Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.Exe Application Error [Solved]

Started by Braind , Mar 21 2010 02:29 AM

  • This topic is locked This topic is locked

#1
Braind
Posted 21 March 2010 - 02:29 AM

Braind

    Member

  • Member
  • PipPipPip
  • 263 posts
Recently, my computer (with Windows XP Media Center, SP 3) started to show this error sign right after I switch on the computer, with the desk top icons and the task bar.

-----

Explorer.Exe Application Error
The instruction at "0x7342611a" referenced memory at "0x7342611a".
The memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program

-----

At this point, I can see all the desk top icons and the task bar. But, once I click on "OK", all the icons on the desk top screen and the task bar itself disappear for like 30 seconds. This comes back, except the (SpywareGuard)SG icon on the task bar does NOT reappear. My Process Manager indicates SG is actually running, but I am unable to open SpywareGuard.

On the other hand, when I click on "CANCEL", it would soon show the "DrWatson Postmortem Debugger" sign which basically asks to send the information to Microsoft because they couldn't really debug. There is also "debug" button on it. If I click on it, the cursor will freeze for more than 10-15 minutes (after that, I gave up and restarted the computer via Windows Task Manager). If I click on "don't send the report", then the same with above -- all the icons on the desk top screen and the task bar itself disappear for a while and then they reappear.

I also get a Program /server is busy error message right after the 0x7342611a error message. I am asked to choose either switch or retry. Sometimes hitting the switch button works and my PC boots up; other times it doesn't (Retry doesn't work at all) and I need to shut down my PC and reboot up again.

I think this is from a Reimage Repair I used prior to all of this happening. Are you familiar with Reimage?
I contacted their support and they have completely ignored me (have answered only one of my emails and that was to tell me to do the Undo software they have as part of the package and then do the Repair in Safe Mode). They did give me a refund, but that doesn't fix this problem!

After I did the Reimage Repair, my Webroot WISE (Webroot Internet Security Essentials)could not complete an anti- virus scan without freezing my PC. So I ran the Reimage Undo program (as per their instructions the one and only time their support answered my emails) and that caused other problems. So I did Restore for my PC, picking a date (to restore my PC to) that was the day before I ran the Reimage repair. That's when this reboot problem happened and is happening ever since then.
I sent numerous emails to Reimage about this, but they haven't answered me. Yep, I will NEVER use Reimage again.

Okay, now things are getting strange.
I used the Restore function again and chose 2/22/10 as my restore point.
Well, Restore did its job and everything worked, the (SpywareGuard)SG icon even popped up in my bottom tool bar!
Then, I rebooted again and the same error message happened again, the SG icon was gone, etc.

So, if I use Restore and never reboot (or use Restore after every reboot), my PC will be fine! Strange, very strange. Does this latest development prove that malware/spyware is NOT the problem or the opposite?

I tried the Malware and Spyware Cleaning Guide, but that didn't help. There is no virus nor malware on my PC, as far as I can tell.
I was not able to complete a OTL scan. I would receive an error message saying:
')' is not a valid integer value.
I could not find any ')' integer to delete, so the scan would not run.
ALL OTHER LOGS ARE ATTACHED.

Attached Files


Edited by Braind, 24 March 2010 - 10:59 PM.

  • 0

Advertisements

#2
Braind
Posted 29 March 2010 - 09:05 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
FYI...........

Since, on this post, "Subscriptions are pruned if there is no reply to the topic after 14 days"
I will need to move this post to the Applications area on April 3, if there are no replies to this post in the Malware area.
  • 0

#3
SweetTech
Posted 01 April 2010 - 04:05 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:
  • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days    . I will post a reminder should you seem to fail to do this, however, if you fail to reply within two days then,
    unless I have been notified of your absence in advance, the topic shall be closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#4
Braind
Posted 01 April 2010 - 10:51 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
SweetTech,

Thanks. I will run the programs you requested again and copy and paste them per your instructions.
I am still not convinced that this is a malware issue (see my Reimage comments in my first post). However, I am willing to try almost anything to fix this issue at this point.
  • 0

#5
Braind
Posted 02 April 2010 - 05:15 AM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
1.) I am still not convinced that this is a malware issue (see my Reimage comments in my first post). However, I am willing to try almost anything to fix this issue at this point.

2.) OTL Text Log

OTL – Text


OTL logfile created on: 4/2/2010 1:56:21 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 107.11 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Drive D: | 5.19 Gb Total Space | 1.17 Gb Free Space | 22.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-9K1AY6X2A2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\reimage\Reimage PC Booster\reimageBooster.exe (reimage)
PRC - C:\Program Files\reimage\Reimage PC Booster\REI_Booster.exe (Reimage.com)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\davcdata.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\ime\sptip.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\ime\spgrmr.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Security Activity Dashboard Service) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe (AG Interactive)
SRV - (GoogleDesktopManager-090209-075101) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Diskeeper Corporation)
DRV - (ssfmonm) -- C:\WINDOWS\system32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (gmer) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Pro(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (smbusp) Intel® -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (DUBE100B) -- C:\WINDOWS\system32\drivers\DUBE100B.sys (D-Link Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (EvcapMaui) -- C:\WINDOWS\system32\drivers\EvcapMau.sys (Emuzed, Inc.)
DRV - (Sunkfiltp) -- C:\WINDOWS\system32\drivers\sunkfiltp.sys (Alcor Micro Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaulturl: "http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.7
FF - prefs.js..extensions.enabledItems: {9a94d785-2979-44e9-b331-9e09d0cc7cff}:1.300.306
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {4D1E692F-D179-413b-A987-EEEAAD85DDB3}:5.51.15.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.12514
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.272
FF - prefs.js..extensions.enabledItems: {5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}:3.6
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..keyword.URL: "http://assist.infosp...t/main?domain="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/03 16:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 01:52:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 01:52:54 | 000,000,000 | ---D | M]

[2008/06/17 21:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/02 01:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions
[2009/07/26 15:21:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 05:29:11 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/03/18 02:24:29 | 000,000,000 | ---D | M] (MapQuest Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{4D1E692F-D179-413b-A987-EEEAAD85DDB3}
[2010/01/25 19:19:57 | 000,000,000 | ---D | M] (Aeon Big) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}
[2009/02/18 17:04:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/03/13 00:15:47 | 000,000,000 | ---D | M] (Ixquick Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{70F241F6-52AB-4D45-993E-C1C09920095B}(2)
[2009/07/03 22:24:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/18 16:58:30 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2010/01/25 19:21:06 | 000,000,000 | ---D | M] (Dogpile Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}
[2007/02/22 22:34:36 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2)
[2009/02/18 17:04:46 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}(2)
[2009/02/18 16:59:50 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}(2)
[2007/09/16 01:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2007/09/16 01:58:13 | 000,000,000 | ---D | M] (SphereGnome) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}(2)
[2010/01/25 19:20:35 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2008/09/06 00:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\2008-07-31
[2010/04/01 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2007/02/22 22:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\foxmarks@kei(2).com
[2009/02/18 17:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\nasanightlaunch@example(2).com
[2010/03/25 16:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/01/20 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/03/31 23:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/01/17 22:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2007/09/13 19:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}(2)\chrome(2)\mozapps\extensions
[2009/03/18 02:25:13 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\aol-search.xml
[2009/06/12 22:29:35 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\bing.xml
[2010/01/25 19:21:26 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\dogpile.xml
[2010/04/01 15:37:48 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\ixquick.xml
[2008/12/08 17:28:21 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.gif
[2008/12/08 17:28:21 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.src
[2008/12/08 17:28:20 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.xml
[2010/04/01 00:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 01:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/09/16 01:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/06/16 20:43:49 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/03/13 04:23:02 | 000,000,814 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (DeskbarBHO) - {BFBB7543-916C-449a-9DC6-C9A516A6162F} - C:\Program Files\Ixquick Deskbar\deskbar.dll (Deskbar)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MapQuest Toolbar) - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MapQuest Toolbar) - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Reimage PC Booster] C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe ()
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2009/11/17 20:29:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (rosoft Shared\Windows Live\ecur) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/15 20:31:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/21 20:39:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/02 00:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/28 02:22:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/03/19 19:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\3-19-10 Scan Logs
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/16 00:05:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/03/16 00:01:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/16 00:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/14 08:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/14 07:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/03/14 07:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/14 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/13 05:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/13 04:28:59 | 000,108,880 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/03/13 04:13:56 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/03/13 00:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/03/11 20:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/07 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/03/07 06:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/03/07 06:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/07 06:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/03/03 17:12:57 | 000,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2010/03/03 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/02 23:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/23 23:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/02/23 23:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/02/23 23:04:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/19 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/05 03:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/12/04 01:59:21 | 004,989,816 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2009/12/04 01:59:14 | 000,712,072 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\GenericSB.dll
[2009/07/01 02:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/01 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/04 00:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/18 16:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2009/02/18 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2008/09/28 02:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2008/09/18 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Trend Micro
[2008/07/27 15:53:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/11/01 13:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/09/14 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/02 01:54:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/02 01:40:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/02 01:35:38 | 000,012,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 01:35:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/02 01:34:32 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/02 01:34:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 01:34:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/04/02 01:34:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/02 01:34:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/02 01:32:57 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/02 01:32:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/02 00:50:18 | 007,001,202 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/02 00:29:34 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 00:20:45 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/01 23:00:10 | 000,001,746 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job
[2010/04/01 16:04:28 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/03/29 17:00:04 | 000,001,742 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
[2010/03/28 20:44:31 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Left just does not understand.doc
[2010/03/27 16:00:09 | 000,001,732 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
[2010/03/23 14:27:20 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Glary Utilities.lnk
[2010/03/21 20:41:35 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ObamaCare Is HC Deform.doc
[2010/03/21 18:31:10 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Did you forget what the Left Wing SEIU union thugs did to Ken Gladney.doc
[2010/03/21 03:28:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\instruction at 0x7342611a referenced memory at 0x7342611a.doc
[2010/03/19 18:50:35 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/03/19 18:50:35 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/17 01:23:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\0x7342611a Error.doc
[2010/03/16 00:01:41 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/03/14 18:19:20 | 000,000,082 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/03/14 08:44:48 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/03/14 03:59:51 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 03:53:01 | 000,466,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 03:53:01 | 000,084,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 04:23:02 | 000,000,814 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/03/13 04:07:24 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/03/13 02:04:09 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2010.lnk
[2010/03/10 20:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/10 20:09:14 | 000,343,899 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MarchPrayers.pdf
[2010/03/08 18:16:32 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/08 06:40:10 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Compress.res
[2010/03/05 19:35:46 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MATHR Member Marketing Profile - BrianDomenoski.doc
[2010/03/05 07:19:43 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Short History of Marriage.doc
[2010/03/05 04:22:17 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/03/05 04:20:50 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2010/03/05 04:20:45 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6(3).dll
[2010/03/05 04:20:45 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6(2).dll
[2010/03/05 04:20:24 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mscms(2).dll
[2010/03/05 04:19:37 | 000,691,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm(2).dll
[2010/03/05 04:09:09 | 000,000,266 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/03/05 04:06:07 | 004,657,152 | ---- | M] () -- C:\WINDOWS\debugpack.cmp
[2010/03/05 03:44:51 | 000,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet(6).dll
[2010/03/05 03:44:50 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp(8).dll
[2010/03/05 03:44:50 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp(7).dll
[2010/03/05 03:44:49 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/03/05 03:44:48 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\_000002_.tmp.dll
[2010/03/05 03:44:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdigest(5).dll
[2010/03/05 03:44:45 | 001,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon(6).dll
[2010/03/05 03:44:44 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed(2).dll
[2010/03/05 03:44:43 | 008,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32(5).dll
[2010/03/05 03:44:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs(3).dll
[2010/03/05 03:44:39 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw(3).dll
[2010/03/05 03:44:30 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32(7).dll
[2010/03/05 03:44:22 | 000,399,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss(5).dll
[2010/03/05 03:44:21 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4(5).dll
[2010/03/05 03:44:20 | 001,435,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\query(3).dll
[2010/03/05 03:44:15 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pdh(3).dll
[2010/03/05 03:44:13 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32(5).dll
[2010/03/05 03:44:12 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxclu(6).dll
[2010/03/05 03:43:52 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfime(5).ime
[2010/03/05 03:43:51 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msasn1(5).dll
[2010/03/05 03:43:30 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript(5).dll
[2010/03/05 03:43:30 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript(4).dll
[2010/03/05 03:43:30 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kerberos(5).dll
[2010/03/05 03:43:25 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\es(3).dll
[2010/03/05 03:43:22 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl(5).dll
[2010/03/03 17:12:57 | 000,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2010/03/03 16:45:32 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/03/03 16:44:45 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/03/03 16:44:45 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/03/03 16:42:55 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/03/03 16:42:54 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/03/03 16:42:54 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2010/04/02 00:29:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 00:20:45 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 20:15:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Left just does not understand.doc
[2010/03/23 14:27:20 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Glary Utilities.lnk
[2010/03/21 18:31:10 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Did you forget what the Left Wing SEIU union thugs did to Ken Gladney.doc
[2010/03/21 17:06:48 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ObamaCare Is HC Deform.doc
[2010/03/19 18:50:35 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/03/19 18:50:35 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/03/18 19:47:37 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\instruction at 0x7342611a referenced memory at 0x7342611a.doc
[2010/03/17 22:15:20 | 000,001,742 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
[2010/03/16 00:01:41 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/14 07:50:30 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/14 06:05:56 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\0x7342611a Error.doc
[2010/03/13 05:52:12 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/03/13 04:22:54 | 000,001,746 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job
[2010/03/13 04:22:53 | 000,001,732 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
[2010/03/10 20:09:14 | 000,343,899 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MarchPrayers.pdf
[2010/03/08 06:02:36 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Compress.res
[2010/03/05 19:35:46 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MATHR Member Marketing Profile - BrianDomenoski.doc
[2010/03/05 07:18:45 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Short History of Marriage.doc
[2010/03/04 14:10:08 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/03 16:46:02 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/03/03 16:46:01 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/17 09:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\uoadyk.sys
[2009/05/29 17:44:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/05/29 17:44:52 | 000,819,200 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/04/19 19:08:32 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/04/19 19:08:31 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/04/19 19:06:57 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/04/19 19:06:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/04/19 19:06:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/03/26 00:02:46 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/15 01:52:15 | 000,000,266 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/03/14 02:00:00 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/03/14 01:59:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2008/09/28 02:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/09/14 00:36:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/01/25 20:44:32 | 000,010,088 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/19 19:29:59 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sbewin32.INI
[2007/09/08 04:21:47 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2007/09/08 03:44:30 | 000,269,824 | ---- | C] () -- C:\WINDOWS\System32\baksm.dll
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/06 20:57:20 | 000,002,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HPCOM_48BitScanUpdate.log
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/03 08:59:04 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/10 03:40:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/30 20:23:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/30 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/09/03 18:12:09 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/09/01 16:28:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/09/01 15:18:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/08/24 19:08:13 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/20 23:48:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/20 03:49:21 | 000,011,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/20 03:49:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/19 01:43:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/19 00:04:09 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/18 23:24:48 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/03/15 07:00:00 | 002,458,112 | ---- | C] () -- C:\WINDOWS\System32\wmvcore.dll
[2005/02/23 02:07:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rnlsp(2)(2)(2).dll
[2004/08/09 23:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/26 21:22:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/16 00:22:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/16 00:14:14 | 000,025,449 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/16 00:13:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/16 00:13:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/15 23:55:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2003/08/15 23:33:36 | 000,102,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/15 23:24:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/15 23:21:32 | 000,098,384 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2003/08/15 22:39:52 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/15 22:39:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/15 22:39:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/15 20:36:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/15 20:17:54 | 000,000,573 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\agi
[2007/09/19 19:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Backup MyPC
[2008/09/07 17:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bit9
[2009/11/06 02:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2009/03/03 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/09 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2009/03/04 00:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2009/05/05 20:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2006/08/30 19:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/04/19 19:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MightyKey
[2008/03/29 21:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My CuteForm RunTime
[2009/03/01 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2007/10/28 05:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2007/11/09 23:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2008/09/07 17:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Magazine Utilities
[2008/02/06 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
[2008/09/13 23:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Booster
[2003/08/16 00:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/09/24 23:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SRI
[2009/10/17 22:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stamps.com Internet Postage
[2009/02/20 23:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/05/29 00:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2006/08/27 18:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2008/09/13 16:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/02/20 02:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/11/13 22:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/02/22 18:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/21 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/02/01 23:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/18 02:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar
[2006/09/10 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/11/18 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/03/18 19:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/28 14:17:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2010/04/02 00:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/16 00:01:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/09/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/28 14:14:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B}
[2009/05/28 14:15:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B3ABAF49-C1FD-4E23-A5C8-1D0530D54991}
[2009/05/28 14:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
[2010/04/02 01:40:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/02 01:34:32 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/03/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/03/29 17:00:04 | 000,001,742 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
[2010/03/27 16:00:09 | 000,001,732 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
[2010/04/01 23:00:10 | 000,001,746 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/05/30 17:19:04 | 000,710,432 | ---- | M] (Microsoft Corporation) -- C:\Q820121_WXP_SP2_x86_ENU.exe
[2007/05/30 17:19:06 | 000,131,360 | ---- | M] (Microsoft Corporation) -- C:\Q820121_WXP_SP2_x86_ENU_Symbols.exe
[2009/02/15 13:49:42 | 000,077,824 | ---- | M] () -- C:\REIPostRebootExecuter.exe
[2009/02/11 11:34:32 | 000,442,368 | ---- | M] () -- C:\REIReiFTPWatchDog.exe
[2009/08/04 08:41:00 | 000,083,232 | ---- | M] () -- C:\REI_SendEvents.exe


< MD5 for: AGP440.SYS >
[2006/03/15 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/15 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/07/30 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/08/28 21:05:30 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/15 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/03/15 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/11/06 13:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/21 14:39:24 | 000,786,432 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/21 19:29:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/05/21 14:39:24 | 033,030,144 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/21 14:39:25 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



3.) Extras OTL

OTL Extras logfile created on: 4/2/2010 1:56:21 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 107.11 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Drive D: | 5.19 Gb Total Space | 1.17 Gb Free Space | 22.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-9K1AY6X2A2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\LMID1.tmp\lmi_rescue.exe" = C:\WINDOWS\LMID1.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\WINDOWS\LMI128.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI128.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand -- File not found
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}" = Roxio Backup MyPC
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{37A5E5C0-1704-5E2A-9A29-9B9F53EFD666}" = Adobe Photoshop.com Uploader
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4CB2511D-A074-40E0-A5ED-A875EBBDDF49}" = BotHunter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782A8AEE-0722-4E08-BB72-34C218CF166B}" = Uniblue PowerSuite 2009
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981FAFFC-35E9-42E0-9C58-9AADE646F92A}" = Diskeeper 2010 Home
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a454c267-70b9-3bfc-af15-628bcc82d578}" = Webshots Desktop
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDDA03FF-47BE-4aa9-B4FA-06EA477A6B38}" = Think Right Now 1.7
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCFA617-1856-4BE2-BA3C-BADD374757E7}" = 2500
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CrossLoop_is1" = CrossLoop 2.70
"ERUNT_is1" = ERUNT 1.1j
"Glary Utilities_is1" = Glary Utilities 2.21.0.863
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapQuest Toolbar" = MapQuest Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"Reimage PC Booster" = Reimage PC Booster
"ReimageAgent" = Reimage real-time monitor
"SBEWIN32.EXE" =
"Secunia PSI" = Secunia PSI
"SGTRAY.EXE" =
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Startup Cop Pro_is1" = Startup Cop Pro 3.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue PowerSuite 2009" = Uniblue PowerSuite 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"ixquickDB.ixquickDBDeskbar" = Ixquick Deskbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2010 2:32:21 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/1/2010 5:42:30 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/1/2010 4:07:31 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/1/2010 5:05:01 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8312.0, stamp 4a403990,
faulting module ntdll.dll, version 5.1.2600.5755, stamp 49901d48, debug? 0, fault
address 0x00010a19.

Error - 4/1/2010 8:44:50 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/1/2010 8:56:52 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/1/2010 9:01:42 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/1/2010 9:12:38 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/2/2010 1:54:32 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/2/2010 2:37:04 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

[ System Events ]
Error - 4/2/2010 2:34:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = NetDDE | ID = 12
Description = Initialization of "NDDENB32" DLL failed

Error - 4/2/2010 2:35:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AG Core Services service
to connect.

Error - 4/2/2010 2:35:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7000
Description = The AG Core Services service failed to start due to the following
error: %%1053

Error - 4/2/2010 2:35:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7003
Description = The Alerter service depends on the following nonexistent service:
LanmanWorkstation

Error - 4/2/2010 2:35:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7003
Description = The Computer Browser service depends on the following nonexistent
service: LanmanServer

Error - 4/2/2010 2:35:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7000
Description = The OPURNQUV service failed to start due to the following error: %%2

Error - 4/2/2010 2:35:29 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7000
Description = The Security Activity Dashboard Service service failed to start due
to the following error: %%2

Error - 4/2/2010 2:35:37 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/2/2010 2:35:38 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/2/2010 2:37:01 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.


< End of report >

4.)
PC is running with the same problems; no improvement has occurred.
  • 0

#6
SweetTech
Posted 02 April 2010 - 12:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
SRV - (Security Activity Dashboard Service) -- File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O9 - Extra Button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - Reg Error: Key error. File not found
O9 - Extra 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (rosoft Shared\Windows Live\ecur) - File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:Commands
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

NEXT:



GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

NEXT:



Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

NEXT:



Re-Running OTL

We need to create a New OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • One report will open, copy and paste the report in a reply here:
    • OTL.txt <-- Will be opened

NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTL fix.
3. The log that was produced after running the GooredFix.
4. The log that was produced after running the MalwareBytes' Anti-Malware.
5. The log that was produced after running the Kaspersky Online Scanner.
6. The log that was produced after running the new OTL scan.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 02 April 2010 - 12:39 PM.

  • 0

#7
Braind
Posted 03 April 2010 - 11:52 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
1.) The Kaspersky Online Scanner identified a trojan virus in my Outlook 2003. My Weroot WISE (Webroot Internet Security Essentials) has been unable to get rid of this virus. How can I kill this virus?

2. OTL FIX LOG

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Error: No service named Security Activity Dashboard Service was found to stop!
Service\Driver key Security Activity Dashboard Service not found.
File File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0050A87F-CF26-41AE-9C0A-C32307C941CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0050A87F-CF26-41AE-9C0A-C32307C941CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ not found.
File a not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ not found.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}\ not found.
File {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:OWS\S deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:rosoft Shared\Windows Live\ecur deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File D:\Info.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 559265 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 41657621 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 35035 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50345 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04032010_035632

OTL by OldTimer - Version 3.1.37.3 log created on 04032010_035632

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_c20.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ae8.dat not found!

Registry entries deleted on Reboot...

3.) GooredFIX

GooredFix by jpshortstuff (08.01.10.1)
Log created at 16:47 on 02/04/2010 (Administrator)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [06:10 04/03/2009]
talkback@mozilla(2).org [06:34 16/09/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:49 16/09/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) [06:34 16/09/2007]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [00:36 23/02/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [08:47 06/11/2009]

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\
2008-07-31 [05:35 06/09/2008]
[email protected] [05:45 01/04/2010]
foxmarks@kei(2).com [02:35 22/02/2007]
nasanightlaunch@example(2).com [11:28 21/01/2009]
[email protected] [21:32 25/03/2010]
[email protected] [03:30 21/01/2010]
[email protected] [04:54 01/04/2010]
[email protected] [03:03 18/01/2010]
{20a82645-c095-46ed-80e3-08825760534b} [20:21 26/07/2009]
{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [10:29 27/03/2010]
{4D1E692F-D179-413b-A987-EEEAAD85DDB3} [07:24 18/03/2009]
{5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A} [00:19 26/01/2010]
{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [06:51 14/01/2009]
{70F241F6-52AB-4D45-993E-C1C09920095B}(2) [17:48 10/03/2010]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [03:24 04/07/2009]
{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2) [08:12 08/02/2009]
{9a94d785-2979-44e9-b331-9e09d0cc7cff} [00:21 26/01/2010]
{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2) [02:33 23/02/2007]
{c1dffba0-628e-11d9-9669-0800200c9a66}(2) [06:51 14/01/2009]
{d9284e50-81fc-11da-a72b-0800200c9a66}(2) [18:47 04/02/2009]
{ded0fc70-7215-4802-afeb-b2982d3e7225} [06:58 16/09/2007]
{ded0fc70-7215-4802-afeb-b2982d3e7225}(2) [00:56 14/09/2007]
{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [00:20 26/01/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:03 14/09/2008]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [08:46 06/11/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [21:45 03/03/2010]

-=E.O.F=-



4.) MalwareBytes Log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3947

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/2/2010 5:18:22 PM
mbam-log-2010-04-02 (17-18-22).txt

Scan type: Quick scan
Objects scanned: 106151
Time elapsed: 21 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


5.) Kaspersky Online Scanner

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, April 3, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, April 03, 2010 19:07:59
Records in database: 3913920
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
H:\
I:\
J:\
K:\
M:\

Scan statistics:
Objects scanned: 219289
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 06:24:38


File name / Threat / Threats count
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000004.pst Infected: Trojan.JS.Redirector.b 2

Selected area has been scanned.


6.) New OTL Scan Log

OTL – Text


OTL logfile created on: 4/2/2010 1:56:21 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 107.11 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Drive D: | 5.19 Gb Total Space | 1.17 Gb Free Space | 22.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-9K1AY6X2A2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\reimage\Reimage PC Booster\reimageBooster.exe (reimage)
PRC - C:\Program Files\reimage\Reimage PC Booster\REI_Booster.exe (Reimage.com)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\davcdata.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\ime\sptip.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\ime\spgrmr.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Security Activity Dashboard Service) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe (AG Interactive)
SRV - (GoogleDesktopManager-090209-075101) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Diskeeper Corporation)
DRV - (ssfmonm) -- C:\WINDOWS\system32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (gmer) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Pro(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (smbusp) Intel® -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (DUBE100B) -- C:\WINDOWS\system32\drivers\DUBE100B.sys (D-Link Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (EvcapMaui) -- C:\WINDOWS\system32\drivers\EvcapMau.sys (Emuzed, Inc.)
DRV - (Sunkfiltp) -- C:\WINDOWS\system32\drivers\sunkfiltp.sys (Alcor Micro Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaulturl: "http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.7
FF - prefs.js..extensions.enabledItems: {9a94d785-2979-44e9-b331-9e09d0cc7cff}:1.300.306
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {4D1E692F-D179-413b-A987-EEEAAD85DDB3}:5.51.15.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.12514
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.272
FF - prefs.js..extensions.enabledItems: {5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}:3.6
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..keyword.URL: "http://assist.infosp...t/main?domain="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/03 16:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 01:52:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 01:52:54 | 000,000,000 | ---D | M]

[2008/06/17 21:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/02 01:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions
[2009/07/26 15:21:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 05:29:11 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/03/18 02:24:29 | 000,000,000 | ---D | M] (MapQuest Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{4D1E692F-D179-413b-A987-EEEAAD85DDB3}
[2010/01/25 19:19:57 | 000,000,000 | ---D | M] (Aeon Big) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}
[2009/02/18 17:04:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/03/13 00:15:47 | 000,000,000 | ---D | M] (Ixquick Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{70F241F6-52AB-4D45-993E-C1C09920095B}(2)
[2009/07/03 22:24:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/18 16:58:30 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2010/01/25 19:21:06 | 000,000,000 | ---D | M] (Dogpile Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}
[2007/02/22 22:34:36 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2)
[2009/02/18 17:04:46 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}(2)
[2009/02/18 16:59:50 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}(2)
[2007/09/16 01:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2007/09/16 01:58:13 | 000,000,000 | ---D | M] (SphereGnome) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}(2)
[2010/01/25 19:20:35 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2008/09/06 00:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\2008-07-31
[2010/04/01 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2007/02/22 22:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\foxmarks@kei(2).com
[2009/02/18 17:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\nasanightlaunch@example(2).com
[2010/03/25 16:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/01/20 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/03/31 23:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/01/17 22:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2007/09/13 19:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}(2)\chrome(2)\mozapps\extensions
[2009/03/18 02:25:13 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\aol-search.xml
[2009/06/12 22:29:35 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\bing.xml
[2010/01/25 19:21:26 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\dogpile.xml
[2010/04/01 15:37:48 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\ixquick.xml
[2008/12/08 17:28:21 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.gif
[2008/12/08 17:28:21 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.src
[2008/12/08 17:28:20 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.xml
[2010/04/01 00:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 01:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/09/16 01:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/06/16 20:43:49 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/03/13 04:23:02 | 000,000,814 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (DeskbarBHO) - {BFBB7543-916C-449a-9DC6-C9A516A6162F} - C:\Program Files\Ixquick Deskbar\deskbar.dll (Deskbar)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MapQuest Toolbar) - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MapQuest Toolbar) - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Reimage PC Booster] C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe ()
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2009/11/17 20:29:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (rosoft Shared\Windows Live\ecur) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/15 20:31:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/21 20:39:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/02 00:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/28 02:22:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/03/19 19:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\3-19-10 Scan Logs
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/16 00:05:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/03/16 00:01:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/16 00:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/14 08:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/14 07:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/03/14 07:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/14 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/13 05:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/13 04:28:59 | 000,108,880 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/03/13 04:13:56 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/03/13 00:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/03/11 20:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/07 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/03/07 06:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/03/07 06:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/07 06:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/03/03 17:12:57 | 000,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2010/03/03 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/02 23:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/23 23:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/02/23 23:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/02/23 23:04:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/19 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/05 03:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/12/04 01:59:21 | 004,989,816 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2009/12/04 01:59:14 | 000,712,072 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\GenericSB.dll
[2009/07/01 02:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/01 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/04 00:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/18 16:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2009/02/18 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2008/09/28 02:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2008/09/18 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Trend Micro
[2008/07/27 15:53:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/11/01 13:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/09/14 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/02 01:54:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/02 01:40:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/02 01:35:38 | 000,012,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 01:35:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/02 01:34:32 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/02 01:34:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 01:34:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/04/02 01:34:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/02 01:34:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/02 01:32:57 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/02 01:32:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/02 00:50:18 | 007,001,202 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/02 00:29:34 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 00:20:45 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/01 23:00:10 | 000,001,746 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job
[2010/04/01 16:04:28 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/03/29 17:00:04 | 000,001,742 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
[2010/03/28 20:44:31 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Left just does not understand.doc
[2010/03/27 16:00:09 | 000,001,732 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
[2010/03/23 14:27:20 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Glary Utilities.lnk
[2010/03/21 20:41:35 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ObamaCare Is HC Deform.doc
[2010/03/21 18:31:10 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Did you forget what the Left Wing SEIU union thugs did to Ken Gladney.doc
[2010/03/21 03:28:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\instruction at 0x7342611a referenced memory at 0x7342611a.doc
[2010/03/19 18:50:35 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/03/19 18:50:35 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/17 01:23:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\0x7342611a Error.doc
[2010/03/16 00:01:41 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/03/14 18:19:20 | 000,000,082 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/03/14 08:44:48 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/03/14 03:59:51 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 03:53:01 | 000,466,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 03:53:01 | 000,084,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 04:23:02 | 000,000,814 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/03/13 04:07:24 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/03/13 02:04:09 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2010.lnk
[2010/03/10 20:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/10 20:09:14 | 000,343,899 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MarchPrayers.pdf
[2010/03/08 18:16:32 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/08 06:40:10 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Compress.res
[2010/03/05 19:35:46 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MATHR Member Marketing Profile - BrianDomenoski.doc
[2010/03/05 07:19:43 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Short History of Marriage.doc
[2010/03/05 04:22:17 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/03/05 04:20:50 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2010/03/05 04:20:45 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6(3).dll
[2010/03/05 04:20:45 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6(2).dll
[2010/03/05 04:20:24 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mscms(2).dll
[2010/03/05 04:19:37 | 000,691,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm(2).dll
[2010/03/05 04:09:09 | 000,000,266 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/03/05 04:06:07 | 004,657,152 | ---- | M] () -- C:\WINDOWS\debugpack.cmp
[2010/03/05 03:44:51 | 000,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet(6).dll
[2010/03/05 03:44:50 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp(8).dll
[2010/03/05 03:44:50 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp(7).dll
[2010/03/05 03:44:49 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/03/05 03:44:48 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\_000002_.tmp.dll
[2010/03/05 03:44:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdigest(5).dll
[2010/03/05 03:44:45 | 001,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon(6).dll
[2010/03/05 03:44:44 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed(2).dll
[2010/03/05 03:44:43 | 008,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32(5).dll
[2010/03/05 03:44:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs(3).dll
[2010/03/05 03:44:39 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw(3).dll
[2010/03/05 03:44:30 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32(7).dll
[2010/03/05 03:44:22 | 000,399,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss(5).dll
[2010/03/05 03:44:21 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4(5).dll
[2010/03/05 03:44:20 | 001,435,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\query(3).dll
[2010/03/05 03:44:15 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pdh(3).dll
[2010/03/05 03:44:13 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32(5).dll
[2010/03/05 03:44:12 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxclu(6).dll
[2010/03/05 03:43:52 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfime(5).ime
[2010/03/05 03:43:51 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msasn1(5).dll
[2010/03/05 03:43:30 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript(5).dll
[2010/03/05 03:43:30 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript(4).dll
[2010/03/05 03:43:30 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kerberos(5).dll
[2010/03/05 03:43:25 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\es(3).dll
[2010/03/05 03:43:22 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl(5).dll
[2010/03/03 17:12:57 | 000,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2010/03/03 16:45:32 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/03/03 16:44:45 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/03/03 16:44:45 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/03/03 16:42:55 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/03/03 16:42:54 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/03/03 16:42:54 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2010/04/02 00:29:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 00:20:45 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 20:15:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Left just does not understand.doc
[2010/03/23 14:27:20 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Glary Utilities.lnk
[2010/03/21 18:31:10 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Did you forget what the Left Wing SEIU union thugs did to Ken Gladney.doc
[2010/03/21 17:06:48 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ObamaCare Is HC Deform.doc
[2010/03/19 18:50:35 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/03/19 18:50:35 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/03/18 19:47:37 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\instruction at 0x7342611a referenced memory at 0x7342611a.doc
[2010/03/17 22:15:20 | 000,001,742 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
[2010/03/16 00:01:41 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/14 07:50:30 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/14 06:05:56 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\0x7342611a Error.doc
[2010/03/13 05:52:12 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/03/13 04:22:54 | 000,001,746 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job
[2010/03/13 04:22:53 | 000,001,732 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
[2010/03/10 20:09:14 | 000,343,899 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MarchPrayers.pdf
[2010/03/08 06:02:36 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Compress.res
[2010/03/05 19:35:46 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MATHR Member Marketing Profile - BrianDomenoski.doc
[2010/03/05 07:18:45 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Short History of Marriage.doc
[2010/03/04 14:10:08 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/03 16:46:02 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/03/03 16:46:01 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/17 09:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\uoadyk.sys
[2009/05/29 17:44:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/05/29 17:44:52 | 000,819,200 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/04/19 19:08:32 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/04/19 19:08:31 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/04/19 19:06:57 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/04/19 19:06:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/04/19 19:06:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/03/26 00:02:46 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/15 01:52:15 | 000,000,266 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/03/14 02:00:00 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/03/14 01:59:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2008/09/28 02:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/09/14 00:36:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/01/25 20:44:32 | 000,010,088 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/19 19:29:59 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sbewin32.INI
[2007/09/08 04:21:47 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2007/09/08 03:44:30 | 000,269,824 | ---- | C] () -- C:\WINDOWS\System32\baksm.dll
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/06 20:57:20 | 000,002,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HPCOM_48BitScanUpdate.log
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/03 08:59:04 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/10 03:40:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/30 20:23:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/30 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/09/03 18:12:09 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/09/01 16:28:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/09/01 15:18:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/08/24 19:08:13 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/20 23:48:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/20 03:49:21 | 000,011,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/20 03:49:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/19 01:43:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/19 00:04:09 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/18 23:24:48 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/03/15 07:00:00 | 002,458,112 | ---- | C] () -- C:\WINDOWS\System32\wmvcore.dll
[2005/02/23 02:07:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rnlsp(2)(2)(2).dll
[2004/08/09 23:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/26 21:22:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/16 00:22:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/16 00:14:14 | 000,025,449 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/16 00:13:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/16 00:13:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/15 23:55:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2003/08/15 23:33:36 | 000,102,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/15 23:24:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/15 23:21:32 | 000,098,384 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2003/08/15 22:39:52 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/15 22:39:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/15 22:39:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/15 20:36:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/15 20:17:54 | 000,000,573 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\agi
[2007/09/19 19:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Backup MyPC
[2008/09/07 17:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bit9
[2009/11/06 02:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2009/03/03 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/09 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2009/03/04 00:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2009/05/05 20:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2006/08/30 19:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/04/19 19:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MightyKey
[2008/03/29 21:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My CuteForm RunTime
[2009/03/01 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2007/10/28 05:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2007/11/09 23:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2008/09/07 17:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Magazine Utilities
[2008/02/06 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
[2008/09/13 23:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Booster
[2003/08/16 00:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/09/24 23:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SRI
[2009/10/17 22:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stamps.com Internet Postage
[2009/02/20 23:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/05/29 00:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2006/08/27 18:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2008/09/13 16:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/02/20 02:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/11/13 22:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/02/22 18:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/21 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/02/01 23:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/18 02:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar
[2006/09/10 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/11/18 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/03/18 19:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/28 14:17:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2010/04/02 00:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/16 00:01:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/09/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/28 14:14:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B}
[2009/05/28 14:15:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B3ABAF49-C1FD-4E23-A5C8-1D0530D54991}
[2009/05/28 14:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
[2010/04/02 01:40:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/02 01:34:32 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/03/14 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/03/29 17:00:04 | 000,001,742 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
[2010/03/27 16:00:09 | 000,001,732 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
[2010/04/01 23:00:10 | 000,001,746 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/05/30 17:19:04 | 000,710,432 | ---- | M] (Microsoft Corporation) -- C:\Q820121_WXP_SP2_x86_ENU.exe
[2007/05/30 17:19:06 | 000,131,360 | ---- | M] (Microsoft Corporation) -- C:\Q820121_WXP_SP2_x86_ENU_Symbols.exe
[2009/02/15 13:49:42 | 000,077,824 | ---- | M] () -- C:\REIPostRebootExecuter.exe
[2009/02/11 11:34:32 | 000,442,368 | ---- | M] () -- C:\REIReiFTPWatchDog.exe
[2009/08/04 08:41:00 | 000,083,232 | ---- | M] () -- C:\REI_SendEvents.exe


< MD5 for: AGP440.SYS >
[2006/03/15 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/15 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/07/30 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/08/28 21:05:30 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/15 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/03/15 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/11/06 13:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/21 14:39:24 | 000,786,432 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/21 19:29:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/05/21 14:39:24 | 033,030,144 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/21 14:39:25 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


7.) Update on PC: The Kaspersky Online Scanner has confirmed my suspicion that my Outlook 2003 has a virus. I get 200 or so emails, per day, to my hotmail account via Outlook 2003. These emails do go right to my deleted folder, but it is a pain in the butt. Also, every time I restart Outlook 2003, I get a message that hotmail did not close properly and Outlook is checking for problems. This takes a few minutes, then Outlook opens okay. Some time during the day, I'll get the 200 junk emails in my deleted hotmail folder.
There are no other changes to my PC. There have been no improvements to my PC.
  • 0

#8
Braind
Posted 03 April 2010 - 11:57 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
The Combo Fix log:

ComboFix 10-04-01.02 - Administrator 04/03/2010 1:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.504 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\AppPatch\AcAdProc.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\msvrc20.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\_000002_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\Cache
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\service
c:\windows\system32\service\01032009_TIS17_SfFniAU.log
c:\windows\system32\service\01052009_TIS17_SfFniAU.log
c:\windows\system32\service\02032009_TIS17_SfFniAU.log
c:\windows\system32\service\02052009_TIS17_SfFniAU.log
c:\windows\system32\service\03012009_TIS17_SfFniAU.log
c:\windows\system32\service\03042009_TIS17_SfFniAU.log
c:\windows\system32\service\04072009_TIS17_SfFniAU.log
c:\windows\system32\service\04082009_TIS17_SfFniAU.log
c:\windows\system32\service\04122008_TIS17_SfFniAU.log
c:\windows\system32\service\05022009_TIS17_SfFniAU.log
c:\windows\system32\service\06042009_TIS17_SfFniAU.log
c:\windows\system32\service\06062009_TIS17_SfFniAU.log
c:\windows\system32\service\07012009_TIS17_SfFniAU.log
c:\windows\system32\service\07032009_TIS17_SfFniAU.log
c:\windows\system32\service\07112008_TIS17_SfFniAU.log
c:\windows\system32\service\08012009_TIS17_SfFniAU.log
c:\windows\system32\service\08032009_TIS17_SfFniAU.log
c:\windows\system32\service\08042009_TIS17_SfFniAU.log
c:\windows\system32\service\09032009_TIS17_SfFniAU.log
c:\windows\system32\service\09072009_TIS17_SfFniAU.log
c:\windows\system32\service\09102008_TIS17_SfFniAU.log
c:\windows\system32\service\10082009_TIS17_SfFniAU.log
c:\windows\system32\service\10122008_TIS17_SfFniAU.log
c:\windows\system32\service\11032009_TIS17_SfFniAU.log
c:\windows\system32\service\11072009_TIS17_SfFniAU.log
c:\windows\system32\service\11082009_TIS17_SfFniAU.log
c:\windows\system32\service\12112008_TIS17_SfFniAU.log
c:\windows\system32\service\13042009_TIS17_SfFniAU.log
c:\windows\system32\service\13072009_TIS17_SfFniAU.log
c:\windows\system32\service\13082009_TIS17_SfFniAU.log
c:\windows\system32\service\13112008_TIS17_SfFniAU.log
c:\windows\system32\service\14042009_TIS17_SfFniAU.log
c:\windows\system32\service\15012009_TIS17_SfFniAU.log
c:\windows\system32\service\15032009_TIS17_SfFniAU.log
c:\windows\system32\service\15042009_TIS17_SfFniAU.log
c:\windows\system32\service\15082009_TIS17_SfFniAU.log
c:\windows\system32\service\16042009_TIS17_SfFniAU.log
c:\windows\system32\service\16062009_TIS17_SfFniAU.log
c:\windows\system32\service\16072009_TIS17_SfFniAU.log
c:\windows\system32\service\16082009_TIS17_SfFniAU.log
c:\windows\system32\service\17032009_TIS17_SfFniAU.log
c:\windows\system32\service\17082009_TIS17_SfFniAU.log
c:\windows\system32\service\18082009_TIS17_SfFniAU.log
c:\windows\system32\service\19032009_TIS17_SfFniAU.log
c:\windows\system32\service\19042009_TIS17_SfFniAU.log
c:\windows\system32\service\19052009_TIS17_SfFniAU.log
c:\windows\system32\service\19062009_TIS17_SfFniAU.log
c:\windows\system32\service\19082009_TIS17_SfFniAU.log
c:\windows\system32\service\19112008_TIS17_SfFniAU.log
c:\windows\system32\service\20112008_TIS17_SfFniAU.log
c:\windows\system32\service\20122008_TIS17_SfFniAU.log
c:\windows\system32\service\21062009_TIS17_SfFniAU.log
c:\windows\system32\service\21082009_TIS17_SfFniAU.log
c:\windows\system32\service\21112008_TIS17_SfFniAU.log
c:\windows\system32\service\22022009_TIS17_SfFniAU.log
c:\windows\system32\service\22042009_TIS17_SfFniAU.log
c:\windows\system32\service\22062009_TIS17_SfFniAU.log
c:\windows\system32\service\22092008_TIS17_SfFniAU.log
c:\windows\system32\service\22112008_TIS17_SfFniAU.log
c:\windows\system32\service\23032009_TIS17_SfFniAU.log
c:\windows\system32\service\23042009_TIS17_SfFniAU.log
c:\windows\system32\service\23082009_TIS17_SfFniAU.log
c:\windows\system32\service\23102008_TIS17_SfFniAU.log
c:\windows\system32\service\24022009_TIS17_SfFniAU.log
c:\windows\system32\service\24042009_TIS17_SfFniAU.log
c:\windows\system32\service\24072009_TIS17_SfFniAU.log
c:\windows\system32\service\24082009_TIS17_SfFniAU.log
c:\windows\system32\service\25022009_TIS17_SfFniAU.log
c:\windows\system32\service\27052009_TIS17_SfFniAU.log
c:\windows\system32\service\27082009_TIS17_SfFniAU.log
c:\windows\system32\service\28062009_TIS17_SfFniAU.log
c:\windows\system32\service\28072009_TIS17_SfFniAU.log
c:\windows\system32\service\29042009_TIS17_SfFniAU.log
c:\windows\system32\service\29062009_TIS17_SfFniAU.log
c:\windows\system32\service\30012009_TIS17_SfFniAU.log
c:\windows\system32\service\30082009_TIS17_SfFniAU.log
c:\windows\system32\service\30122008_TIS17_SfFniAU.log
c:\windows\system32\service\31032009_TIS17_SfFniAU.log
c:\windows\system32\service\31052009_TIS17_SfFniAU.log
c:\windows\system32\service\31072009_TIS17_SfFniAU.log
c:\windows\system32\service\31122008_TIS17_SfFniAU.log
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCPATCH
-------\Legacy_RPCTFTPD


((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-02 21:07 . 2010-04-02 21:07 -------- d-----w- C:\_OTL
2010-04-02 05:27 . 2010-04-02 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 05:05 . 2010-04-02 05:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-16 05:04 . 2010-03-23 05:06 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-16 05:04 . 2010-03-23 05:06 848160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-03-16 05:04 . 2010-03-23 05:06 855352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-03-16 05:04 . 2010-03-23 05:06 1597440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-03-16 05:04 . 2010-03-23 05:06 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-03-16 05:04 . 2010-03-23 05:06 1263728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-16 05:01 . 2010-03-16 05:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-16 05:01 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-16 05:01 . 2010-03-16 05:02 -------- d-----w- c:\program files\Lavasoft
2010-03-14 13:10 . 2010-03-14 13:10 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-14 13:10 . 2010-03-28 03:22 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-07 11:41 . 2010-04-02 11:02 -------- d-----w- c:\program files\SpywareBlaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 06:07 . 2006-08-19 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-02 22:41 . 2010-03-07 11:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 22:41 . 2010-03-14 08:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-02 21:54 . 2009-08-16 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 07:55 . 2010-03-07 11:58 -------- d-----w- c:\program files\SpywareGuard
2010-04-02 05:52 . 2006-08-19 07:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-02 05:29 . 2009-09-24 17:38 -------- d-----w- c:\program files\iTunes
2010-04-02 05:28 . 2009-09-24 17:38 -------- d-----w- c:\program files\iPod
2010-04-02 05:20 . 2006-08-19 07:14 -------- d-----w- c:\program files\QuickTime
2010-04-02 05:10 . 2009-02-18 22:02 -------- d-----w- c:\program files\Bonjour
2010-03-29 20:24 . 2009-08-16 21:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 20:24 . 2009-08-16 21:25 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 19:29 . 2010-03-14 12:50 -------- d-----w- c:\program files\Glary Utilities
2010-03-23 05:06 . 2010-03-16 05:05 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-03-23 05:06 . 2010-03-16 05:05 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-03-23 05:06 . 2010-03-16 05:05 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-03-23 05:06 . 2010-03-16 05:05 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-03-23 05:06 . 2010-03-16 05:05 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-03-23 05:06 . 2010-03-16 05:05 430496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-03-23 05:06 . 2010-03-16 05:05 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-03-23 05:06 . 2010-03-16 05:05 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-23 05:06 . 2010-03-16 05:05 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-19 23:50 . 2010-03-12 01:07 -------- d-----w- c:\program files\ERUNT
2010-03-19 01:35 . 2009-03-15 06:52 -------- d-----w- c:\program files\reimage
2010-03-16 05:05 . 2010-03-16 05:05 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-16 05:05 . 2010-03-16 05:05 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-16 05:05 . 2010-03-16 05:05 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-16 05:05 . 2010-03-16 05:05 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-16 05:05 . 2010-03-16 05:05 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-16 05:05 . 2010-03-16 05:05 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-16 05:05 . 2010-03-16 05:05 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-16 05:01 . 2008-03-09 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-14 13:09 . 2010-03-07 11:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-14 13:09 . 2010-03-14 13:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-14 12:33 . 2009-10-04 21:10 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-14 12:33 . 2010-03-14 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-13 10:54 . 2010-03-13 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-13 09:18 . 2009-12-04 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\webroot
2010-03-13 09:13 . 2009-12-15 05:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2010-03-13 09:07 . 2010-03-13 09:28 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-03-11 01:59 . 2009-03-06 00:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-05 09:22 . 2006-10-24 17:29 346112 -c--a-w- c:\windows\system32\windowscodecsext.dll
2010-03-05 09:20 . 2006-03-15 12:00 16896 ------w- c:\windows\system32\oleaccrc.dll
2010-03-05 09:20 . 2007-05-15 20:43 1306624 ----a-w- c:\windows\system32\msxml6(3).dll
2010-03-05 09:20 . 2007-05-15 20:43 1306624 ----a-w- c:\windows\system32\msxml6(2).dll
2010-03-05 09:20 . 2006-03-15 12:00 73728 ----a-w- c:\windows\system32\mscms(2).dll
2010-03-05 09:19 . 2006-08-18 03:59 691712 ----a-w- c:\windows\system32\inetcomm(2).dll
2010-03-05 08:43 . 2006-03-15 12:00 57344 ----a-w- c:\windows\system32\msasn1(5).dll
2010-03-05 08:43 . 2006-03-15 12:00 726528 ----a-w- c:\windows\system32\jscript(5).dll
2010-03-05 08:43 . 2006-03-15 12:00 726528 ----a-w- c:\windows\system32\jscript(4).dll
2010-03-05 08:43 . 2006-03-15 12:00 299520 ----a-w- c:\windows\system32\kerberos(5).dll
2010-03-05 08:43 . 2006-03-15 12:00 246272 ----a-w- c:\windows\system32\es(3).dll
2010-03-05 08:43 . 2006-03-15 12:00 58880 ----a-w- c:\windows\system32\atl(5).dll
2010-03-03 22:12 . 2010-03-03 22:12 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-03 21:45 . 2010-03-03 21:45 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-03 21:45 . 2010-03-03 21:45 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-03 21:45 . 2003-08-16 04:58 -------- d-----w- c:\program files\Common Files\Real
2010-03-03 21:44 . 2003-08-16 04:58 -------- d-----w- c:\program files\Real
2010-03-03 21:44 . 2010-03-03 21:44 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-03 21:42 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-03 21:42 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-02 10:48 . 2006-11-22 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-03-01 05:45 . 2009-03-15 11:51 -------- d-----w- c:\program files\CCleaner
2010-02-25 06:24 . 2006-03-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 03:58 . 2010-02-22 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2010-02-22 03:58 . 2010-02-22 03:58 -------- d-----w- c:\program files\Windows Home Server
2010-02-21 09:51 . 2009-10-28 02:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-15 07:58 . 2006-08-19 04:36 -------- d-----w- c:\program files\Google
2010-02-15 06:50 . 2009-09-15 01:22 -------- d-----w- c:\program files\Apple Software Update
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 08:02 . 2010-02-12 08:02 -------- d-----w- c:\program files\MSSOAP
2010-02-09 03:43 . 2010-02-09 03:00 104568 ----a-w- c:\windows\hpoins04.dat
2010-02-04 15:53 . 2010-03-16 05:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-26 00:03 . 2010-01-26 00:21 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}\components\Engine.dll
2010-01-14 19:14 . 2010-01-14 19:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 19:14 . 2010-01-14 19:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 19:14 . 2010-01-14 19:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 19:14 . 2010-01-14 19:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 19:14 . 2010-01-14 19:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2010-01-10 01:33 . 2010-01-04 03:39 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 21:57 . 2010-01-21 03:30 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\pixomatic.dll
2010-01-05 21:57 . 2010-01-21 03:30 545280 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\PicLensHelper.exe
2010-01-05 21:57 . 2010-01-21 03:30 153600 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
2010-01-05 21:57 . 2010-01-21 03:30 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\LaunchCooliris.exe
2010-01-05 21:57 . 2010-01-21 03:30 57856 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\components\coolirisstub.dll
2010-01-05 21:57 . 2010-01-21 03:30 4725760 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\cooliris192.dll
2009-12-15 03:39 . 2009-12-04 06:59 4989816 -c--a-w- c:\program files\Common Files\wruninstall.exe
2009-12-04 06:59 . 2009-12-04 06:59 712072 -c--a-w- c:\program files\Common Files\GenericSB.dll
2009-09-22 20:26 . 2006-10-30 03:25 119296 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-03-15 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2003-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ331958$\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-03-15 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2006-03-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-03-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-03-15 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-03-15 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2003-07-30 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\I386\NTFS.SYS

[-] 2006-03-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-03-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
[-] 2006-03-15 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
[-] 2006-03-15 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2006-03-15 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2003-07-30 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2006-03-15 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
[-] 2006-03-15 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2006-03-15 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2006-03-15 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2003-07-30 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2006-03-15 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
[-] 2006-03-15 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
[-] 2006-03-15 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2006-03-15 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2006-03-15 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
[-] 2006-03-15 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
[-] 2006-03-15 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
[-] 2006-03-15 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
[-] 2006-03-15 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
[-] 2006-03-15 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2006-03-15 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2006-03-15 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2010-03-05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
[-] 2006-03-15 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
[-] 2006-03-15 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2006-03-15 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2006-03-15 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2006-03-15 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\AGP440.SYS
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-03-15 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
[-] 2006-03-15 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2009-04-04 00:37 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
[-] 2006-03-15 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 16:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9302e698-7e00-43ab-b867-c6e759bc2ada}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560]

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9302E698-7E00-43AB-B867-C6E759BC2ADA}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560]

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^1-Click Answers.lnk]
backup=c:\windows\pss\1-Click Answers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AbacastDistributedOnDemand:11
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outlook Express button

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 -c--a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-20 02:00 335872 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-09-22 20:26 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-07-10 18:13 114688 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 -c--a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 21:44 61440 -c--a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 21:02 563984 -c--a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 04:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-06-18 01:13 118784 -c--a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
2003-08-09 16:27 139264 -c--a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccEvtMgr"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"navapsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"KernelFaultCheck"="%systemroot%\system32\dumprep" 0 -k
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" false na "c:\program files\Reimage\Reimage PC Booster\ReimageBooster.exe" /tray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5910:TCP"= 5910:TCP:vnc5910

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2010 12:05 AM 64288]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [3/13/2010 4:28 AM 108880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [12/4/2009 2:01 AM 39400]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [3/13/2010 4:15 AM 1201640]
R3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [2/27/2008 7:44 PM 18560]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [8/15/2003 11:21 PM 177664]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.0\AGCoreService.exe [11/13/2009 10:00 PM 20480]
S2 gupdate1c9fa1b2173b764;Google Update Service (gupdate1c9fa1b2173b764);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 2:11 AM 133104]
S2 OPURNQUV;OPURNQUV;\??\c:\windows\system32\drivers\OPURNQUV.sys --> c:\windows\system32\drivers\OPURNQUV.sys [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2/21/2010 10:58 PM 41504]
S3 GoogleDesktopManager-090209-075101;Google Desktop Manager 5.9.909.2235;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2006 11:37 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1263728]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-14 18:03]

2010-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-24 00:16]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 07:10]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 07:10]

2010-04-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-03-29 c:\windows\Tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-13 21:19]

2010-03-29 c:\windows\Tasks\wrSpySweeper_L76ACFF3080CC4EF49735590A605EA80E.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-13 21:19]

2010-03-27 c:\windows\Tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-13 21:19]

2010-03-27 c:\windows\Tasks\wrSpySweeper_L85ADAE8969AB41209763B0C6C57BE5D4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-13 21:19]

2010-04-02 c:\windows\Tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-13 21:19]

2010-04-02 c:\windows\Tasks\wrSpySweeper_LE9294F1191DE48CFA4B4FF790F3BF861.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-13 21:19]
.
.
------- Supplementary Scan -------
.
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\
FF - prefs.js: browser.search.defaulturl - http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com
FF - prefs.js: keyword.URL - hxxp://assist.infospace.com/dogpilevtb/dnsassist/main?domain=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}\components\Engine.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-889E-3DB98DE17499} - (no file)
AddRemove-{A1062847-0846-427A-92A1-BB8251A91E91} - c:\program files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 01:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58A7CDC3-E7F0-F2C8-EFFD-F52B1E3D7392}*]
"dbcedifcjilinfhgmedfackjchanmlgbaiodgdhl"=hex:6a,61,67,6e,68,63,68,6a,68,61,
68,65,6b,63,62,6f,61,68,6f,68,00,fb
"cbeafkkfdhhbdmjkmpmfigegeialpknflbdnkj"=hex:6a,61,64,6e,6f,61,6b,6c,6c,69,66,
6c,67,62,62,6b,69,70,6a,6c,00,fb
"iacedifcjilinfhgme"=hex:61,61,00,00
"haeafkkfdhhbdmjk"=hex:61,61,00,00
"iagddefegpkmnhjddb"=hex:61,61,00,00

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC0591D-1494-A727-EEB1-3C4A864352E4}*]
"dbddaeiiedmkliimihjddadooejmcjiemminakcb"=hex:6a,61,70,70,6f,6b,61,6e,6c,61,
61,64,6a,69,63,6f,70,61,64,6a,00,e1
"cbjdgblmadpchealijamebjfoehdimgkbbggko"=hex:69,61,64,61,62,6a,70,67,6f,61,62,
69,62,6a,6d,65,62,68,00,00
"abpniaahokgdafkmbckldobfecaghmdppi"=hex:61,61,00,00
"maaojbilemcjlailnjoenfkmhb"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,8b,25,20,9b,5e,25,46,88,44,89,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,6a,13,bf,fa,cd,f7,4e,bc,6e,ca,\
"B34DEDAE08DEBC3D9AE72E5085B5F343BB2B215141"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,8b,25,20,9b,5e,25,46,88,44,89,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,3e,95,9a,7f,27,96,4f,97,10,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,8b,25,20,9b,5e,25,46,88,44,89,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,3e,95,9a,7f,27,96,4f,97,10,19,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6332)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\netdde.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\inetsrv\DavCData.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-04-03 02:00:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 07:00

Pre-Run: 114,566,139,904 bytes free
Post-Run: 114,747,113,472 bytes free

- - End Of File - - 230CA4D1080EFDA12CA2CBCC44046C2C
  • 0

#9
SweetTech
Posted 04 April 2010 - 09:46 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Infected Outlook Express
The Kaspersky log indicates that there are infected emails in the Inbox folder in Outlook Express.

Please delete the emails in your Inbox folder - keep only the emails that are of extreme importance. After you finish deleting the emails, please right click on the Deleted Items folder and click Empty 'Deleted Items' Folder.

Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

To do this click from the top toolbar File / Folder / Compact All Folders



NEXT:



Dial-A-Fix

We need to repair some of windows' internal registration settings

  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    Posted Image

    Posted Image
  • Now I want you to uncheck all areas except what is under the SSL/HTTPS/Crytography this section leave checked
  • Click on Go.
  • Exit/Close Dial-A-Fix.

NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
SRV - (Security Activity Dashboard Service) -- File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O9 - Extra Button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - Reg Error: Key error. File not found
O9 - Extra 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (rosoft Shared\Windows Live\ecur) - File not found
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:Commands
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\windows\system32\drivers\OPURNQUV.sys
RegLock::
[HKEY_USERS\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\User Preferences]
Driver::
OPURNQUV
AdWatchDrv

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTL Fix.
3. The log that was produced after running the ComboFix scan.
4. An update on how your computer is currently running.


It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#10
Braind
Posted 04 April 2010 - 08:29 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
1.) The method you gave me to compact my emails doesn't work. I don't have the File / Folder / Compact All Folders path on my tool bar. I have Outlook 2003 which has the File/Folder path, but no Compact All Folders function, or at least it wasn't where you indicated for me to look for it.

So, is there another way to compact my emails using Outlook 2003?

I had one email in Outlook Express and deleted it. I also went to my hotmail account online (NOT using Outlook 2003) and deleted about 2500 emails there.

Now my Outlook 2003 will close itself intermittently, always while updating itself. This is what happens: I open my Outlook 2003, and it updates. Outlook 2003 will disappear from my screen, but still update (I see this from the icon on my bottom task bar). Then it completely closes. Sometimes, Outlook 2003 will wait 10 minutes or so after I have opened it to do close itself as I have previously described.
How do I fix this?

Also, I don't ever use Outlook Express and I want to uninstall it. This program does NOT show up on my "Set Program Access and Defaults" function, so I can't uninstall it by that method.

How do I uninstall Outlook Express?



This is becoming more complicated than I was expecting (that Reimage so called repair really did a number on my PC!). Thanks for working on this. I greatly appreciate it.



2.) OTL Fix Log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Error: No service named Security Activity Dashboard Service was found to stop!
Service\Driver key Security Activity Dashboard Service not found.
File File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0050A87F-CF26-41AE-9C0A-C32307C941CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0050A87F-CF26-41AE-9C0A-C32307C941CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ not found.
File a not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ not found.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}\ not found.
File {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:OWS\S deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:rosoft Shared\Windows Live\ecur deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 505 bytes
->Temporary Internet Files folder emptied: 3395846 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 42247694 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3829 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1260520 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04042010_155309

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_c1c.dat not found!
File\Folder C:\WINDOWS\temp\fc9606c2.$$$ not found!

Registry entries deleted on Reboot...


3.) ComboFix Log

ComboFix 10-04-03.02 - Administrator 04/04/2010 20:18:45.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.997 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Essentials *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

FILE ::
"c:\windows\system32\drivers\OPURNQUV.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADWATCHDRV
-------\Legacy_OPURNQUV
-------\Service_AdWatchDrv
-------\Service_OPURNQUV


((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-04-04 20:49 . 2010-04-05 01:27 -------- d-----w- c:\windows\system32\CatRoot2
2010-04-04 06:13 . 2010-04-04 08:20 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-02 21:07 . 2010-04-02 21:07 -------- d-----w- C:\_OTL
2010-04-02 05:27 . 2010-04-02 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 05:05 . 2010-04-02 05:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-16 05:04 . 2010-03-23 05:06 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-16 05:04 . 2010-03-23 05:06 848160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-03-16 05:04 . 2010-03-23 05:06 855352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-03-16 05:04 . 2010-03-23 05:06 1597440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-03-16 05:04 . 2010-03-23 05:06 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-03-16 05:04 . 2010-03-23 05:06 1263728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-16 05:01 . 2010-03-16 05:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-16 05:01 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-16 05:01 . 2010-03-16 05:02 -------- d-----w- c:\program files\Lavasoft
2010-03-14 13:10 . 2010-03-14 13:10 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-14 13:10 . 2010-03-28 03:22 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-07 11:41 . 2010-04-02 11:02 -------- d-----w- c:\program files\SpywareBlaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 08:13 . 2006-08-19 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-02 22:41 . 2010-03-07 11:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 22:41 . 2010-03-14 08:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-02 21:54 . 2009-08-16 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 07:55 . 2010-03-07 11:58 -------- d-----w- c:\program files\SpywareGuard
2010-04-02 05:52 . 2006-08-19 07:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-02 05:29 . 2009-09-24 17:38 -------- d-----w- c:\program files\iTunes
2010-04-02 05:28 . 2009-09-24 17:38 -------- d-----w- c:\program files\iPod
2010-04-02 05:20 . 2006-08-19 07:14 -------- d-----w- c:\program files\QuickTime
2010-04-02 05:10 . 2009-02-18 22:02 -------- d-----w- c:\program files\Bonjour
2010-03-29 20:24 . 2009-08-16 21:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 20:24 . 2009-08-16 21:25 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 19:29 . 2010-03-14 12:50 -------- d-----w- c:\program files\Glary Utilities
2010-03-23 05:06 . 2010-03-16 05:05 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-03-23 05:06 . 2010-03-16 05:05 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-03-23 05:06 . 2010-03-16 05:05 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-03-23 05:06 . 2010-03-16 05:05 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-03-23 05:06 . 2010-03-16 05:05 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-03-23 05:06 . 2010-03-16 05:05 430496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-03-23 05:06 . 2010-03-16 05:05 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-03-23 05:06 . 2010-03-16 05:05 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-23 05:06 . 2010-03-16 05:05 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-19 23:50 . 2010-03-12 01:07 -------- d-----w- c:\program files\ERUNT
2010-03-19 01:35 . 2009-03-15 06:52 -------- d-----w- c:\program files\reimage
2010-03-16 05:05 . 2010-03-16 05:05 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-16 05:05 . 2010-03-16 05:05 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-16 05:05 . 2010-03-16 05:05 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-16 05:05 . 2010-03-16 05:05 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-16 05:05 . 2010-03-16 05:05 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-16 05:05 . 2010-03-16 05:05 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-16 05:05 . 2010-03-16 05:05 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-16 05:01 . 2008-03-09 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-14 13:09 . 2010-03-07 11:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-14 13:09 . 2010-03-14 13:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-14 12:33 . 2009-10-04 21:10 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-14 12:33 . 2010-03-14 12:33 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-13 10:54 . 2010-03-13 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-13 09:18 . 2009-12-04 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\webroot
2010-03-13 09:13 . 2009-12-15 05:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2010-03-13 09:07 . 2010-03-13 09:28 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-03-11 01:59 . 2009-03-06 00:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-05 09:22 . 2006-10-24 17:29 346112 -c--a-w- c:\windows\system32\windowscodecsext.dll
2010-03-05 09:20 . 2006-03-15 12:00 16896 ------w- c:\windows\system32\oleaccrc.dll
2010-03-05 09:20 . 2007-05-15 20:43 1306624 ----a-w- c:\windows\system32\msxml6(3).dll
2010-03-05 09:20 . 2007-05-15 20:43 1306624 ----a-w- c:\windows\system32\msxml6(2).dll
2010-03-05 09:20 . 2006-03-15 12:00 73728 ----a-w- c:\windows\system32\mscms(2).dll
2010-03-05 09:19 . 2006-08-18 03:59 691712 ----a-w- c:\windows\system32\inetcomm(2).dll
2010-03-05 08:43 . 2006-03-15 12:00 57344 ----a-w- c:\windows\system32\msasn1(5).dll
2010-03-05 08:43 . 2006-03-15 12:00 726528 ----a-w- c:\windows\system32\jscript(5).dll
2010-03-05 08:43 . 2006-03-15 12:00 726528 ----a-w- c:\windows\system32\jscript(4).dll
2010-03-05 08:43 . 2006-03-15 12:00 299520 ----a-w- c:\windows\system32\kerberos(5).dll
2010-03-05 08:43 . 2006-03-15 12:00 246272 ----a-w- c:\windows\system32\es(3).dll
2010-03-05 08:43 . 2006-03-15 12:00 58880 ----a-w- c:\windows\system32\atl(5).dll
2010-03-03 22:12 . 2010-03-03 22:12 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-03 21:45 . 2010-03-03 21:45 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-03 21:45 . 2010-03-03 21:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-03 21:45 . 2010-03-03 21:45 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-03 21:45 . 2003-08-16 04:58 -------- d-----w- c:\program files\Common Files\Real
2010-03-03 21:44 . 2003-08-16 04:58 -------- d-----w- c:\program files\Real
2010-03-03 21:44 . 2010-03-03 21:44 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-03 21:42 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-03 21:42 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-02 10:48 . 2006-11-22 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-03-01 05:45 . 2009-03-15 11:51 -------- d-----w- c:\program files\CCleaner
2010-02-25 06:24 . 2006-03-15 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-22 03:58 . 2010-02-22 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2010-02-22 03:58 . 2010-02-22 03:58 -------- d-----w- c:\program files\Windows Home Server
2010-02-21 09:51 . 2009-10-28 02:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-15 07:58 . 2006-08-19 04:36 -------- d-----w- c:\program files\Google
2010-02-15 06:50 . 2009-09-15 01:22 -------- d-----w- c:\program files\Apple Software Update
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 08:02 . 2010-02-12 08:02 -------- d-----w- c:\program files\MSSOAP
2010-02-09 03:43 . 2010-02-09 03:00 104568 ----a-w- c:\windows\hpoins04.dat
2010-02-04 15:53 . 2010-03-16 05:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-26 00:03 . 2010-01-26 00:21 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}\components\Engine.dll
2010-01-14 19:14 . 2010-01-14 19:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 19:14 . 2010-01-14 19:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 19:14 . 2010-01-14 19:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 19:14 . 2010-01-14 19:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 19:14 . 2010-01-14 19:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2010-01-10 01:33 . 2010-01-04 03:39 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 21:57 . 2010-01-21 03:30 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\pixomatic.dll
2010-01-05 21:57 . 2010-01-21 03:30 545280 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\PicLensHelper.exe
2010-01-05 21:57 . 2010-01-21 03:30 153600 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
2010-01-05 21:57 . 2010-01-21 03:30 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\LaunchCooliris.exe
2010-01-05 21:57 . 2010-01-21 03:30 57856 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\components\coolirisstub.dll
2010-01-05 21:57 . 2010-01-21 03:30 4725760 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\libs\cooliris192.dll
2009-12-15 03:39 . 2009-12-04 06:59 4989816 -c--a-w- c:\program files\Common Files\wruninstall.exe
2009-12-04 06:59 . 2009-12-04 06:59 712072 -c--a-w- c:\program files\Common Files\GenericSB.dll
2009-09-22 20:26 . 2006-10-30 03:25 119296 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 16:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9302e698-7e00-43ab-b867-c6e759bc2ada}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560]

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9302E698-7E00-43AB-B867-C6E759BC2ADA}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2009-03-11 1291560]

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]
[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^1-Click Answers.lnk]
backup=c:\windows\pss\1-Click Answers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 -c--a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-20 02:00 335872 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-09-22 20:26 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-07-10 18:13 114688 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 -c--a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 21:44 61440 -c--a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 21:02 563984 -c--a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 04:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-06-18 01:13 118784 -c--a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
2003-08-09 16:27 139264 -c--a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccEvtMgr"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"navapsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"KernelFaultCheck"="%systemroot%\system32\dumprep" 0 -k
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" false na "c:\program files\Reimage\Reimage PC Booster\ReimageBooster.exe" /tray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5910:TCP"= 5910:TCP:vnc5910

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2010 12:05 AM 64288]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [3/13/2010 4:28 AM 108880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [12/4/2009 2:01 AM 39400]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [3/13/2010 4:15 AM 1201640]
R3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [2/27/2008 7:44 PM 18560]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [8/15/2003 11:21 PM 177664]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.0\AGCoreService.exe [11/13/2009 10:00 PM 20480]
S2 gupdate1c9fa1b2173b764;Google Update Service (gupdate1c9fa1b2173b764);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 2:11 AM 133104]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2/21/2010 10:58 PM 41504]
S3 GoogleDesktopManager-090209-075101;Google Desktop Manager 5.9.909.2235;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2006 11:37 PM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1263728]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-14 18:03]

2010-04-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-24 00:16]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 07:10]

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 07:10]

2010-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\
FF - prefs.js: browser.search.defaulturl - http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com
FF - prefs.js: keyword.URL - hxxp://assist.infospace.com/dogpilevtb/dnsassist/main?domain=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}\components\Engine.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58A7CDC3-E7F0-F2C8-EFFD-F52B1E3D7392}*]
"dbcedifcjilinfhgmedfackjchanmlgbaiodgdhl"=hex:6a,61,67,6e,68,63,68,6a,68,61,
68,65,6b,63,62,6f,61,68,6f,68,00,fb
"cbeafkkfdhhbdmjkmpmfigegeialpknflbdnkj"=hex:6a,61,64,6e,6f,61,6b,6c,6c,69,66,
6c,67,62,62,6b,69,70,6a,6c,00,fb
"iacedifcjilinfhgme"=hex:61,61,00,00
"haeafkkfdhhbdmjk"=hex:61,61,00,00
"iagddefegpkmnhjddb"=hex:61,61,00,00

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC0591D-1494-A727-EEB1-3C4A864352E4}*]
"dbddaeiiedmkliimihjddadooejmcjiemminakcb"=hex:6a,61,70,70,6f,6b,61,6e,6c,61,
61,64,6a,69,63,6f,70,61,64,6a,00,e1
"cbjdgblmadpchealijamebjfoehdimgkbbggko"=hex:69,61,64,61,62,6a,70,67,6f,61,62,
69,62,6a,6d,65,62,68,00,00
"abpniaahokgdafkmbckldobfecaghmdppi"=hex:61,61,00,00
"maaojbilemcjlailnjoenfkmhb"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4692)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\netdde.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\inetsrv\DavCData.exe
c:\progra~1\Webshots\315~1.761\webshots.scr
.
**************************************************************************
.
Completion time: 2010-04-04 20:35:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 01:35
ComboFix2.txt 2010-04-05 00:08
ComboFix3.txt 2010-04-03 07:00

Pre-Run: 114,566,496,256 bytes free
Post-Run: 114,519,064,576 bytes free

- - End Of File - - A4DDD68CF6B429958CBC73DD439BC90F


4.) The only changes on my PC are the ones with Outlook 2003 that were described in Note 1.).

Edited by Braind, 04 April 2010 - 10:35 PM.

  • 0

Advertisements

#11
SweetTech
Posted 05 April 2010 - 03:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello Braind,

Please take a look at this link here: http://support.microsoft.com/kb/289987 to see if it helps with compacting your e-mails.

I'm not really too familiar with Outlook Express, but if it's not listed in your Add/Remove programs then it must be a program that comes with Windows XP and isn't suppose to be uninstalled.



NEXT:



Registry Cleaners + "Tweak" Tools

In regards to:
  • Reimage PC Booster
  • Uniblue PowerSuite 2009
  • Uniblue DriverScanner 2009
  • Uniblue RegistryBooster 2009
  • Uniblue SpeedUpMyPC 2009
I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

discussion on regcleaners >> http://forums.whatth...ner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.bl...weaking_13.html



NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:[/color][/b] Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ESET Online Scanner.
3. The log that was produced after running the new OTL scan.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#12
Braind
Posted 05 April 2010 - 07:17 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
Just an FYI, Please see MS document attached.
This is a screen shot of what I get as a message when I tried to uninstall Adobe Reader 2.0. It seems that Adobe Reader 2.0 is NOT installed on my PC, but for some reason shows up in Set Programs Access and Defaults.

See this link:

C:\Documents and Settings\Administrator\My Documents\Adobe Uninstall Information.mht0 in IE8
  • 0

#13
SweetTech
Posted 05 April 2010 - 07:19 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Could you attach the screenshot to this post?

Thanks.
  • 0

#14
Braind
Posted 05 April 2010 - 08:27 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
I tried to do a screen shot, but it won't paste to this posting. I get a copy of the screen shot and tried to paste it here, but nothing happened. Then I did the screen shot as a MS Word document, but this posting won't let me upload MS documents. Do you have any suggestions?
  • 0

#15
Braind
Posted 05 April 2010 - 10:50 PM

Braind

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 263 posts
1.) Thanks for the tips. I greatly appreciate these tips. I will NEVER use Reimage again! Their customer service is horrible.

2.) Eset scan froze my PC both times I ran the scan (after about 30 minutes in to the scan both times).
So I was not able to complete that scan.

3.) OTL Full Scan

OTL logfile created on: 4/5/2010 11:28:07 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 105.90 Gb Free Space | 73.63% Space Free | Partition Type: NTFS
Drive D: | 5.19 Gb Total Space | 1.17 Gb Free Space | 22.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-9K1AY6X2A2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(3).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\davcdata.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(3).exe (OldTimer Tools)
MOD - C:\WINDOWS\ime\sptip.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\ime\spgrmr.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe (AG Interactive)
SRV - (GoogleDesktopManager-090209-075101) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssfmonm) -- C:\WINDOWS\system32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Pro(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (smbusp) Intel® -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (DUBE100B) -- C:\WINDOWS\system32\drivers\DUBE100B.sys (D-Link Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (EvcapMaui) -- C:\WINDOWS\system32\drivers\EvcapMau.sys (Emuzed, Inc.)
DRV - (Sunkfiltp) -- C:\WINDOWS\system32\drivers\sunkfiltp.sys (Alcor Micro Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.defaulturl: "http%3A//ixquick.com/do/toolbar%3Fcat%3Dweb%26language%3Denglish%26query%3D"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.7
FF - prefs.js..extensions.enabledItems: {9a94d785-2979-44e9-b331-9e09d0cc7cff}:1.300.306
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3
FF - prefs.js..extensions.enabledItems: {4D1E692F-D179-413b-A987-EEEAAD85DDB3}:5.51.15.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.12514
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.272
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}:3.6
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..keyword.URL: "http://assist.infosp...t/main?domain="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/03 16:45:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 01:52:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 20:24:31 | 000,000,000 | ---D | M]

[2008/06/17 21:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/05 22:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions
[2009/07/26 15:21:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/27 05:29:11 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/03/18 02:24:29 | 000,000,000 | ---D | M] (MapQuest Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{4D1E692F-D179-413b-A987-EEEAAD85DDB3}
[2010/01/25 19:19:57 | 000,000,000 | ---D | M] (Aeon Big) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}
[2009/02/18 17:04:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/03/13 00:15:47 | 000,000,000 | ---D | M] (Ixquick Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{70F241F6-52AB-4D45-993E-C1C09920095B}(2)
[2009/07/03 22:24:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/18 16:58:30 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2010/01/25 19:21:06 | 000,000,000 | ---D | M] (Dogpile Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}
[2007/02/22 22:34:36 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2)
[2009/02/18 17:04:46 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}(2)
[2009/02/18 16:59:50 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}(2)
[2007/09/16 01:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2007/09/16 01:58:13 | 000,000,000 | ---D | M] (SphereGnome) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}(2)
[2010/01/25 19:20:35 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2008/09/06 00:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\2008-07-31
[2010/04/01 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2007/02/22 22:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\foxmarks@kei(2).com
[2009/02/18 17:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\nasanightlaunch@example(2).com
[2010/03/25 16:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/01/20 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/03/31 23:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/04/05 20:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2010/01/17 22:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\[email protected]
[2007/09/13 19:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}(2)\chrome(2)\mozapps\extensions
[2009/03/18 02:25:13 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\aol-search.xml
[2009/06/12 22:29:35 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\bing.xml
[2010/01/25 19:21:26 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\dogpile.xml
[2010/04/04 16:10:54 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\ixquick.xml
[2008/12/08 17:28:21 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.gif
[2008/12/08 17:28:21 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.src
[2008/12/08 17:28:20 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnd2hfhj.default\searchplugins\yahoo.xml
[2010/04/05 20:33:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/05 23:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/09/16 01:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/05 20:18:59 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/06/30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/06/16 20:43:49 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/04/04 20:26:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (DeskbarBHO) - {BFBB7543-916C-449a-9DC6-C9A516A6162F} - C:\Program Files\Ixquick Deskbar\deskbar.dll (Deskbar)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MapQuest Toolbar) - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\..\Toolbar\WebBrowser: (MapQuest Toolbar) - {9302E698-7E00-43AB-B867-C6E759BC2ADA} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll (MapQuest, Inc)
O3 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-1413038736-614172877-2008263415-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2009/11/17 20:29:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\mod_sm.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1413038736-614172877-2008263415-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Security Packages - (rosoft Shared\Windows Live\ecur) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/15 20:31:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/05 21:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/05 20:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2010/04/05 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit
[2010/04/05 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/05 20:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/04/05 19:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/05 19:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/04/05 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/04/05 19:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/05 19:38:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 19:38:49 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 19:38:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 19:38:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 19:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/05 18:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.SunDownloadManager
[2010/04/04 21:04:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/04 15:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\April 4, 2010 Scans - Logs
[2010/04/04 15:49:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/04 15:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dial-a-fix-v0.60.0.24
[2010/04/03 01:33:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/03 01:33:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/03 01:33:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/03 01:33:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/03 01:32:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/02 16:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/04/02 16:07:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/02 02:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\4-2-10 Scans
[2010/04/02 00:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/28 02:22:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/03/19 19:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\3-19-10 Scan Logs
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/16 00:05:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/03/16 00:01:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/16 00:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/14 08:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/14 07:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/03/14 07:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/14 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/13 05:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/13 04:28:59 | 000,108,880 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/03/13 04:13:56 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/03/13 00:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/03/07 06:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/03/07 06:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/03/07 06:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/07 06:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/03/02 23:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/23 23:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/02/23 23:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/02/23 23:04:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/19 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/05 03:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/12/04 01:59:21 | 004,989,816 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2009/12/04 01:59:14 | 000,712,072 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\GenericSB.dll
[2009/07/01 02:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/01 02:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/04 00:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/18 16:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2009/02/18 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2008/09/28 02:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2008/09/18 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Trend Micro
[2008/07/27 15:53:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/11/01 13:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/09/14 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/05 23:17:38 | 000,012,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 23:17:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/05 23:16:36 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/04/05 23:16:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 23:16:35 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/04/05 23:16:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 23:16:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 22:15:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1413038736-614172877-2008263415-500.job
[2010/04/05 21:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 20:58:37 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/05 20:58:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/05 20:58:22 | 011,260,346 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/05 20:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/05 20:17:43 | 000,220,683 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Adobe Uninstall Information.mht
[2010/04/05 19:55:03 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Adobe Uninstall Information.doc
[2010/04/05 19:48:50 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/05 19:38:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 19:38:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 19:38:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 19:38:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 19:38:16 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/04 20:26:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/04 20:26:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/04 19:24:47 | 003,907,280 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 20:44:31 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Left just does not understand.doc
[2010/03/21 20:41:35 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ObamaCare Is HC Deform.doc
[2010/03/21 18:31:10 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Did you forget what the Left Wing SEIU union thugs did to Ken Gladney.doc
[2010/03/21 03:28:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\instruction at 0x7342611a referenced memory at 0x7342611a.doc
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/17 01:23:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\0x7342611a Error.doc
[2010/03/14 18:19:20 | 000,000,082 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/03/14 03:59:51 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 03:53:01 | 000,466,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 03:53:01 | 000,084,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 04:07:24 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 20:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/10 20:09:14 | 000,343,899 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MarchPrayers.pdf
[2010/03/08 18:16:32 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/08 06:40:10 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Compress.res

========== Files Created - No Company Name ==========

[2010/04/05 20:20:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/05 20:07:47 | 000,220,683 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Adobe Uninstall Information.mht
[2010/04/05 19:55:02 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Adobe Uninstall Information.doc
[2010/04/05 19:48:50 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/04 19:24:45 | 003,907,280 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/04/03 01:33:13 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/03 01:33:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/03 01:33:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/03 01:33:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/03 01:33:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/28 20:15:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Left just does not understand.doc
[2010/03/21 18:31:10 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Did you forget what the Left Wing SEIU union thugs did to Ken Gladney.doc
[2010/03/21 17:06:48 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ObamaCare Is HC Deform.doc
[2010/03/18 19:47:37 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\instruction at 0x7342611a referenced memory at 0x7342611a.doc
[2010/03/14 07:50:30 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/03/14 06:05:56 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\0x7342611a Error.doc
[2010/03/10 20:09:14 | 000,343,899 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MarchPrayers.pdf
[2010/03/08 06:02:36 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Compress.res
[2010/03/04 14:10:08 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/17 09:30:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\uoadyk.sys
[2009/05/29 17:44:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/05/29 17:44:52 | 000,819,200 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/05/24 15:39:24 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\Administrator\mbam-info.txt
[2009/04/28 17:41:52 | 000,003,654 | ---- | C] () -- C:\Documents and Settings\Administrator\TmInstall.log
[2009/04/19 19:08:32 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/04/19 19:08:31 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/04/19 19:06:57 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/04/19 19:06:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/04/19 19:06:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/03/29 19:49:34 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2009/03/26 00:02:46 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/16 04:13:25 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser1.dat.LOG
[2009/03/15 01:52:15 | 000,000,266 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/03/14 02:00:00 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/03/14 01:59:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/01/17 20:14:47 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Administrator\logfile0.txt
[2008/09/28 02:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/09/14 00:36:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/19 19:29:59 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sbewin32.INI
[2007/09/08 04:21:47 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2007/09/08 03:44:30 | 000,269,824 | ---- | C] () -- C:\WINDOWS\System32\baksm.dll
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/06 20:57:20 | 000,002,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HPCOM_48BitScanUpdate.log
[2007/04/17 20:30:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\PUTTY.RND
[2007/03/25 15:52:46 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\Administrator\reg.watchlist
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/03 08:59:04 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/10 03:40:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/30 20:23:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/30 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/09/07 19:22:23 | 000,001,031 | ---- | C] () -- C:\Documents and Settings\Administrator\.plugin141_02.trace
[2006/09/03 18:12:09 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/09/01 16:28:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/09/01 15:18:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/08/24 19:08:13 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/20 23:48:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/20 03:49:21 | 000,011,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/20 03:49:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/19 03:46:42 | 000,416,432 | ---- | C] () -- C:\Documents and Settings\Administrator\ProductContext2500.log
[2006/08/19 01:43:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/19 00:04:09 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/18 23:24:48 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/08/17 23:53:42 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/08/17 23:53:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/03/15 07:00:00 | 002,458,112 | ---- | C] () -- C:\WINDOWS\System32\wmvcore.dll
[2005/02/23 02:07:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rnlsp(2)(2)(2).dll
[2004/08/09 23:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/26 21:22:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/16 00:22:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/16 00:14:14 | 000,025,449 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/16 00:13:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/16 00:13:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/15 23:55:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2003/08/15 23:33:36 | 000,102,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/15 23:24:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/15 23:21:32 | 000,098,384 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2003/08/15 22:39:52 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/15 22:39:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/15 22:39:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/15 20:36:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/15 20:35:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2003/08/15 20:35:42 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2003/08/15 20:17:54 | 000,000,573 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >


OTL Extras Scan Log

OTL Extras logfile created on: 4/5/2010 11:28:07 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.83 Gb Total Space | 105.90 Gb Free Space | 73.63% Space Free | Partition Type: NTFS
Drive D: | 5.19 Gb Total Space | 1.17 Gb Free Space | 22.60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-9K1AY6X2A2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1413038736-614172877-2008263415-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}" = Roxio Backup MyPC
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782A8AEE-0722-4E08-BB72-34C218CF166B}" = Uniblue PowerSuite 2009
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a454c267-70b9-3bfc-af15-628bcc82d578}" = Webshots Desktop
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDDA03FF-47BE-4aa9-B4FA-06EA477A6B38}" = Think Right Now 1.7
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCFA617-1856-4BE2-BA3C-BADD374757E7}" = 2500
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"All ATI Software" = ATI - Software Uninstall Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities 2.21.0.863
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapQuest Toolbar" = MapQuest Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"Reimage PC Booster" = Reimage PC Booster
"SBEWIN32.EXE" =
"SGTRAY.EXE" =
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Startup Cop Pro_is1" = Startup Cop Pro 3.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue PowerSuite 2009" = Uniblue PowerSuite 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1413038736-614172877-2008263415-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"ixquickDB.ixquickDBDeskbar" = Ixquick Deskbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 8:33:48 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = MsiInstaller | ID = 11309
Description = Product: Windows Installer Clean Up -- Error 1309. Error reading from
file: C:\Program Files\MSECACHE\WICU3\Unicode\MsiZap.exe. System error 3. Verify
that the file exists and that you can access it.

Error - 4/5/2010 8:33:49 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = MsiInstaller | ID = 11308
Description = Product: Windows Installer Clean Up -- Error 1308. Source file not
found: C:\Program Files\MSECACHE\WICU3\readme.txt. Verify that the file exists
and that you can access it.

Error - 4/5/2010 8:33:54 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = MsiInstaller | ID = 11308
Description = Product: Windows Installer Clean Up -- Error 1308. Source file not
found: C:\Program Files\MSECACHE\WICU3\msicuu.exe. Verify that the file exists
and that you can access it.

Error - 4/5/2010 8:33:54 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = MsiInstaller | ID = 11309
Description = Product: Windows Installer Clean Up -- Error 1309. Error reading from
file: C:\Program Files\MSECACHE\WICU3\Unicode\MsiZap.exe. System error 3. Verify
that the file exists and that you can access it.

Error - 4/5/2010 8:33:55 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = MsiInstaller | ID = 11308
Description = Product: Windows Installer Clean Up -- Error 1308. Source file not
found: C:\Program Files\MSECACHE\WICU3\readme.txt. Verify that the file exists
and that you can access it.

Error - 4/5/2010 9:26:37 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/5/2010 9:43:03 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = Application Error | ID = 1000
Description = Faulting application runonce.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x7342611a.

Error - 4/5/2010 10:02:02 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/5/2010 11:11:43 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

Error - 4/6/2010 12:18:49 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.0.0.0, P3 4ae9ae20,
P4 mscorlib, P5 2.0.0.0, P6 4a7cd8f7, P7 1b2a, P8 c, P9 system.io.filenotfoundexception,
P10 NIL.

[ System Events ]
Error - 4/5/2010 11:10:11 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/5/2010 11:10:11 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/5/2010 11:11:39 PM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.

Error - 4/6/2010 12:17:12 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AG Core Services service
to connect.

Error - 4/6/2010 12:17:12 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7000
Description = The AG Core Services service failed to start due to the following
error: %%1053

Error - 4/6/2010 12:17:12 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7003
Description = The Alerter service depends on the following nonexistent service:
LanmanWorkstation

Error - 4/6/2010 12:17:12 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7003
Description = The Computer Browser service depends on the following nonexistent
service: LanmanServer

Error - 4/6/2010 12:17:20 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/6/2010 12:17:20 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/6/2010 12:18:47 AM | Computer Name = YOUR-9K1AY6X2A2 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.


< End of report >


4.) Outlook 2003 will start and stay open after a few attempts now. On Easter Sunday, Outlook 2003 would open, update, and then close. Now, it will stay open after a few times of trying to open it.
No changes on anything else on my PC including no changes on the Adobe Reader 2.0 issue I previously described.

Edited by Braind, 05 April 2010 - 10:58 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP