] C:\Windows\SysF1DC.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 06:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{10fe5a26-9b4c-11dc-b2b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{10fe5a26-9b4c-11dc-b2b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{71a572fd-198e-11de-bd21-001b24b6c0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{71a572fd-198e-11de-bd21-001b24b6c0c0}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/31 02:31:46 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/25 15:10:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/25 15:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/24 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\Sheena\AppData\Roaming\Malwarebytes
[2010/02/24 21:17:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/24 21:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/24 21:17:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/24 21:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 18:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/02/22 18:47:16 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/02/22 17:43:11 | 000,000,000 | ---D | C] -- C:\Users\Sheena\AppData\Local\BuildAGadget Content
[2010/02/22 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\Sheena\Desktop\New Folder (3)
[2010/02/22 00:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cybertek Games
[2010/02/14 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Sheena\Desktop\New Folder (2)
[1 C:\Users\Sheena\AppData\Roaming\*.tmp files -> C:\Users\Sheena\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/26 10:47:00 | 003,407,872 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat
[2010/02/26 10:30:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/02/26 10:29:25 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000UA.job
[2010/02/26 10:29:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 10:29:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 10:29:18 | 000,042,238 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/26 10:29:18 | 000,042,238 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/26 10:28:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/26 02:27:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/02/26 00:19:09 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/26 00:18:59 | 000,124,288 | ---- | M] () -- C:\Users\Sheena\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 00:16:06 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/26 00:16:06 | 000,606,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/26 00:16:06 | 000,105,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 00:08:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/26 00:08:10 | 000,431,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/26 00:07:04 | 1005,449,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 20:46:38 | 285,243,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/25 20:19:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/02/25 15:09:15 | 000,000,733 | ---- | M] () -- C:\Users\Sheena\Desktop\NTREGOPT.lnk
[2010/02/25 15:09:15 | 000,000,714 | ---- | M] () -- C:\Users\Sheena\Desktop\ERUNT.lnk
[2010/02/25 15:09:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000Core.job
[2010/02/25 15:03:51 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/02/25 09:19:44 | 000,524,288 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat{4f241719-4fe6-11dd-9e93-001a73b48109}.TMContainer00000000000000000001.regtrans-ms
[2010/02/25 09:19:44 | 000,065,536 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat{4f241719-4fe6-11dd-9e93-001a73b48109}.TM.blf
[2010/02/25 09:18:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/24 21:33:22 | 003,001,507 | -H-- | M] () -- C:\Users\Sheena\AppData\Local\IconCache.db
[2010/02/24 16:27:55 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2010/02/22 21:44:48 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSheena.job
[2010/02/22 19:11:59 | 000,023,113 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/02/22 18:51:27 | 000,077,377 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/02/22 18:49:00 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/22 00:56:26 | 000,002,337 | ---- | M] () -- C:\Users\Sheena\Desktop\Diner Dash 5 - Boom Collectors Edition.lnk
[2010/02/20 18:31:33 | 000,017,661 | ---- | M] () -- C:\Users\Sheena\Documents\Updated Resume.docx
[2010/02/20 10:47:33 | 000,059,904 | ---- | M] () -- C:\Users\Sheena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Sheena\AppData\Roaming\*.tmp files -> C:\Users\Sheena\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/25 20:20:08 | 000,293,376 | ---- | C] () -- C:\Users\Sheena\Desktop\gmer.exe
[2010/02/25 15:09:15 | 000,000,733 | ---- | C] () -- C:\Users\Sheena\Desktop\NTREGOPT.lnk
[2010/02/25 15:09:15 | 000,000,714 | ---- | C] () -- C:\Users\Sheena\Desktop\ERUNT.lnk
[2010/02/24 16:27:55 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2010/02/23 14:44:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/02/23 14:44:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/02/23 14:44:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/02/23 14:44:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/02/22 18:56:14 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/22 18:49:00 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/22 18:47:01 | 000,077,377 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/22 00:56:26 | 000,002,337 | ---- | C] () -- C:\Users\Sheena\Desktop\Diner Dash 5 - Boom Collectors Edition.lnk
[2009/10/14 16:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/25 12:14:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/15 19:14:45 | 000,042,238 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/15 19:14:45 | 000,042,238 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/23 21:26:12 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/12 17:12:59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/10/11 23:25:49 | 000,000,552 | ---- | C] () -- C:\Users\Sheena\AppData\Local\d3d8caps.dat
[2008/06/30 19:56:15 | 000,180,224 | ---- | C] () -- C:\Windows\System32\nnci.dll
[2008/03/28 17:52:15 | 000,001,356 | ---- | C] () -- C:\Users\Sheena\AppData\Local\d3d9caps.dat
[2007/12/05 20:28:14 | 000,059,904 | ---- | C] () -- C:\Users\Sheena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 13:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/11/24 17:07:35 | 000,027,934 | ---- | C] () -- C:\Users\Sheena\AppData\Roaming\nvModes.dat
[2007/11/24 17:07:35 | 000,027,934 | ---- | C] () -- C:\Users\Sheena\AppData\Roaming\nvModes.001
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\QSwitch.txt
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\DSwitch.txt
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\AtStart.txt
[2007/08/04 05:53:27 | 000,003,037 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2008/09/20 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\acccore
[2010/02/24 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Azureus
[2009/11/30 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Big Fish Games
[2009/11/17 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\blg
[2010/01/12 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\calibre
[2009/03/25 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\DAEMON Tools Pro
[2008/11/22 11:55:43 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\DJ ToneXpress
[2009/10/27 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Enki Games
[2009/07/01 11:07:01 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Enlightenus
[2009/10/08 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\ERS G-Studio
[2009/10/27 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Flood Light Games
[2008/07/24 21:07:17 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\ForgottenRiddles2
[2010/02/16 01:46:40 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Friday's games
[2009/11/04 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Game
[2008/06/08 18:13:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Games
[2008/11/29 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\GARMIN
[2008/08/23 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2008/01/03 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Grisoft
[2009/11/04 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Meridian93
[2007/11/24 21:20:14 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\MSNInstaller
[2010/02/22 00:56:50 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\PlayFirst
[2008/08/23 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Righteous Kill
[2007/12/01 23:43:32 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SecondLife
[2009/11/11 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SpinTop Games
[2009/08/03 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SprillRichiEng
[2009/06/05 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SystemRequirementsLab
[2008/09/20 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Valusoft
[2009/11/24 22:53:13 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\WildTangent
[2009/02/08 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Windows Sidebar Styler
[2010/02/26 02:27:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/02/25 20:19:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/02/25 15:03:51 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/02/26 10:30:05 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/02/25 09:19:07 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/04 06:18:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/08/04 06:18:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/08/04 06:18:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/12 21:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/12 21:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/12 21:26:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/11/23 21:26:13 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2E0A3B1D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4B4A0E23
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F9C6DE8B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C25C9263
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BFBB0142
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:83ACAC73
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:797D7632
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:81429090
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
< End of report >


Extras.txt

OTL logfile created on: 2/26/2010 10:47:48 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Sheena\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 35.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 47.63 Gb Free Space | 33.87% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.41 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SILENTCLOUD
Current User Name: Sheena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/26 10:45:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Sheena\Downloads\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:47:39 | 000,159,280 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/06/20 16:37:44 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/20 16:37:34 | 001,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/25 20:27:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 19:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 18:27:50 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/10/18 14:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/18 14:27:50 | 000,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/10/03 14:15:40 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/26 06:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/09/06 08:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2007/07/10 05:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/05/16 09:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/03/20 17:23:40 | 001,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/02/13 13:38:36 | 000,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/30 21:59:14 | 000,505,520 | ---- | M] (Symantec Corporation) -- C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
PRC - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 10:45:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Sheena\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/10/18 14:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/10 05:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/17 09:31:12 | 000,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 11:36:58 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}:0.6.8

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 18:58:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/29 14:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/29 14:33:27 | 000,000,000 | ---D | M]

[2010/01/29 14:48:52 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Extensions
[2010/02/25 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions
[2010/02/23 11:33:13 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010/02/12 18:11:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/05 19:57:32 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\[email protected]
[2010/02/23 11:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions
[2010/01/29 14:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {599E271D-79FA-2D84-6D1D-14D30A573A63} - C:\Windows\System32\nnci.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Google Update] C:\Users\Sheena\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sys63B1.exe] C:\Windows\Sys63B1.exe File not found
O4 - HKCU..\Run: [Sys63C1.exe] C:\Windows\Sys63C1.exe File not found
O4 - HKCU..\Run: [Sys81BC.exe] C:\Windows\Sys81BC.exe File not found
O4 - HKCU..\Run: [Sys90D9.exe] C:\Windows\Sys90D9.exe File not found
O4 - HKCU..\Run: [Sys90DA.exe] C:\Windows\Sys90DA.exe File not found
O4 - HKCU..\Run: [Sys9C3E.exe] C:\Windows\Sys9C3E.exe File not found
O4 - HKCU..\Run: [Sys9C4E.exe] C:\Windows\Sys9C4E.exe File not found
O4 - HKCU..\Run: [Sys9C6D.exe] C:\Windows\Sys9C6D.exe File not found
O4 - HKCU..\Run: [Sys9C6E.exe] C:\Windows\Sys9C6E.exe File not found
O4 - HKCU..\Run: [SysA266.exe] C:\Windows\SysA266.exe File not found
O4 - HKCU..\Run: [SysA801.exe] C:\Windows\SysA801.exe File not found
O4 - HKCU..\Run: [SysE10B.exe] C:\Windows\SysE10B.exe File not found
O4 - HKCU..\Run: [SysE10C.exe] C:\Windows\SysE10C.exe File not found
O4 - HKCU..\Run: [SysF1DC.exe] C:\Windows\SysF1DC.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 06:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{10fe5a26-9b4c-11dc-b2b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{10fe5a26-9b4c-11dc-b2b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{71a572fd-198e-11de-bd21-001b24b6c0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{71a572fd-198e-11de-bd21-001b24b6c0c0}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/31 02:31:46 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/25 15:10:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/25 15:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/24 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\Sheena\AppData\Roaming\Malwarebytes
[2010/02/24 21:17:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/24 21:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/24 21:17:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/24 21:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 18:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/02/22 18:47:16 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/02/22 17:43:11 | 000,000,000 | ---D | C] -- C:\Users\Sheena\AppData\Local\BuildAGadget Content
[2010/02/22 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\Sheena\Desktop\New Folder (3)
[2010/02/22 00:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cybertek Games
[2010/02/14 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Sheena\Desktop\New Folder (2)
[1 C:\Users\Sheena\AppData\Roaming\*.tmp files -> C:\Users\Sheena\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/26 10:47:00 | 003,407,872 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat
[2010/02/26 10:30:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/02/26 10:29:25 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000UA.job
[2010/02/26 10:29:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 10:29:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 10:29:18 | 000,042,238 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/26 10:29:18 | 000,042,238 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/26 10:28:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/26 02:27:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/02/26 00:19:09 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/26 00:18:59 | 000,124,288 | ---- | M] () -- C:\Users\Sheena\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 00:16:06 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/26 00:16:06 | 000,606,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/26 00:16:06 | 000,105,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 00:08:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/26 00:08:10 | 000,431,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/26 00:07:04 | 1005,449,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 20:46:38 | 285,243,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/25 20:19:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/02/25 15:09:15 | 000,000,733 | ---- | M] () -- C:\Users\Sheena\Desktop\NTREGOPT.lnk
[2010/02/25 15:09:15 | 000,000,714 | ---- | M] () -- C:\Users\Sheena\Desktop\ERUNT.lnk
[2010/02/25 15:09:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000Core.job
[2010/02/25 15:03:51 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/02/25 09:19:44 | 000,524,288 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat{4f241719-4fe6-11dd-9e93-001a73b48109}.TMContainer00000000000000000001.regtrans-ms
[2010/02/25 09:19:44 | 000,065,536 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat{4f241719-4fe6-11dd-9e93-001a73b48109}.TM.blf
[2010/02/25 09:18:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/24 21:33:22 | 003,001,507 | -H-- | M] () -- C:\Users\Sheena\AppData\Local\IconCache.db
[2010/02/24 16:27:55 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2010/02/22 21:44:48 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSheena.job
[2010/02/22 19:11:59 | 000,023,113 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/02/22 18:51:27 | 000,077,377 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/02/22 18:49:00 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/22 00:56:26 | 000,002,337 | ---- | M] () -- C:\Users\Sheena\Desktop\Diner Dash 5 - Boom Collectors Edition.lnk
[2010/02/20 18:31:33 | 000,017,661 | ---- | M] () -- C:\Users\Sheena\Documents\Updated Resume.docx
[2010/02/20 10:47:33 | 000,059,904 | ---- | M] () -- C:\Users\Sheena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Sheena\AppData\Roaming\*.tmp files -> C:\Users\Sheena\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/25 20:20:08 | 000,293,376 | ---- | C] () -- C:\Users\Sheena\Desktop\gmer.exe
[2010/02/25 15:09:15 | 000,000,733 | ---- | C] () -- C:\Users\Sheena\Desktop\NTREGOPT.lnk
[2010/02/25 15:09:15 | 000,000,714 | ---- | C] () -- C:\Users\Sheena\Desktop\ERUNT.lnk
[2010/02/24 16:27:55 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2010/02/23 14:44:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/02/23 14:44:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/02/23 14:44:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/02/23 14:44:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/02/22 18:56:14 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/22 18:49:00 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/22 18:47:01 | 000,077,377 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/22 00:56:26 | 000,002,337 | ---- | C] () -- C:\Users\Sheena\Desktop\Diner Dash 5 - Boom Collectors Edition.lnk
[2009/10/14 16:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/25 12:14:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/15 19:14:45 | 000,042,238 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/15 19:14:45 | 000,042,238 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/23 21:26:12 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/12 17:12:59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/10/11 23:25:49 | 000,000,552 | ---- | C] () -- C:\Users\Sheena\AppData\Local\d3d8caps.dat
[2008/06/30 19:56:15 | 000,180,224 | ---- | C] () -- C:\Windows\System32\nnci.dll
[2008/03/28 17:52:15 | 000,001,356 | ---- | C] () -- C:\Users\Sheena\AppData\Local\d3d9caps.dat
[2007/12/05 20:28:14 | 000,059,904 | ---- | C] () -- C:\Users\Sheena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 13:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/11/24 17:07:35 | 000,027,934 | ---- | C] () -- C:\Users\Sheena\AppData\Roaming\nvModes.dat
[2007/11/24 17:07:35 | 000,027,934 | ---- | C] () -- C:\Users\Sheena\AppData\Roaming\nvModes.001
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\QSwitch.txt
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\DSwitch.txt
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\AtStart.txt
[2007/08/04 05:53:27 | 000,003,037 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2008/09/20 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\acccore
[2010/02/24 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Azureus
[2009/11/30 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Big Fish Games
[2009/11/17 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\blg
[2010/01/12 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\calibre
[2009/03/25 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\DAEMON Tools Pro
[2008/11/22 11:55:43 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\DJ ToneXpress
[2009/10/27 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Enki Games
[2009/07/01 11:07:01 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Enlightenus
[2009/10/08 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\ERS G-Studio
[2009/10/27 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Flood Light Games
[2008/07/24 21:07:17 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\ForgottenRiddles2
[2010/02/16 01:46:40 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Friday's games
[2009/11/04 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Game
[2008/06/08 18:13:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Games
[2008/11/29 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\GARMIN
[2008/08/23 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2008/01/03 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Grisoft
[2009/11/04 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Meridian93
[2007/11/24 21:20:14 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\MSNInstaller
[2010/02/22 00:56:50 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\PlayFirst
[2008/08/23 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Righteous Kill
[2007/12/01 23:43:32 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SecondLife
[2009/11/11 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SpinTop Games
[2009/08/03 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SprillRichiEng
[2009/06/05 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SystemRequirementsLab
[2008/09/20 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Valusoft
[2009/11/24 22:53:13 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\WildTangent
[2009/02/08 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Windows Sidebar Styler
[2010/02/26 02:27:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/02/25 20:19:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/02/25 15:03:51 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/02/26 10:30:05 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/02/25 09:19:07 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/04 06:18:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/08/04 06:18:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/08/04 06:18:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/12 21:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/12 21:26:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/12 21:26:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/11/23 21:26:13 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2E0A3B1D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4B4A0E23
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F9C6DE8B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C25C9263
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BFBB0142
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:83ACAC73
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:797D7632
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:81429090
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 26 February 2010 - 12:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if this helps :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKCU..\Run: [Sys63B1.exe] C:\Windows\Sys63B1.exe File not found
O4 - HKCU..\Run: [Sys63C1.exe] C:\Windows\Sys63C1.exe File not found
O4 - HKCU..\Run: [Sys81BC.exe] C:\Windows\Sys81BC.exe File not found
O4 - HKCU..\Run: [Sys90D9.exe] C:\Windows\Sys90D9.exe File not found
O4 - HKCU..\Run: [Sys90DA.exe] C:\Windows\Sys90DA.exe File not found
O4 - HKCU..\Run: [Sys9C3E.exe] C:\Windows\Sys9C3E.exe File not found
O4 - HKCU..\Run: [Sys9C4E.exe] C:\Windows\Sys9C4E.exe File not found
O4 - HKCU..\Run: [Sys9C6D.exe] C:\Windows\Sys9C6D.exe File not found
O4 - HKCU..\Run: [Sys9C6E.exe] C:\Windows\Sys9C6E.exe File not found
O4 - HKCU..\Run: [SysA266.exe] C:\Windows\SysA266.exe File not found
O4 - HKCU..\Run: [SysA801.exe] C:\Windows\SysA801.exe File not found
O4 - HKCU..\Run: [SysE10B.exe] C:\Windows\SysE10B.exe File not found
O4 - HKCU..\Run: [SysE10C.exe] C:\Windows\SysE10C.exe File not found
O4 - HKCU..\Run: [SysF1DC.exe] C:\Windows\SysF1DC.exe File not found
[2010/02/23 14:44:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/02/23 14:44:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/02/23 14:44:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/02/23 14:44:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
SilentCloud9
Posted 26 February 2010 - 04:25 PM

SilentCloud9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your quick reply, Essexboy. The results of the OTL Quick Scan are below.


OTL logfile created on: 2/26/2010 5:12:55 PM - Run 2
OTL by OldTimer - Version 3.1.30.2 Folder = c:\Users\Sheena\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 47.14 Gb Free Space | 33.52% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.51 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SILENTCLOUD
Current User Name: Sheena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/26 10:45:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- c:\Users\Sheena\Downloads\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/03 04:45:05 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/06/20 16:37:44 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/20 16:37:34 | 001,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/25 20:27:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 19:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:15 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 18:27:50 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/10/18 14:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/18 14:27:50 | 000,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/10/03 14:15:40 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/26 06:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/09/06 08:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2007/07/10 05:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/05/16 09:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/03/20 17:23:40 | 001,773,568 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/02/13 13:38:36 | 000,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/30 21:59:14 | 000,505,520 | ---- | M] (Symantec Corporation) -- C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
PRC - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 10:45:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- c:\Users\Sheena\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 06:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 07:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 18:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 18:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/10/18 14:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/10 05:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/17 09:31:12 | 000,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 11:36:58 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}:0.6.8

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 18:58:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/29 14:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/29 14:33:27 | 000,000,000 | ---D | M]

[2010/01/29 14:48:52 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Extensions
[2010/02/26 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions
[2010/02/23 11:33:13 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010/02/12 18:11:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/05 19:57:32 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\[email protected]
[2010/02/23 11:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions
[2010/01/29 14:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {599E271D-79FA-2D84-6D1D-14D30A573A63} - C:\Windows\System32\nnci.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Google Update] C:\Users\Sheena\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sheena\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 06:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{10fe5a26-9b4c-11dc-b2b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{10fe5a26-9b4c-11dc-b2b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{71a572fd-198e-11de-bd21-001b24b6c0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{71a572fd-198e-11de-bd21-001b24b6c0c0}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/26 16:44:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/25 15:10:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/25 15:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/24 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\Sheena\AppData\Roaming\Malwarebytes
[2010/02/24 21:17:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/24 21:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/24 21:17:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/24 21:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 18:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/02/22 18:47:16 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/02/22 17:43:11 | 000,000,000 | ---D | C] -- C:\Users\Sheena\AppData\Local\BuildAGadget Content
[2010/02/22 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\Sheena\Desktop\New Folder (3)
[2010/02/22 00:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cybertek Games
[2010/02/14 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Sheena\Desktop\New Folder (2)
[1 C:\Users\Sheena\AppData\Roaming\*.tmp files -> C:\Users\Sheena\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/26 17:12:53 | 003,407,872 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat
[2010/02/26 17:11:06 | 000,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/26 17:11:06 | 000,606,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/26 17:11:06 | 000,105,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 17:09:30 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/26 17:09:13 | 000,042,238 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/26 17:09:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000UA.job
[2010/02/26 17:04:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 17:04:08 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 17:04:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/26 17:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/26 17:03:52 | 1005,420,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 17:02:25 | 000,524,288 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat{4f241719-4fe6-11dd-9e93-001a73b48109}.TMContainer00000000000000000001.regtrans-ms
[2010/02/26 17:02:25 | 000,065,536 | -HS- | M] () -- C:\Users\Sheena\ntuser.dat{4f241719-4fe6-11dd-9e93-001a73b48109}.TM.blf
[2010/02/26 17:02:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/26 10:29:18 | 000,042,238 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/26 00:18:59 | 000,124,288 | ---- | M] () -- C:\Users\Sheena\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 00:08:10 | 000,431,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/25 20:46:38 | 285,243,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/25 15:09:15 | 000,000,733 | ---- | M] () -- C:\Users\Sheena\Desktop\NTREGOPT.lnk
[2010/02/25 15:09:15 | 000,000,714 | ---- | M] () -- C:\Users\Sheena\Desktop\ERUNT.lnk
[2010/02/25 15:09:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000Core.job
[2010/02/24 21:33:22 | 003,001,507 | -H-- | M] () -- C:\Users\Sheena\AppData\Local\IconCache.db
[2010/02/24 16:27:55 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2010/02/22 21:44:48 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSheena.job
[2010/02/22 19:11:59 | 000,023,113 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/02/22 18:51:27 | 000,077,377 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/02/22 18:49:00 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/22 00:56:26 | 000,002,337 | ---- | M] () -- C:\Users\Sheena\Desktop\Diner Dash 5 - Boom Collectors Edition.lnk
[2010/02/20 18:31:33 | 000,017,661 | ---- | M] () -- C:\Users\Sheena\Documents\Updated Resume.docx
[2010/02/20 10:47:33 | 000,059,904 | ---- | M] () -- C:\Users\Sheena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Sheena\AppData\Roaming\*.tmp files -> C:\Users\Sheena\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/25 20:20:08 | 000,293,376 | ---- | C] () -- C:\Users\Sheena\Desktop\gmer.exe
[2010/02/25 15:09:15 | 000,000,733 | ---- | C] () -- C:\Users\Sheena\Desktop\NTREGOPT.lnk
[2010/02/25 15:09:15 | 000,000,714 | ---- | C] () -- C:\Users\Sheena\Desktop\ERUNT.lnk
[2010/02/24 16:27:55 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2010/02/22 18:56:14 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/22 18:49:00 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/02/22 18:47:01 | 000,077,377 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/22 00:56:26 | 000,002,337 | ---- | C] () -- C:\Users\Sheena\Desktop\Diner Dash 5 - Boom Collectors Edition.lnk
[2009/10/14 16:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/25 12:14:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/15 19:14:45 | 000,042,238 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/15 19:14:45 | 000,042,238 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/23 21:26:12 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/12 17:12:59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/10/11 23:25:49 | 000,000,552 | ---- | C] () -- C:\Users\Sheena\AppData\Local\d3d8caps.dat
[2008/06/30 19:56:15 | 000,180,224 | ---- | C] () -- C:\Windows\System32\nnci.dll
[2008/03/28 17:52:15 | 000,001,356 | ---- | C] () -- C:\Users\Sheena\AppData\Local\d3d9caps.dat
[2007/12/05 20:28:14 | 000,059,904 | ---- | C] () -- C:\Users\Sheena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 13:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/11/24 17:07:35 | 000,027,934 | ---- | C] () -- C:\Users\Sheena\AppData\Roaming\nvModes.dat
[2007/11/24 17:07:35 | 000,027,934 | ---- | C] () -- C:\Users\Sheena\AppData\Roaming\nvModes.001
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\QSwitch.txt
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\DSwitch.txt
[2007/11/24 16:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Sheena\AppData\Local\AtStart.txt
[2007/08/04 05:53:27 | 000,003,037 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2008/09/20 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\acccore
[2010/02/26 16:41:55 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Azureus
[2009/11/30 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Big Fish Games
[2009/11/17 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\blg
[2010/01/12 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\calibre
[2009/03/25 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\DAEMON Tools Pro
[2008/11/22 11:55:43 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\DJ ToneXpress
[2009/10/27 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Enki Games
[2009/07/01 11:07:01 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Enlightenus
[2009/10/08 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\ERS G-Studio
[2009/10/27 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Flood Light Games
[2008/07/24 21:07:17 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\ForgottenRiddles2
[2010/02/16 01:46:40 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Friday's games
[2009/11/04 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Game
[2008/06/08 18:13:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Games
[2008/11/29 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\GARMIN
[2008/08/23 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2008/01/03 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Grisoft
[2009/11/04 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Meridian93
[2007/11/24 21:20:14 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\MSNInstaller
[2010/02/22 00:56:50 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\PlayFirst
[2008/08/23 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Righteous Kill
[2007/12/01 23:43:32 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SecondLife
[2009/11/11 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SpinTop Games
[2009/08/03 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SprillRichiEng
[2009/06/05 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\SystemRequirementsLab
[2008/09/20 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Valusoft
[2009/11/24 22:53:13 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\WildTangent
[2009/02/08 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\Sheena\AppData\Roaming\Windows Sidebar Styler
[2010/02/26 17:02:10 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2E0A3B1D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4B4A0E23
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F9C6DE8B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C25C9263
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BFBB0142
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:83ACAC73
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:797D7632
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:81429090
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
< End of report >
  • 0

#4
Essexboy
Posted 26 February 2010 - 04:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the alerts ?

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#5
SilentCloud9
Posted 26 February 2010 - 07:31 PM

SilentCloud9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I haven't seen the Avast notification since running the fix. However, I have been trying to run the OTL scan unsuccessfully since your last reply. My computer continues to unexpectedly shutdown during the scan. Should I keep trying to run the OTL scan?
  • 0

#6
Essexboy
Posted 27 February 2010 - 06:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you mean the GMER scan ?

That does happen with some systems - lets try a different programme

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

  • 0

#7
SilentCloud9
Posted 27 February 2010 - 10:31 PM

SilentCloud9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes, I did mean to say GMER scan. Also, I received four Avast notifications today stating that my computer is now infected with Win32 Malware Gen. The SysProtLog is copied below.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 440
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 560
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 656
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 664
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 820
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 904
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 944
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1096
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1112
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1184
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1208
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 1324
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1480
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1652
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wlanext.exe
PID: 1660
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 212
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 328
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 1340
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 1528
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 2176
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2300
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2336
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2360
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2388
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2412
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2560
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PID: 2584
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2764
Hidden: No
Window Visible: No

Name: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 2792
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2812
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2848
Hidden: No
Window Visible: No

Name: C:\Windows\System32\drivers\XAudio.exe
PID: 2928
Hidden: No
Window Visible: No

Name: C:\Program Files\Xobni\XobniService.exe
PID: 2948
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 3096
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PID: 3116
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 2700
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3716
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 3260
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PID: 3756
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 3496
Hidden: No
Window Visible: No

Name: C:\Windows\WindowsMobile\wmdc.exe
PID: 3740
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 3748
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PID: 3288
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\QuickPlay\QPService.exe
PID: 3768
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 3660
Hidden: No
Window Visible: No

Name: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PID: 3400
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 356
Hidden: No
Window Visible: No

Name: C:\Program Files\QuickTime\QTTask.exe
PID: 1512
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3196
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PID: 2672
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PID: 2968
Hidden: No
Window Visible: Yes

Name: C:\Windows\ehome\ehtray.exe
PID: 4000
Hidden: No
Window Visible: No

Name: C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PID: 4044
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3892
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 3924
Hidden: No
Window Visible: Yes

Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 4004
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\mobsync.exe
PID: 1256
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PID: 3656
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 2600
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PID: 3896
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3492
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 4180
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 4252
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 4448
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PID: 4500
Hidden: No
Window Visible: No

Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PID: 4520
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 4540
Hidden: No
Window Visible: Yes

Name: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PID: 4700
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
PID: 5064
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 5392
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 2784
Hidden: No
Window Visible: No

Name: C:\Users\Sheena\Desktop\SysProt\SysProt.exe
PID: 5596
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 5648
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 4392
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Sheena\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9DB97000
Module End: 9DBA2000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81E0B000
Module End: 821C4000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 821C4000
Module End: 821F7000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80609000
Module End: 80610000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80610000
Module End: 80621000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80621000
Module End: 80629000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80629000
Module End: 8066A000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8066A000
Module End: 8074A000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8074A000
Module End: 807C6000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 807C6000
Module End: 807D3000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\spbb.sys
Service Name: ---
Module Base: 85E04000
Module End: 85F04000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: 85F04000
Module End: 85F0D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: 85F0D000
Module End: 85F33000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 85F33000
Module End: 85F79000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 85F79000
Module End: 85F81000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 85F81000
Module End: 85FA8000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 85FA8000
Module End: 85FB7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 85FB7000
Module End: 85FBA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 85FBA000
Module End: 85FC4000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 85FC4000
Module End: 85FD3000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 86003000
Module End: 8604D000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 8604D000
Module End: 86054000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 86054000
Module End: 86062000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 86062000
Module End: 86072000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 86072000
Module End: 8607A000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8607A000
Module End: 86098000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 86098000
Module End: 860CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 860CA000
Module End: 860DA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 860DA000
Module End: 860E3000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 860E3000
Module End: 86154000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8620D000
Module End: 86318000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 86343000
Module End: 8637E000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 86400000
Module End: 864EA000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 864EA000
Module End: 86505000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8660F000
Module End: 8671F000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8671F000
Module End: 86758000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 86758000
Module End: 86760000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 86760000
Module End: 8676F000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8676F000
Module End: 86796000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 86796000
Module End: 867A7000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 867A7000
Module End: 867C8000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 867C8000
Module End: 867D1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 867F1000
Module End: 867FC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 86600000
Module End: 86609000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 86505000
Module End: 86515000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 86609000
Module End: 8660D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys
Service Name: HBtnKey
Module Base: 867FC000
Module End: 867FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 86515000
Module End: 86525000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 86525000
Module End: 8652C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8652C000
Module End: 86535000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvsmu.sys
Service Name: nvsmu
Module Base: 86535000
Module End: 86538000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 86538000
Module End: 86542000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 86542000
Module End: 86580000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 86580000
Module End: 8658F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 86154000
Module End: 861E1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8658F000
Module End: 8659F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8659F000
Module End: 865AD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 865AD000
Module End: 865C7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 865C7000
Module End: 865D6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 865D6000
Module End: 865EA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 8637E000
Module End: 863CF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8AC05000
Module End: 8AD05000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XV
Module Base: 8B00D000
Module End: 8B155000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8B402000
Module End: 8BB44000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8BB44000
Module End: 8BBE5000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8BBE5000
Module End: 8BBF1000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\a1015jbb.SYS
Service Name: ---
Module Base: 8B155000
Module End: 8B1BD000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8B1BD000
Module End: 8B1D0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8BBF1000
Module End: 8BBFC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 8B1D0000
Module End: 8B200000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8BBFC000
Module End: 8BBFE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8B000000
Module End: 8B00B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serscan.sys
Service Name: StillCam
Module Base: 8AD05000
Module End: 8AD0D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8AD0D000
Module End: 8AD3C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8AD3C000
Module End: 8AD7D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8AD7D000
Module End: 8AD88000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8AD88000
Module End: 8AD9F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8AD9F000
Module End: 8ADAA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8ADAA000
Module End: 8ADCD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8ADCD000
Module End: 8ADDC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8ADDC000
Module End: 8ADF0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 865EA000
Module End: 865FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8ADF0000
Module End: 8AE00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8BBFE000
Module End: 8BC00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 863CF000
Module End: 863F9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 86200000
Module End: 8620A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 861E1000
Module End: 861EE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 861EE000
Module End: 861F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8C00A000
Module End: 8C03F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8C03F000
Module End: 8C050000
Hidden: No

Module Name: C:\Windows\system32\drivers\CHDRT32.sys
Service Name: CnxtHdAudService
Module Base: 8C050000
Module End: 8C083000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8C083000
Module End: 8C0B0000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8C0B0000
Module End: 8C0D5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8C0D5000
Module End: 8C113000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8C805000
Module End: 8C908000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8C908000
Module End: 8C9BD000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8C9BD000
Module End: 8C9CA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8C9CA000
Module End: 8C9E2000
Hidden: No

Module Name: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 8C9E2000
Module End: 8C9E8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8C9F8000
Module End: 8C9FF000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8C113000
Module End: 8C11F000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8C11F000
Module End: 8C140000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8C140000
Module End: 8C148000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8C148000
Module End: 8C150000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8C15B000
Module End: 8C169000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8C169000
Module End: 8C172000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8C172000
Module End: 8C188000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8C188000
Module End: 8C19C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: 8C19C000
Module End: 8C1A6000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8C1A6000
Module End: 8C1EE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: 8C800000
Module End: 8C804000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8CC06000
Module End: 8CC38000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8CC38000
Module End: 8CC4E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8CC4E000
Module End: 8CC5C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\eabfiltr.sys
Service Name: eabfiltr
Module Base: 8CC5C000
Module End: 8CC5E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8CC5E000
Module End: 8CC71000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8CC71000
Module End: 8CCAD000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8CCAD000
Module End: 8CCB7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8CCB7000
Module End: 8CCCE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: 8CCCE000
Module End: 8CCEF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8CCEF000
Module End: 8CCFC000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8CCFC000
Module End: 8CD07000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8CD07000
Module End: 8CD0F000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8CD0F000
Module End: 8CD19000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8CD19000
Module End: 8CD28000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8CD28000
Module End: 8CD43000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\aswMonFlt.sys
Service Name: aswMonFlt
Module Base: 8CD43000
Module End: 8CD5A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: 8CD5A000
Module End: 8CD62000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9A806000
Module End: 9A8B6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9A8B6000
Module End: 9A8C6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9A8C6000
Module End: 9A8F0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9A8F0000
Module End: 9A8FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9A8FA000
Module End: 9A90D000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9A90D000
Module End: 9A97A000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9A97A000
Module End: 9A997000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9A997000
Module End: 9A9B0000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9A9B0000
Module End: 9A9C5000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9A9C5000
Module End: 9A9E6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 8CD6A000
Module End: 8CD89000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8CD89000
Module End: 8CDC2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9A9E6000
Module End: 9A9FE000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 8CDC2000
Module End: 8CDE9000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9DA08000
Module End: 9DA56000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: 9DA6E000
Module End: 9DA72000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9DA72000
Module End: 9DB50000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9DB50000
Module End: 9DB5A000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9DB5A000
Module End: 9DB66000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: 9DB66000
Module End: 9DB6E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 9DB6E000
Module End: 9DB84000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8C9F1000
Module End: 8C9F8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8C150000
Module End: 8C15B000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 842A21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 842A21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 842A21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 842A21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 842A21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 842A21F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 85E05000
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 851FC1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 851FC1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 851FC1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 851FC1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 851FC1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 851FC1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a1015jbb.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 852B61F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a1015jbb.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 852B61F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a1015jbb.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 852B61F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a1015jbb.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 852B61F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a1015jbb.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 852B61F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a1015jbb.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 852B61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8C2D61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8C2D61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8C2D61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8C2D61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8C2D61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8C2D8500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8C2D8500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8C2D8500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8C2D8500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8C2D8500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8C3B01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85302500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85302500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85302500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85302500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85302500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85302500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_READ
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 834E01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 851FE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 851FE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 851FE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 851FE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 851FE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 851FE1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_CREATE
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_READ
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_WRITE
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SET_EA
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_POWER
Jump To: 85E0CE1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85E21514
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

Hooked Module: \Driver\PCI_PNP9494
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 85E48B1C
Hooking Module: \SystemRoot\System32\Drivers\spbb.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: SILENTCLOUD:53513
Remote Address: CHANNEL26.01.05.SF2P.FACEBOOK.COM:HTTP
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:53511
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: C:\Program Files\Windows Defender\MSASCui.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:53262
Remote Address: A96-17-160-105.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: SILENTCLOUD:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SILENTCLOUD:53512
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:53507
Remote Address: LOCALHOST:12080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SILENTCLOUD:49300
Remote Address: LOCALHOST:49299
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:49299
Remote Address: LOCALHOST:49300
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:49298
Remote Address: LOCALHOST:49297
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:49297
Remote Address: LOCALHOST:49298
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:49292
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:27015
Remote Address: LOCALHOST:49292
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: SILENTCLOUD:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: SILENTCLOUD:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: SILENTCLOUD:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: SILENTCLOUD:12080
Remote Address: LOCALHOST:53512
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: SILENTCLOUD:12080
Remote Address: LOCALHOST:53509
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: SILENTCLOUD:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: SILENTCLOUD:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: SILENTCLOUD:7438
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SILENTCLOUD:DCCM
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SILENTCLOUD:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: SILENTCLOUD:49159
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: SILENTCLOUD:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\spoolsv.exe
State: LISTENING

Local Address: SILENTCLOUD:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SILENTCLOUD:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: SILENTCLOUD:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SILENTCLOUD:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: SILENTCLOUD:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SILENTCLOUD:FTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SILENTCLOUD:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SILENTCLOUD:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: SILENTCLOUD:51964
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SILENTCLOUD:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: SILENTCLOUD:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: SILENTCLOUD:63727
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:58835
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Sidebar\sidebar.exe
State: NA

Local Address: SILENTCLOUD:51965
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:65201
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SILENTCLOUD:60508
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:51304
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: SILENTCLOUD:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: SILENTCLOUD:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\Desktop.ini
Status: Access denied

Object: D:\System Volume Information\Folder.htt
Status: Access denied

Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\Protect.ed
Status: Access denied

Object: D:\System Volume Information\SPP
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\{25888cfd-200f-11df-99a8-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{3fcfc664-2025-11df-a39f-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{3fcfc68e-2025-11df-a39f-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{7be3ff7b-21b6-11df-b2dc-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{ae4d9802-2262-11df-a269-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{baeae3e4-2294-11df-b4e0-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: D:\System Volume Information\{bb732078-2278-11df-babc-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\Windows Backup
Status: Access denied

Object: C:\System Volume Information\{25888cfc-200f-11df-99a8-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3fcfc663-2025-11df-a39f-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3fcfc68d-2025-11df-a39f-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4d169e84-19ec-11df-b235-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4d169e8f-19ec-11df-b235-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4d169e9e-19ec-11df-b235-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4d169eaa-19ec-11df-b235-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4d169ec4-19ec-11df-b235-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4d169ed0-19ec-11df-b235-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{7be3ff7a-21b6-11df-b2dc-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{ae4d9801-2262-11df-a269-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{baeae3e3-2294-11df-b4e0-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{bb732077-2278-11df-babc-001b24b6c0c0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
  • 0

#8
Essexboy
Posted 28 February 2010 - 06:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like I will need to use the big boy on this - as there is a suspicious hook showing

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
SilentCloud9
Posted 28 February 2010 - 02:31 PM

SilentCloud9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
The ComboFix log is copied below.

ComboFix 10-02-27.04 - Sheena 02/28/2010 15:00:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.364 [GMT -5:00]
Running from: c:\users\Sheena\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3102239989-1682233996-76167453-500
c:\$recycle.bin\S-1-5-21-918964562-2721430048-1333971363-500
c:\windows\system32\oem43.inf
c:\windows\system32\oem49.inf
c:\windows\system32\oem50.inf
c:\windows\system32\oem57.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 20:18 . 2010-02-28 20:18 -------- d-----w- c:\users\Sheena\AppData\Local\temp
2010-02-28 20:18 . 2010-02-28 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 21:44 . 2010-02-26 21:44 -------- d-----w- C:\_OTL
2010-02-26 02:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-26 02:10 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-26 02:10 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-26 02:10 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-26 02:10 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-26 02:10 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-26 02:10 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-26 02:10 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-26 02:10 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-26 02:10 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-26 02:09 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-26 02:09 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-26 02:06 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-26 02:06 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-26 02:06 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-25 20:09 . 2010-02-25 20:09 -------- d-----w- c:\program files\ERUNT
2010-02-25 02:17 . 2010-02-25 02:17 -------- d-----w- c:\users\Sheena\AppData\Roaming\Malwarebytes
2010-02-25 02:17 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 02:17 . 2010-02-25 02:17 -------- d-----w- c:\programdata\Malwarebytes
2010-02-25 02:17 . 2010-02-25 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 02:17 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 00:33 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-23 00:32 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-23 00:32 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-23 00:32 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-23 00:32 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-23 00:32 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-23 00:32 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-23 00:32 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-23 00:32 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-23 00:29 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 00:29 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-22 23:56 . 2010-02-23 00:11 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-22 23:50 . 2010-02-22 23:50 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-22 23:47 . 2010-02-22 23:51 77377 ----a-w- c:\windows\hpqins05.dat
2010-02-22 22:43 . 2010-02-22 22:43 -------- d-----w- c:\users\Sheena\AppData\Local\BuildAGadget Content
2010-02-22 05:55 . 2010-02-22 05:55 -------- d-----w- c:\program files\Cybertek Games
2010-02-11 21:39 . 2010-02-11 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2010-02-10 02:32 . 2010-02-16 06:45 -------- d-----w- c:\programdata\AlawarWrapper
2010-02-10 02:29 . 2010-02-10 02:29 -------- d-----w- c:\program files\Natalie Brooks The Treasures of the Lost Kingdom
2010-02-10 02:29 . 2010-02-10 02:29 -------- d-----w- c:\windows\Natalie Brooks The Treasures of the Lost Kingdom
2010-02-07 00:11 . 2010-02-07 00:11 -------- d-----w- c:\program files\iPod
2010-02-07 00:10 . 2010-02-07 00:12 -------- d-----w- c:\program files\iTunes
2010-02-06 23:57 . 2010-02-06 23:57 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-01 13:46 . 2010-02-13 23:51 -------- d-----w- c:\program files\Maxis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 19:52 . 2007-12-17 17:32 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-28 19:39 . 2009-02-16 00:14 42238 ----a-w- c:\programdata\nvModes.dat
2010-02-26 21:41 . 2007-11-25 21:51 -------- d-----w- c:\users\Sheena\AppData\Roaming\Azureus
2010-02-26 05:18 . 2007-11-24 21:05 124288 ----a-w- c:\users\Sheena\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 21:20 . 2008-01-21 22:11 -------- d-----w- c:\program files\EA GAMES
2010-02-24 14:16 . 2009-10-04 00:41 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 00:12 . 2007-08-04 10:53 -------- d-----w- c:\programdata\HP
2010-02-22 05:56 . 2008-05-22 12:49 -------- d-----w- c:\programdata\PlayFirst
2010-02-22 05:56 . 2007-11-26 04:55 -------- d-----w- c:\users\Sheena\AppData\Roaming\PlayFirst
2010-02-16 06:46 . 2009-12-08 06:36 -------- d-----w- c:\users\Sheena\AppData\Roaming\Friday's games
2010-02-13 23:46 . 2009-01-15 13:57 -------- d-----w- c:\program files\Games
2010-02-07 00:11 . 2008-02-17 20:05 -------- d-----w- c:\program files\Common Files\Apple
2010-01-21 18:27 . 2010-01-21 18:27 -------- d-----w- c:\program files\Kudos 2
2010-01-20 21:16 . 2007-08-04 10:58 -------- d-----w- c:\program files\HP Games
2010-01-19 01:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-18 06:02 . 2007-08-04 10:58 -------- d-----w- c:\programdata\WildTangent
2010-01-18 05:53 . 2010-01-18 05:53 -------- d-----w- c:\programdata\PopCap Games
2010-01-18 05:50 . 2008-09-20 21:10 -------- d-----w- c:\program files\WildGames
2010-01-18 05:13 . 2010-01-18 05:13 1670136 ----a-w- c:\programdata\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe
2010-01-16 20:44 . 2007-08-04 10:35 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 04:59 . 2009-04-10 05:05 1762288 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-01-12 19:15 . 2010-01-12 19:13 -------- d-----w- c:\program files\Calibre2
2010-01-12 18:48 . 2010-01-12 18:45 -------- d-----w- c:\users\Sheena\AppData\Roaming\calibre
2010-01-06 15:38 . 2010-02-26 02:06 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-26 02:06 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-26 02:06 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-26 02:06 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-04 03:24 . 2009-02-26 02:36 -------- d-----w- c:\programdata\PlayPond
2010-01-04 02:39 . 2010-01-04 02:38 -------- d-----w- c:\program files\Penny Dreadfuls - Sweeney Todd SE
2010-01-02 06:38 . 2010-02-23 00:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-23 00:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-02-23 00:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-02-23 00:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 04:11 . 2007-11-25 21:54 182 ----a-w- c:\users\Sheena\AppData\Roaming\Azureus\restart.bat
2009-12-11 11:43 . 2010-02-23 00:34 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-23 00:34 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-23 00:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-23 00:34 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{599E271D-79FA-2D84-6D1D-14D30A573A63}]
2008-01-19 07:35 180224 ----a-w- c:\windows\System32\nnci.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Google Update"="c:\users\Sheena\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-21 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Sheena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OneNote Table Of Contents.onetoc2 [2007-12-5 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,66,04,50,dd,f5,c9,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8/21/2009 8:20 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8/21/2009 8:20 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8/21/2009 8:18 AM 53328]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/23/2008 9:26 PM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000Core.job
- c:\users\Sheena\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-21 02:04]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-918964562-2721430048-1333971363-1000UA.job
- c:\users\Sheena\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-21 02:04]

2010-02-28 c:\windows\Tasks\HPCeeScheduleForSheena.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-04 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = cdn
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sheena\AppData\Roaming\Mozilla\Firefox\Profiles\iszyc96y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Sheena\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\Sheena\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Sheena\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 15:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-918964562-2721430048-1333971363-1000\Software\SecuROM\License information*]
"datasecu"=hex:24,eb,28,c2,68,64,c9,f8,24,2d,e1,0f,36,6b,1a,93,9e,c0,82,fd,fc,
ae,21,8d,48,eb,01,50,07,a5,8b,c1,69,8e,dd,d9,1c,37,9e,3a,fc,8a,fd,b2,fc,af,\
"rkeysecu"=hex:e2,93,17,32,9d,1b,95,b8,4d,83,30,ae,53,fe,5f,83

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-28 15:25:45
ComboFix-quarantined-files.txt 2010-02-28 20:25

Pre-Run: 50,580,283,392 bytes free
Post-Run: 50,519,130,112 bytes free

- - End Of File - - 1278546DA6FEA1E38642E8C51648D2EA
  • 0

#10
Essexboy
Posted 28 February 2010 - 02:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good now - are you still getting the alerts ?
  • 0

#11
SilentCloud9
Posted 28 February 2010 - 03:39 PM

SilentCloud9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have not seen any notifications since last night. If I see any more I will let you know. Thank you for all the help, Essexboy. I really appreciate it.
  • 0

#12
Essexboy
Posted 28 February 2010 - 03:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problems - lets tidy you up a bit now :)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

VISTA
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page

NEXT

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#13
Essexboy
Posted 02 March 2010 - 07:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP