Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible CW infection? [Solved]

Started by crdenny , Apr 23 2010 03:49 AM

  • This topic is locked This topic is locked

#16
mpascal
Posted 29 April 2010 - 07:31 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Open up OTL and push the Quickscan button. Post the resulting log here.
  • 0

Advertisements

#17
crdenny
Posted 29 April 2010 - 10:28 PM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Here's the OTL Quick Scan log. If I'm reading it right, looks like an awful lot of registry errors, "file(s) not found" and "value(s) not found".

Thanks again...

_______________________________________________________________________________

OTL logfile created on: 4/30/2010 12:15:14 AM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = D:\OTL Download & Log 4-25-10
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 545.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.61 Gb Free Space | 37.41% Space Free | Partition Type: NTFS
Drive D: | 66.41 Gb Total Space | 8.28 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRDLAPTOP
Current User Name: Christopher Denny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/25 06:41:02 | 000,562,688 | ---- | M] (OldTimer Tools) -- D:\OTL Download & Log 4-25-10\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/20 12:22:30 | 001,070,240 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\THGuard.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/22 16:07:19 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2006/02/15 00:31:26 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2003/03/25 20:39:02 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
PRC - [2003/03/20 00:02:38 | 000,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PRC - [2003/03/17 12:00:00 | 000,081,920 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2003/03/14 13:00:00 | 000,266,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe
PRC - [2003/02/10 16:11:12 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/03/14 19:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (SafeList) ==========

MOD - [2010/04/25 06:41:02 | 000,562,688 | ---- | M] (OldTimer Tools) -- D:\OTL Download & Log 4-25-10\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0208481272413488mcinstcleanup) McAfee Application Installer Cleanup (0208481272413488)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/11 17:25:20 | 000,025,640 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/01/25 13:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2006/10/05 17:22:36 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/02/15 00:31:26 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/02/14 23:11:36 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2003/03/25 20:39:02 | 000,262,144 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/03/20 00:02:38 | 000,675,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/03/20 00:02:38 | 000,675,840 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/03/18 20:03:24 | 000,536,648 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/02/10 16:11:12 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/02/10 16:11:12 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 14:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/07 06:02:33 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/09/30 17:00:57 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 11:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 11:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/22 21:12:13 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/01/25 23:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/13 14:53:20 | 000,213,888 | R--- | M] (Mediafour Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2006/09/05 03:16:04 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/08/16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/05/08 21:07:10 | 000,079,361 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1008.sys -- (RDID1008)
DRV - [2006/04/30 10:57:06 | 000,016,640 | R--- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2006/02/15 01:34:34 | 000,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/02/15 01:34:16 | 000,015,488 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/02/15 00:29:26 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\windows\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/02/14 23:17:54 | 000,107,008 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/04/19 18:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2004/03/10 17:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/09/02 22:47:00 | 000,596,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/10 19:35:58 | 000,093,700 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/04/11 07:40:40 | 000,056,234 | R--- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdwm1027.sys -- (RDID1027)
DRV - [2003/03/18 18:50:00 | 000,022,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/03/18 18:48:00 | 000,161,024 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/03/18 18:46:00 | 000,622,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/18 18:45:00 | 001,107,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/19 04:12:04 | 000,036,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/10/04 14:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/29 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/08/28 19:00:48 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2002/05/22 13:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2002/03/19 11:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/12/03 13:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/12/03 13:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/03/17 15:11:16 | 000,007,812 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\visorusb.dll -- (VisorUsb)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local.,;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "UserLogos"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.no_proxies_on: "local.,"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/20 21:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010/04/27 21:53:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010/04/27 21:53:47 | 000,000,000 | ---D | M]

[2008/04/20 22:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Extensions
[2010/04/28 22:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions
[2008/07/25 04:23:11 | 000,000,000 | ---D | M] (Screen grab!) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}(2)
[2010/04/27 19:08:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 03:47:13 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/11/19 05:56:23 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}(2)
[2008/07/25 04:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/13 20:37:04 | 000,000,000 | ---D | M] (deskCut) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
[2008/07/25 04:23:11 | 000,000,000 | ---D | M] (Hyperwords™) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}(2)
[2010/04/16 04:03:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/09 03:59:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/16 04:03:33 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/30 18:20:02 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/03/30 18:20:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/09/10 23:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected](2).us
[2009/07/25 16:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2010/03/30 18:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2008/09/10 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2009/10/08 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\extensions\[email protected]
[2010/04/28 22:14:51 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\btjunkie.xml
[2008/02/05 00:20:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\siteadvisor.xml
[2009/02/24 03:30:00 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\surf-canyon.xml
[2009/01/06 03:36:43 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\Mozilla\Firefox\Profiles\cso5lodw.default\searchplugins\userlogos.xml
[2008/02/02 19:39:52 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2010/04/28 01:15:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100427020859.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Pop-Up Blocker) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\windows\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Christopher Denny\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm ()
O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187330032593 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://us-download.m...ted/mvt/mvt.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} http://messenger.zon...nt.cab55762.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8048.1475231481 (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driverage...driveragent.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 207.69.188.185 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\windows\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/09 00:15:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\Christopher Denny\Desktop\RE_ Missing emails...
File not found -- C:\Documents and Settings\Christopher Denny\Desktop\Just on the crazy, random chance you'll get this...
[2010/04/29 00:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/29 00:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\SUPERAntiSpyware.com
[2010/04/29 00:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/28 04:39:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/27 20:58:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/27 20:57:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/04/27 20:57:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/04/27 20:57:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/04/27 20:57:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/04/27 20:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/27 04:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2010/04/27 04:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2010/04/24 23:36:27 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/04/24 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/16 03:27:28 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\Tax Forms - filed 2010
[2010/04/15 15:08:51 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeclnk.sys
[2010/04/15 15:08:31 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfefirek.sys
[2010/04/15 15:08:31 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeapfk.sys
[2010/04/15 15:08:31 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfendisk.sys
[2010/04/15 15:08:31 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdet.sys
[2010/04/15 15:08:31 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfetdi2k.sys
[2010/04/15 15:08:31 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\cfwids.sys
[2010/04/08 00:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\Sibelius Software
[2010/04/05 22:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\Amazon
[2010/04/05 22:09:28 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\My Kindle Content
[2010/04/05 22:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\Amazon
[2010/03/31 04:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/23 12:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Desktop\CE
[2010/03/04 09:38:04 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\Ask and Record Toolbar
[2010/03/01 10:28:01 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(5).sys
[2010/03/01 10:27:29 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(4).sys
[2010/03/01 10:27:01 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(3).sys
[2010/03/01 10:26:38 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(2).sys
[2010/03/01 10:25:41 | 000,025,704 | ---- | C] (Wondershare) -- C:\windows\System32\drivers\WsAudio_DeviceS(1).sys
[2010/03/01 10:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2010/02/22 22:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/20 18:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/20 18:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/09 17:08:13 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2010/02/08 04:51:12 | 000,000,000 | ---D | C] -- D:\Christopher Denny's Documents\Moyea
[2010/02/08 04:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Application Data\Moyea
[2010/02/08 04:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/02/08 00:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\mdnslib
[2010/02/08 00:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\FLVService
[2010/02/07 01:20:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/02/07 01:20:30 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/02/07 01:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/02 13:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Denny\Desktop\Lee B.'s work

========== Files - Modified Within 90 Days ==========

File not found -- C:\Documents and Settings\Christopher Denny\Desktop\RE_ Missing emails...
File not found -- C:\Documents and Settings\Christopher Denny\Desktop\Just on the crazy, random chance you'll get this...
[2010/04/30 00:09:15 | 000,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2010/04/30 00:08:34 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/04/30 00:08:34 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/29 23:41:41 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/29 23:41:37 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/29 23:41:35 | 1005,637,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/29 05:47:41 | 021,757,952 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\ntuser.dat
[2010/04/29 05:47:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Christopher Denny\ntuser.ini
[2010/04/29 05:27:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/28 23:42:16 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/28 20:07:51 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 01:16:23 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/04/28 01:15:50 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/04/27 20:59:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/27 20:55:49 | 003,920,093 | R--- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Combo-Fix.exe
[2010/04/27 18:25:21 | 000,000,067 | ---- | M] () -- C:\windows\DVDRegionFree.INI
[2010/04/27 04:38:49 | 000,000,032 | ---- | M] () -- C:\windows\System32\thxcfg.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\windows\PEV.exe
[2010/04/24 23:36:05 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/23 02:54:51 | 000,093,640 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/21 23:50:26 | 010,336,953 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Not_Afraid_Benj_Pasek_sings_song_by_Michael_Arden.mp4
[2010/04/21 23:49:53 | 009,777,471 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Anytime_U_of_Michigan_MTs__Jake_Wilson_and_Benj_Pasek.mp4
[2010/04/20 21:17:42 | 000,324,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/04/19 04:50:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\~$B 2010 Script - CRD - with likely music cues.doc
[2010/04/17 21:23:07 | 000,063,398 | ---- | M] () -- D:\Christopher Denny's Documents\Happy To Keep His Dinner Warm.pdf
[2010/04/17 21:21:22 | 000,101,706 | ---- | M] () -- D:\Christopher Denny's Documents\The Prayer.pdf
[2010/04/17 17:35:55 | 000,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2010/04/17 02:19:39 | 000,001,068 | ---- | M] () -- C:\windows\win.ini
[2010/04/17 02:19:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/16 16:31:21 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 20:53:21 | 000,029,550 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\LGA-ORD Flight Itinerary - AA.com 4-24-10.eml
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfetdi2k.sys
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\cfwids.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeclnk.sys
[2010/04/14 00:44:10 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/04/12 04:21:12 | 000,068,196 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/04/08 15:21:53 | 000,002,987 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Peter Fox sent you a message on FacebooK.eml
[2010/04/05 22:09:16 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kindle For PC.lnk
[2010/04/05 19:17:11 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\BRENT - Re Schedule.eml
[2010/04/05 05:11:40 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/03/23 03:48:31 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\are you available_.eml
[2010/03/14 12:56:48 | 000,495,716 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/03/14 12:56:48 | 000,091,564 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/03/14 12:56:47 | 000,598,116 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/03/02 18:16:23 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\setup_ldm.iss
[2010/03/02 08:49:04 | 000,000,306 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/03/02 01:18:29 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/03/01 10:20:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Christopher Denny\Application Data\pcouffin.sys
[2010/03/01 10:20:06 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\pcouffin.cat
[2010/03/01 10:20:06 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Application Data\pcouffin.inf
[2010/02/26 19:39:34 | 000,114,762 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Tammy Grimes - Wikipedia.pdf
[2010/02/24 17:59:30 | 000,150,779 | ---- | M] () -- C:\Documents and Settings\Christopher Denny\Desktop\Chocolate rugelach, with gluten-free variation - Salon.com 2-24-10.pdf
[2010/02/20 01:28:27 | 000,013,504 | ---- | M] () -- D:\Christopher Denny's Documents\How To Make Gluten-Free Flour Tortillas.htm
[2010/02/18 02:33:14 | 000,018,511 | ---- | M] () -- D:\Christopher Denny's Documents\finale-b-lyrics-rent.html
[2010/02/14 02:22:42 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/08 00:43:41 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\windows\System32\AUDIOGENIE2.DLL

========== Files Created - No Company Name ==========

[2010/04/28 20:38:08 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/27 20:59:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/27 20:58:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/27 20:57:28 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/04/27 20:57:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/04/27 20:57:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/04/27 20:57:28 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/04/27 20:57:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/04/27 20:55:49 | 003,920,093 | R--- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Combo-Fix.exe
[2010/04/25 06:30:58 | 1005,637,632 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 23:36:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/22 01:45:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\TAMMY GRIMES.doc
[2010/04/22 00:17:33 | 009,777,471 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Anytime_U_of_Michigan_MTs__Jake_Wilson_and_Benj_Pasek.mp4
[2010/04/22 00:17:23 | 010,336,953 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Not_Afraid_Benj_Pasek_sings_song_by_Michael_Arden.mp4
[2010/04/21 18:32:00 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\SONG LISTS - Adam & Jess.doc
[2010/04/19 04:50:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\~$B 2010 Script - CRD - with likely music cues.doc
[2010/04/17 21:22:42 | 000,063,398 | ---- | C] () -- D:\Christopher Denny's Documents\Happy To Keep His Dinner Warm.pdf
[2010/04/17 21:21:14 | 000,101,706 | ---- | C] () -- D:\Christopher Denny's Documents\The Prayer.pdf
[2010/04/16 16:31:21 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 20:53:20 | 000,029,550 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\LGA-ORD Flight Itinerary - AA.com 4-24-10.eml
[2010/04/08 15:21:53 | 000,002,987 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Peter Fox sent you a message on FacebooK.eml
[2010/04/05 22:09:16 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kindle For PC.lnk
[2010/04/05 19:17:11 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\BRENT - Re Schedule.eml
[2010/03/23 03:48:31 | 000,002,105 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\are you available_.eml
[2010/03/02 18:16:23 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Application Data\setup_ldm.iss
[2010/02/26 19:39:28 | 000,114,762 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Tammy Grimes - Wikipedia.pdf
[2010/02/24 17:59:29 | 000,150,779 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\Desktop\Chocolate rugelach, with gluten-free variation - Salon.com 2-24-10.pdf
[2010/02/20 01:28:25 | 000,013,504 | ---- | C] () -- D:\Christopher Denny's Documents\How To Make Gluten-Free Flour Tortillas.htm
[2010/02/18 02:33:13 | 000,018,511 | ---- | C] () -- D:\Christopher Denny's Documents\finale-b-lyrics-rent.html
[2010/02/14 02:22:42 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk
[2010/02/03 22:02:38 | 021,757,952 | ---- | C] () -- C:\Documents and Settings\Christopher Denny\ntuser.dat
[2010/02/03 07:34:00 | 000,068,196 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2009/05/20 02:35:36 | 000,010,886 | ---- | C] () -- C:\windows\System32\RdCi1008.dll
[2008/12/31 17:04:42 | 000,693,792 | ---- | C] () -- C:\windows\System32\OGACheckControl.DLL
[2008/12/22 06:43:41 | 000,000,171 | ---- | C] () -- C:\windows\wininit.ini
[2008/12/19 08:17:54 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2008/11/03 06:07:32 | 000,000,067 | ---- | C] () -- C:\windows\DVDRegionFree.INI
[2008/10/28 18:20:09 | 000,000,032 | ---- | C] () -- C:\windows\System32\thxcfg.ini
[2008/09/30 15:54:12 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2008/08/05 02:07:20 | 000,065,216 | ---- | C] () -- C:\windows\System32\PDFreDirectMonNT.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2008/04/02 07:27:03 | 000,000,001 | ---- | C] () -- C:\windows\pvc11.dll
[2008/03/21 05:04:01 | 000,000,014 | ---- | C] () -- C:\windows\System32\SysEngine2.SYS
[2008/03/03 20:07:58 | 000,021,504 | ---- | C] () -- C:\windows\System32\WBCustomizer.dll
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\windows\System32\OnlineScannerLang.dll
[2007/10/13 03:11:42 | 000,394,240 | ---- | C] () -- C:\windows\System32\Smab.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2007/08/20 20:26:52 | 000,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2007/08/15 18:33:14 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007/08/15 18:30:26 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\windows\System32\lnod32apiA.dll
[2007/04/20 00:43:33 | 001,936,528 | ---- | C] () -- C:\windows\System32\ltmm15.dll
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\windows\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2007/03/06 05:14:48 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2007/01/31 05:37:46 | 000,066,482 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2007/01/25 23:45:02 | 000,006,784 | ---- | C] () -- C:\windows\System32\drivers\whfltr2k.sys
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2007/01/05 06:17:56 | 000,086,016 | ---- | C] () -- C:\windows\System32\ati2evxx.dll
[2006/12/24 03:47:38 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2006/12/24 03:47:37 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2006/12/22 00:47:35 | 000,000,029 | ---- | C] () -- C:\windows\atid.ini
[2006/11/04 22:11:08 | 000,684,032 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2006/11/04 22:11:08 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2006/10/08 13:26:13 | 000,049,152 | ---- | C] () -- C:\windows\System32\OctaneARM.dll
[2006/09/08 22:18:06 | 000,000,037 | ---- | C] () -- C:\windows\cdplayer.ini
[2006/07/20 19:07:44 | 000,000,048 | ---- | C] () -- C:\windows\System32\msvcsv60.dll
[2006/07/20 03:45:12 | 000,000,003 | ---- | C] () -- C:\windows\System32\ceme11.dll
[2006/07/20 01:19:40 | 000,217,088 | ---- | C] () -- C:\windows\System32\qtmlClient.dll
[2006/06/02 18:15:44 | 000,294,912 | ---- | C] () -- C:\windows\System32\LDecVorbis.dll
[2006/03/20 07:44:24 | 000,684,032 | ---- | C] () -- C:\windows\libeay32.dll
[2006/03/20 07:44:24 | 000,155,648 | ---- | C] () -- C:\windows\ssleay32.dll
[2006/02/24 04:41:59 | 000,438,272 | ---- | C] () -- C:\windows\System32\OpenQuicktimeLib.dll
[2006/02/24 04:41:59 | 000,061,440 | ---- | C] () -- C:\windows\System32\libfaac.dll
[2006/02/23 12:36:20 | 001,798,144 | ---- | C] () -- C:\windows\System32\ltmm_n.dll
[2006/02/23 12:36:20 | 000,262,144 | ---- | C] () -- C:\windows\System32\LMOggSpl.dll
[2006/02/23 12:36:20 | 000,237,568 | ---- | C] () -- C:\windows\System32\LMOggMux.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\windows\System32\lnod32upd.dll
[2004/11/24 05:50:48 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2004/03/18 09:44:29 | 001,663,068 | ---- | C] () -- C:\windows\System32\libmmd.dll
[2004/03/06 23:58:27 | 000,007,812 | ---- | C] () -- C:\windows\System32\visorusb.dll
[2004/03/04 02:00:51 | 000,000,210 | ---- | C] () -- C:\windows\System32\sr2spec.ini
[2004/03/04 01:24:01 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2003/12/19 22:36:10 | 000,000,031 | ---- | C] () -- C:\windows\AuthMgr.INI
[2003/04/09 20:21:42 | 000,000,052 | ---- | C] () -- C:\windows\intuprof.ini
[2003/04/09 20:21:18 | 000,000,626 | ---- | C] () -- C:\windows\QUICKEN.INI
[2003/04/09 20:13:19 | 000,041,068 | ---- | C] () -- C:\windows\System32\ActPanel.dll
[2003/04/09 20:02:09 | 000,019,968 | ---- | C] () -- C:\windows\System32\Cpuinf32.dll
[2003/04/09 19:59:43 | 000,262,416 | ---- | C] () -- C:\windows\System32\ASFV2.DLL
[2003/04/09 19:50:34 | 000,524,288 | ---- | C] () -- C:\windows\System32\TDI-SonyOMG.dll
[2003/04/09 14:40:11 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2003/04/09 00:33:31 | 000,000,805 | ---- | C] () -- C:\windows\orun32.ini
[2003/04/08 23:59:00 | 000,000,682 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\windows\System32\streamhlp.dll
[2002/12/05 18:51:00 | 000,059,392 | R--- | C] () -- C:\windows\streamhlp.dll
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\windows\System32\winchip.dll
[1997/08/19 01:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1997/08/19 01:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

========== LOP Check ==========

[2006/08/08 01:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/08/02 18:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/07/27 07:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/01/01 22:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2009/11/10 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/04 08:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/12/05 05:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/01/25 23:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.4 Output
[2010/04/18 22:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/10/06 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/01/12 06:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2005/02/18 23:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/09/24 18:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyMay
[2006/07/20 01:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/02/14 02:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/11/01 13:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/09/25 03:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solero
[2009/11/07 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 04:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2006/07/18 06:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/04 04:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/10/11 01:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/02/11 19:01:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2008/09/26 08:15:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1DC85608-1717-479C-A3DD-EB460E4D4F9C}
[2009/04/30 01:04:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{203DB912-4B39-4636-930F-102CFD1E9177}
[2010/03/31 04:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/06 04:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/01 05:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/29 19:28:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2005/04/03 03:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\3M
[2006/07/20 02:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Ableton
[2006/12/22 01:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\acccore
[2004/11/19 02:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Aim
[2010/04/05 22:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Amazon
[2009/12/06 05:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\AnvSoft
[2010/03/05 17:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Any Audio Converter
[2009/11/07 21:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Any DVD Converter Professional
[2009/12/04 17:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Any Video Converter
[2010/01/05 02:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Audacity
[2009/11/24 17:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\BitTorrent
[2007/07/25 22:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\BitZipper
[2008/12/06 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Blackberry Desktop
[2010/02/02 05:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Celemony Software GmbH
[2009/05/17 20:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2009/12/08 20:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2008/12/05 06:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\dba2csv
[2010/01/03 02:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Digidesign
[2009/04/17 01:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\DNA
[2007/10/11 05:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\DVDFab
[2003/12/19 22:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Earthlink
[2007/11/29 04:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Facebook
[2008/03/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\FileZilla
[2008/12/06 14:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\GetRightToGo
[2009/10/19 00:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\HandBrake
[2008/12/05 05:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\HotSync
[2008/05/08 03:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\HouseCall 6.6
[2008/12/06 14:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\ICAClient
[2003/04/09 20:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\InterTrust
[2007/10/15 00:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\InterVideo
[2009/01/15 03:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\IObit
[2009/01/25 23:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\j2 Global
[2007/10/12 18:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\j2 Messenger
[2008/09/16 05:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Leadertech
[2010/02/08 04:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Moyea
[2008/12/06 15:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\OfficeUpdate12
[2009/11/03 18:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\OpenOffice.org
[2009/09/20 03:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Opera
[2009/10/06 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\PACE Anti-Piracy
[2008/12/05 22:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\PDF reDirect
[2008/01/12 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\PGP Corporation
[2006/07/25 21:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Propellerhead Software
[2008/12/06 00:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Research In Motion
[2007/10/16 03:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\RTPlayer
[2008/12/06 14:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Runaware
[2005/09/24 01:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Seven Zip
[2008/12/25 18:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Smilebox
[2007/07/18 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\stickies
[2008/09/11 00:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\System Tweaker
[2008/05/01 00:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Trillium Lane
[2008/10/28 20:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\TrojanHunter
[2009/10/10 02:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\TrueCrypt
[2008/09/16 02:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\tunebite
[2006/03/23 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\TuneUp Software
[2008/09/26 08:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Uniblue
[2008/05/19 05:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\VersionTracker Pro
[2009/10/04 04:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Viewpoint
[2010/03/01 10:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Vso
[2008/12/07 08:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Windows Desktop Search
[2009/01/04 16:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Windows Search
[2007/10/25 03:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Denny\Application Data\Winff
[2003/12/19 21:50:34 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 1.job
[2003/12/19 21:50:34 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 2.job
[2003/12/19 21:50:35 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 993 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:UUm5uGMBxnSKCJQk8Niggsg7
@Alternate Data Stream - 983 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dkyn1rAQ0bnY9e5KvKlGKcG0jNwF1l
@Alternate Data Stream - 905 bytes -> C:\Program Files\Common Files\System:7ZMFV2aXluSo9xqp0PS
@Alternate Data Stream - 836 bytes -> C:\Program Files\Common Files\Microsoft Shared:O0sXooFDVJNhEVJehPM
@Alternate Data Stream - 1234 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:HZDh2Koil8IpcMkmiIe2
@Alternate Data Stream - 1214 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\jDdpyYR4bMbZpZ:5VEQhZSKWduOAm8vTafNYz
@Alternate Data Stream - 1210 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:YqtAUblCldNOr2bBQppf9b
@Alternate Data Stream - 1206 bytes -> C:\Program Files\Common Files\System:BXOAPYMNZZGQDJyimKx0lqGq0h
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\g65adEalDxs:0SqVk49VOhWto8VMcIOPTz9Lzv0v3S
@Alternate Data Stream - 1129 bytes -> C:\Program Files\WindowsUpdate:3kDBQh3FNji3Fbo0zLa3B
@Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\Christopher Denny\Cookies:9gZNdGmY1WRXPWovinHoEtC
@Alternate Data Stream - 1091 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MEPxk8sVwsMsoBiz6TM
@Alternate Data Stream - 1088 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:v1ITL6jTmomElfxotulieJQZQQfBSB
@Alternate Data Stream - 1081 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:71lsx55yu3PDOSarKTBTTL1OSZr
@Alternate Data Stream - 1068 bytes -> C:\Program Files\Common Files\Microsoft Shared:unW7ueg8eJC3RzWC3G
@Alternate Data Stream - 1050 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:aiElqAEa9BvaUqcGF
@Alternate Data Stream - 1049 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gfYScjzzjwbCIabQiu0kGW
@Alternate Data Stream - 1038 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\tLfNsa6o:LntiAnb1ULOBSlHHn2xqTPZ
@Alternate Data Stream - 1034 bytes -> C:\Program Files\Common Files\Microsoft Shared:dAXLEgi118QsIWZrF
@Alternate Data Stream - 1030 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5AlNF84LydZnlYP6dUk3cJ
@Alternate Data Stream - 1017 bytes -> C:\Program Files\WindowsUpdate:3do6GzrXUiTpa8tW2lJBMdm
@Alternate Data Stream - 1017 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VaVNWtm6prMZcmdYU2NBJC
@Alternate Data Stream - 1005 bytes -> C:\Program Files\Common Files\System:pxcayi7CNEiBvlYadpgSnHgqZOD
< End of report >
  • 0

#18
mpascal
Posted 30 April 2010 - 07:26 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi,

Can you uninstall McAfee and Panda Activescan for the time being. We'll see if that improves performance at all.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
[2010/02/03 07:34:00 | 000,068,196 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2009/05/20 02:35:36 | 000,010,886 | ---- | C] () -- C:\windows\System32\RdCi1008.dll
[2008/10/28 18:20:09 | 000,000,032 | ---- | C] () -- C:\windows\System32\thxcfg.ini
[2008/03/21 05:04:01 | 000,000,014 | ---- | C] () -- C:\windows\System32\SysEngine2.SYS
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\windows\System32\lnod32apiA.dll
[2006/07/20 03:45:12 | 000,000,003 | ---- | C] () -- C:\windows\System32\ceme11.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\windows\System32\lnod32upd.dll
@Alternate Data Stream - 993 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:UUm5uGMBxnSKCJQk8Niggsg7
@Alternate Data Stream - 983 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dkyn1rAQ0bnY9e5KvKlGKcG0jNwF1l
@Alternate Data Stream - 905 bytes -> C:\Program Files\Common Files\System:7ZMFV2aXluSo9xqp0PS
@Alternate Data Stream - 836 bytes -> C:\Program Files\Common Files\Microsoft Shared:O0sXooFDVJNhEVJehPM
@Alternate Data Stream - 1234 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:HZDh2Koil8IpcMkmiIe2
@Alternate Data Stream - 1214 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\jDdpyYR4bMbZpZ:5VEQhZSKWduOAm8vTafNYz
@Alternate Data Stream - 1210 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:YqtAUblCldNOr2bBQppf9b
@Alternate Data Stream - 1206 bytes -> C:\Program Files\Common Files\System:BXOAPYMNZZGQDJyimKx0lqGq0h
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\g65adEalDxs:0SqVk49VOhWto8VMcIOPTz9Lzv0v3S
@Alternate Data Stream - 1129 bytes -> C:\Program Files\WindowsUpdate:3kDBQh3FNji3Fbo0zLa3B
@Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\Christopher Denny\Cookies:9gZNdGmY1WRXPWovinHoEtC
@Alternate Data Stream - 1091 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MEPxk8sVwsMsoBiz6TM
@Alternate Data Stream - 1088 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:v1ITL6jTmomElfxotulieJQZQQfBSB
@Alternate Data Stream - 1081 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:71lsx55yu3PDOSarKTBTTL1OSZr
@Alternate Data Stream - 1068 bytes -> C:\Program Files\Common Files\Microsoft Shared:unW7ueg8eJC3RzWC3G
@Alternate Data Stream - 1050 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:aiElqAEa9BvaUqcGF
@Alternate Data Stream - 1049 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gfYScjzzjwbCIabQiu0kGW
@Alternate Data Stream - 1038 bytes -> C:\Documents and Settings\Christopher Denny\Local Settings\Application Data\tLfNsa6o:LntiAnb1ULOBSlHHn2xqTPZ
@Alternate Data Stream - 1034 bytes -> C:\Program Files\Common Files\Microsoft Shared:dAXLEgi118QsIWZrF
@Alternate Data Stream - 1030 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5AlNF84LydZnlYP6dUk3cJ
@Alternate Data Stream - 1017 bytes -> C:\Program Files\WindowsUpdate:3do6GzrXUiTpa8tW2lJBMdm
@Alternate Data Stream - 1017 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VaVNWtm6prMZcmdYU2NBJC
@Alternate Data Stream - 1005 bytes -> C:\Program Files\Common Files\System:pxcayi7CNEiBvlYadpgSnHgqZOD

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • 0

#19
crdenny
Posted 30 April 2010 - 11:51 AM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Hi,

Quick question before I do the recommended uninstall:

You said to "uninstall McAfee". Do you mean that I should uninstall the entire McAfee Security Suite, including firewall, or just the antivirus component? If all of it, I assume I would activate XP's Windows Firewall (which I've never yet used!) while evaluating that change.

Thanks...
  • 0

#20
crdenny
Posted 30 April 2010 - 12:04 PM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
On second thought, looking at my McAfee account, it looks like the whole installation is called "McAfee AntiVirus Plus" so I guess it's only possible to remove the whole thing. Correct?
  • 0

#21
mpascal
Posted 30 April 2010 - 12:51 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Yes, just remove the whole thing for now. Do you have a subscription with McAfee?
  • 0

#22
crdenny
Posted 30 April 2010 - 01:08 PM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Yes, I do have a McAfee subscription - longstanding, and one which I've more and more been considering getting rid of. If Avast or other free AV's and firewalls are truly at least as effective, and probably have a much smaller footprint, I wonder if it isn't time to make that change permanently.

Just on general principles, I'll activate the XP firewall once I've uninstalled McAfee unless you tell me not to, and I'll report back when I have the new OTL log.
  • 0

#23
mpascal
Posted 30 April 2010 - 01:28 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Just leave XP firewall disabled for now.

If Avast or other free AV's and firewalls are truly at least as effective, and probably have a much smaller footprint, I wonder if it isn't time to make that change permanently.

It's your choice, but in my experience I'd say that McAfee isn't "better" than free programs such as avast! or Avira Anti-Vir by any means. I personally run avast! on my system and it seems to do a fine job of keeping my system protected.

Once you've uninstalled McAfee, I don't need another OTL log I'd just like to know if your system is running any better / faster.

Edited by mpascal, 30 April 2010 - 01:28 PM.

  • 0

#24
crdenny
Posted 30 April 2010 - 07:14 PM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
*Sigh*

I just wrote you a detailed reply and was about to post it when Firefox 3.6 crashed (as it keeps doing lately), so I lost all of it. I'll keep this one much shorter - which I'm sure you'll, in fact, appreciate!

The uninstalls went fine. I used various (McAfee-recommended) manual and automated means to insure that ALL McAfee files were gone. Also uninstalled Panda - plus Housecall, for good measure. The feel of the computer is now lighter and a bit quicker, which is nice, without the McAfee Goliath. But I figured that the acid test was to play iTunes video, since that's the most striking change I've noticed as my system performance has deteriorated; that test was a plain failure. The CPU still hit and remained at 100% as soon as I started the video, and the video stuttered and staggered from still frame to still frame. I went further and did a complete uninstall of all Apple files - Add/Remove, (guided) manual deletion and the Windows Installer Cleanup Utility - until everything finally disappeared; then I reinstalled iTunes and tested it again, with the same result. Replaced the current iTunes 9.1 with iTunes 8.2 (which I know used to work fine), and still got the same 100% CPU, so in the end I reinstalled iTunes 9.1 and left things there for now.

Is it still possible that my unrelenting CPU overload is caused my either an existing, very stubbornly hidden malware? Or by damage caused by some malware which you've already removed (I'm thinking of that infected system file), or...?
  • 0

#25
mpascal
Posted 30 April 2010 - 07:50 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
What's taking up all the CPU percent when you play a video? Is it mostly iTunes taking up all the CPU percent?
  • 0

Advertisements

#26
crdenny
Posted 30 April 2010 - 08:11 PM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Yes, it's always iTunes at 92% or 98% - never less than 80-something% (when other processes like wuauclt.exe, svchost.exe or "system" are taking up the remainder, 5-20%) while playing video. I'm so puzzled as to why this would happen when it never seemed to be a problem before. When I just play music back on iTunes, the CPU stays at 10-15%.
  • 0

#27
mpascal
Posted 30 April 2010 - 09:03 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
What about if you use other programs to play videos such as Windows Media Player?

Can you think of anything that may have triggered this sudden lack of performance? Was it sudden decline? From what I can see, you were never really "infected" with anything, you just had a few files that probably shouldn't have been there.
  • 0

#28
crdenny
Posted 01 May 2010 - 01:16 AM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I'm not sure I can be specific about the suddenness of the decline in performance. It began a few weeks or maybe a couple of months ago, and was surreptitious enough for me not to notice right away, but I began to find that many processes seemed to max out the CPU and the most obvious resource-drainers - namely streaming video, HD and iTunes video, etc. - had become largely unusable. Most FLV files, such as YouTube, have continued to run acceptably well, but HD video caused various degrees of hanging and freezing in every kind of player and iTunes video - which had always worked perfectly - was completely unwatchable.

I just tested various kinds of video: Streaming TV episodes of the new series "Who Do You Think You Are" on nbc.com were unwatchable (CPU 100%, mostly due to firefox.exe), TV on Hulu was almost but not quite as bad (CPU at or near 100%, again due to firefox.exe); the occasional clips which functioned better - still jerky and out of sync, but sometimes relatively coherent - showed the CPU hovering between 80-94%, not always at 100%. Watching HD WMV on WMP and GOM Player, it would start out okay for a moment, then hang and freeze with CPU at 100%. I tried to watch video on a reality show site in both firefox and google chrome - in firefox, it was fair (jerky and out of sync but almost watchable), with most of the CPU load due to firefox.exe; in chrome it was worse. On closing that webpage, chrome crashed badly, producing a BSOD and rebooting the computer. I'm not sure if I located the ultimate source of the error, but what I found was:

Faulting application chrome.exe, version 0.0.0.0, faulting module npswf32.dll, version 10.0.45.2, fault address 0x00232ab5.

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x0002f6bb, 0x00000000, 0x00000000). A dump was saved in: C:\windows\Minidump\Mini050110-01.dmp.

Product: Windows Operating System
ID: 1001
Source: Save Dump
Version: 5.2
Symbolic Name: EVENT_BUGCHECK_SAVED
Message: The computer has rebooted from a bugcheck. The bugcheck was: %1. A dump was saved in: %2.

Explanation
The computer has restarted from a bugcheck. The event log contains details about the cause of the bugcheck.

While running chrome, the CPU load was about 100%, mostly split between two (of six) different instances of chrome.exe in the process list.

I'm getting antsy about the registry - assuming that's the source of the errors and BSOD - and wonder if I shouldn't run Registry Booster 2009 (the one registry utility I have) or anything else you'd recommend to (hopefully) ward off any greater possible disasters.

I feel like I'm taking advantage of your kindness to continue to post on this thread if you feel this isn't a malware issue. But if there's any way to get further help, I'd obviously benefit greatly from it.

Thanks so much for all your continued interest, time and expertise.
  • 0

#29
mpascal
Posted 01 May 2010 - 09:16 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
How about when you play videos in safe mode?
  • 0

#30
crdenny
Posted 01 May 2010 - 10:28 PM

crdenny

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
AGAIN, I'm rewriting my reply to you after a Firefox crash - actually, six crashes in a row this time. That's a record, by far... I rebooted and it seems okay now, knock on wood.

Anyway, it never would have occurred to me that video could be watched in safe mode! I tried it with iTunes, GOM Player and WMP. iTunes complained bitterly, telling me that the video and audio settings weren't optimal and it wouldn't function properly, etc., etc. In all three cases, the CPU went instantly to 100% (more dramatically than it does in normal mode, which I'm guessing might be because DMA is disabled in safe mode?) and the video froze completely.

Last night, after a routine reboot I got another error message: "Your computer has recovered from a serious error" caused by a "device or driver". As a result, out of curiosity I ran a DriverScanner (Uniblue, 2009) scan, and what I found was that an irrelevant CARPFax driver was out-of-date (updated it), but so was the driver for the ALi M5229 PCI Bus Master IDE Controller. Now I recall that having come up before but I didn't update the driver because DriverScanner labeled it "risky" (rather than "safe" or "moderate") and said not to do it unless there were clear problems with the old driver. At the time, I didn't see the need; however, now I'm wondering if, between my CPU overload problems and the "device or driver" "serious" errors, I might not have exactly the kind of problem they were referring to. Do you think I'm right, and if so, how risky would it be to attempt that driver update?

And last, I ran the HJT scan which was the reason I posted here in the first place, just to see if anything had changed. Both the 04 ctfmon.exe entry (which looks normal to me since it's in the system32 folder, but what do I know?) and the 022 SharedTaskScheduler entries (which were my original concern when I posted) are still red-flagged in the automatic HJT analysis at hjt.networktechs.com. (Viewable at http://hjt.networkte...hp?log=810916.) Would you mind just signing off on these being erroneous alerts so that, if so, I can ignore them now and in the future?

I also ran an sfc scan to see if any XP system files would come up as missing or corrupted, but it was mercifully uneventful as far as I could tell.

Thanks again...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP