I have explicitly followed the steps to the "Malware and Spyware Cleaning Guide" and the proper logs will follow my narrative. Here is an overview of what my Lenovo 3000 J Series PC that runs Windows XP Home edition has been doing.
For about a month, after startup the computer would "crunch hard" for about 10-15 minutes and then run normally, as if something was searching through all the files. During this time the "services.exe" process would max out CPU usage.
About a week ago, I upgraded my free AVG software to their pay service and immediately I began having Google redirect problems on my toolbar search on my Firefox and IE web browsers. After a google toolbar search, there would be a pause, the proper page would appear, but then it would be redirected to some other type of search page. Sometimes Firefox would say "can not access ADSREDIRECT.GOOGLE.COM" page.
Also, if I switched my toolbar to Yahoo search, the search completed with no problems.
I then downloaded the "NO-Scripts" add-on, which stopped the redirects, but was painfully slow.
After researching the Wdmaud.sys virus. I attempted to remove this file and I was unsuccessful.
After following your "malware, spyware guide" the symptoms of the google redirect have stopped, but AVG continues to say I have a "Trojan Horse Cryptic F.J" that AVG is unable to quarantine or remove. I have posted that log at the end.
And also, during my attempt at removing the bug, I deleted the wrong Wdmaud.sys file and lost all sound. In an attempt to regain my sound device, I re-installed Windows Service Pack 3. My sound did not come back.
Thank you for any help you may give me.
MBAM LOG
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/18/2010 12:34:34 PM
mbam-log-2010-04-18 (12-34-34).txt
Scan type: Quick scan
Objects scanned: 124386
Time elapsed: 7 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 23:57:02
Windows 5.1.2600 Service Pack 3
Running: qiouocck3qsu.exe; Driver: C:\DOCUME~1\Ginger\LOCALS~1\Temp\ffldapoc.sys
---- System - GMER 1.0.15 ----
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7B0FAC2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7B25EEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7B260E0]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7B0FCB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF7B0FD5C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF7B0F9B2]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7E4E670]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7B46D72]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7B0FEF8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF57C80B0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7E4E7C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7E4E860]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 27C0 80501FF8 4 Bytes CALL A29517E1
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[992] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012D2862
.text C:\WINDOWS\Explorer.EXE[992] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012D26EE
.text C:\WINDOWS\Explorer.EXE[992] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012D27E0
.text C:\WINDOWS\Explorer.EXE[992] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012D2726
.text C:\WINDOWS\Explorer.EXE[992] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012D275E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[1308] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F62862
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[1308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F626EE
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[1308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F627E0
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[1308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F62726
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[1308] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F6275E
.text C:\Program Files\AVG\AVG9\avgemc.exe[1472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 032B2862
.text C:\Program Files\AVG\AVG9\avgemc.exe[1472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 032B26EE
.text C:\Program Files\AVG\AVG9\avgemc.exe[1472] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 032B27E0
.text C:\Program Files\AVG\AVG9\avgemc.exe[1472] WS2_32.dll!recv 71AB676F 5 Bytes JMP 032B2726
.text C:\Program Files\AVG\AVG9\avgemc.exe[1472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 032B275E
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01432862
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014326EE
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1756] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014327E0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1756] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01432726
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0143275E
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1808] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 006A2862
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1808] WS2_32.dll!send 71AB4C27 5 Bytes JMP 006A26EE
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1808] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 006A27E0
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1808] WS2_32.dll!recv 71AB676F 5 Bytes JMP 006A2726
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1808] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 006A275E
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01092862
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010926EE
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010927E0
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01092726
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0109275E
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2004] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02AB2862
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02AB26EE
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2004] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02AB27E0
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2004] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02AB2726
.text C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[2004] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02AB275E
.text C:\WINDOWS\system32\tcpsvcs.exe[2272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A22862
.text C:\WINDOWS\system32\tcpsvcs.exe[2272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A226EE
.text C:\WINDOWS\system32\tcpsvcs.exe[2272] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A227E0
.text C:\WINDOWS\system32\tcpsvcs.exe[2272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A22726
.text C:\WINDOWS\system32\tcpsvcs.exe[2272] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A2275E
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2432] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01092862
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2432] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010926EE
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2432] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010927E0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2432] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01092726
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2432] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0109275E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2440] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DF2862
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2440] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DF26EE
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2440] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DF27E0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2440] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DF2726
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2440] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DF275E
.text C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe[2504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E22862
.text C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe[2504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E226EE
.text C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe[2504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E227E0
.text C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe[2504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E22726
.text C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe[2504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E2275E
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3100] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F22862
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3100] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F226EE
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3100] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F227E0
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3100] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F22726
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3100] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F2275E
.text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe[3436] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01C92862
.text C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe[3436] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01C926EE
.text C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe[3436] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01C927E0
.text C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe[3436] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01C92726
.text C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe[3436] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01C9275E
.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3456] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015B2862
.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015B26EE
.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015B27E0
.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015B2726
.text C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe[3456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015B275E
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[3492] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[3492] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03622862
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[3492] WS2_32.dll!send 71AB4C27 5 Bytes JMP 036226EE
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[3492] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 036227E0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[3492] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03622726
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[3492] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0362275E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3500] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3500] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012B2862
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3500] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012B26EE
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3500] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012B27E0
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3500] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012B2726
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3500] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012B275E
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[3512] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\WINDOWS\System32\svchost.exe[3660] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3712] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3808] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Program Files\AVG\AVG9\avgam.exe[3968] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text ...
.text C:\Program Files\AVG\AVG9\avgnsx.exe[4004] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01742862
.text C:\Program Files\AVG\AVG9\avgnsx.exe[4004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017426EE
.text C:\Program Files\AVG\AVG9\avgnsx.exe[4004] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017427E0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[4004] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01742726
.text C:\Program Files\AVG\AVG9\avgnsx.exe[4004] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0174275E
.text C:\WINDOWS\system32\PSIService.exe[4060] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\WINDOWS\system32\PSIService.exe[4060] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C52862
.text C:\WINDOWS\system32\PSIService.exe[4060] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C526EE
.text C:\WINDOWS\system32\PSIService.exe[4060] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C527E0
.text C:\WINDOWS\system32\PSIService.exe[4060] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C52726
.text C:\WINDOWS\system32\PSIService.exe[4060] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C5275E
.text C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe[4092] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe[4092] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016A2862
.text C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe[4092] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016A26EE
.text C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe[4092] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 016A27E0
.text C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe[4092] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016A2726
.text C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe[4092] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016A275E
.text C:\WINDOWS\System32\alg.exe[4240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C92862
.text C:\WINDOWS\System32\alg.exe[4240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C926EE
.text C:\WINDOWS\System32\alg.exe[4240] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C927E0
.text C:\WINDOWS\System32\alg.exe[4240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C92726
.text C:\WINDOWS\System32\alg.exe[4240] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C9275E
.text C:\WINDOWS\System32\alg.exe[4240] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
.text C:\Documents and Settings\Ginger\Desktop\COMPUTER MAINTANENCE\qiouocck3qsu.exe[5656] SHELL32.dll!SHUpdateImageA + 3E22 7CABF4A7 1 Byte [E4]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\PCTCore \Device\PCTCoreDevice 82F65878
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OTL LOG No. 1
OTL logfile created on: 4/26/2010 12:22:18 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Ginger\Desktop\COMPUTER MAINTANENCE
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
703.00 Mb Total Physical Memory | 412.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 31.86 Gb Free Space | 45.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LBBBOOKS
Current User Name: Ginger
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/25 23:57:25 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ginger\Desktop\COMPUTER MAINTANENCE\OTL.exe
PRC - [2010/04/19 08:53:56 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/19 08:53:43 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 23:40:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/03 23:40:20 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/03 23:40:20 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/03 23:40:15 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/03 23:40:12 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/03 23:40:11 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/03 23:40:10 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/04/03 23:40:09 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/02/02 04:32:46 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/01/31 11:01:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 20:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/04/10 20:25:54 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2006/02/28 20:00:34 | 001,992,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
PRC - [2006/01/11 19:08:36 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/12/21 22:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 22:27:00 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 22:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/07 05:00:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2005/09/13 02:22:44 | 000,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2005/04/20 22:28:58 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/20 22:28:52 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/20 22:28:48 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/13 18:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2005/03/08 07:33:28 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 09:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/11/06 19:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
========== Modules (SafeList) ==========
MOD - [2010/04/25 23:57:25 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ginger\Desktop\COMPUTER MAINTANENCE\OTL.exe
MOD - [2006/01/16 18:40:38 | 000,073,728 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELHOOKS.DLL
MOD - [2005/12/30 17:36:38 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELSCRLL.DLL
MOD - [2004/02/20 14:37:24 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELCOMM.DLL
========== Win32 Services (SafeList) ==========
SRV - [2010/04/03 23:40:15 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/03 23:40:11 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/03 23:40:09 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/31 11:01:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/24 19:02:12 | 000,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2006/03/01 15:50:06 | 000,626,810 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/21 22:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 22:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/04/20 22:28:58 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/20 22:28:56 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/20 22:28:52 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/04 09:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
========== Driver Services (SafeList) ==========
DRV - [2010/04/25 00:00:04 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010/04/19 08:53:45 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/03 23:40:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/03 23:40:14 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/04/03 23:40:13 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/03 23:40:12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/03 23:40:11 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/04/03 23:40:10 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/04/03 23:40:10 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/23 08:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/24 19:02:12 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/02/17 21:15:34 | 003,846,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/12/21 21:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/21 20:45:56 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2005/12/21 20:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\ANCSQ.ORG -- (ANCSQ)
DRV - [2005/04/02 19:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/04 02:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/25 06:22:00 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/02/25 06:20:22 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/25 06:18:46 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/02 08:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/02/11 17:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/10 17:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2000/06/01 16:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/19 08:57:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 11:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 11:54:50 | 000,000,000 | ---D | M]
[2008/12/31 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Extensions
[2010/04/26 00:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions
[2009/09/03 06:36:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/24 05:05:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/28 01:13:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/24 05:39:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/01 17:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\[email protected]
[2010/04/26 00:17:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/13 23:58:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/24 00:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/30 23:35:05 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
O1 HOSTS File: ([2010/04/24 01:38:49 | 000,000,609 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Ginger\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252727148250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.76.227.40 208.180.42.68
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ginger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ginger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/05 23:07:57 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b7493754-d460-11dc-a2e5-00142aceb095}\Shell - "" = AutoRun
O33 - MountPoints2\{b7493754-d460-11dc-a2e5-00142aceb095}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7493754-d460-11dc-a2e5-00142aceb095}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 17:12:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/25 22:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/25 22:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/25 18:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Desktop\GooredFix Backups
[2010/04/25 18:57:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ginger\Recent
[2010/04/25 15:43:47 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/04/25 15:43:47 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/04/25 15:43:47 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/04/25 15:43:13 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/25 15:43:13 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/25 15:43:13 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/25 15:41:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/25 15:40:52 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/25 15:40:43 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/25 15:40:43 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/25 15:40:38 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/25 15:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/25 13:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/24 05:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Desktop\tdsskiller
[2010/04/24 01:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/24 01:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\SUPERAntiSpyware.com
[2010/04/24 01:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 01:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/24 00:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/24 00:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/20 23:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\Facebook
[2010/04/18 16:31:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/17 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\Malwarebytes
[2010/04/17 23:06:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/17 23:06:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/17 23:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/17 23:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/04 04:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\AVG9
[2010/04/03 23:40:44 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/03 23:40:43 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/03 23:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/03 23:40:14 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/03 23:40:13 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/03 23:40:12 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/03 23:40:12 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/03 23:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/03 23:27:08 | 121,175,904 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ginger\Desktop\avg_ipw_stf_all_90_800a2779.exe
[2010/04/01 23:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Desktop\FN080
[2010/03/31 20:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/19 09:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Local Settings\Application Data\Threat Expert
[2010/03/18 22:25:02 | 036,592,720 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Ginger\Desktop\sdasetup.exe
[2010/03/18 03:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpaceMonger
[2010/03/18 03:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\SpaceMonger
[2010/03/18 02:52:38 | 000,000,000 | ---D | C] -- C:\tools
[2010/03/18 01:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/03/17 06:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2010/03/09 22:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Desktop\Ginger's Pics
[2010/03/08 03:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/02 00:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Desktop\All Dropship Info and Images
[2010/02/19 04:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/18 08:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\AVS4YOU
[2010/02/18 08:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/02/18 08:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/02/18 08:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/17 22:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\My Documents\Christian's Stuff
[2010/02/14 23:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/02/14 23:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\Roxio
[2010/02/12 23:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Local Settings\Application Data\Move Networks
[2010/02/12 23:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Application Data\Move Networks
[2010/02/07 11:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2010/02/03 10:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\Desktop\webpics
[2010/02/02 23:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ginger\My Documents\Phoenix
========== Files - Modified Within 90 Days ==========
[2010/04/25 23:30:04 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\AVGreport1.csv
[2010/04/25 22:34:27 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\NTREGOPT.lnk
[2010/04/25 22:28:09 | 000,002,543 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/04/25 22:27:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 22:27:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 22:27:28 | 737,726,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/25 22:26:50 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Ginger\ntuser.dat
[2010/04/25 22:26:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ginger\ntuser.ini
[2010/04/25 19:50:39 | 004,804,928 | -H-- | M] () -- C:\Documents and Settings\Ginger\Local Settings\Application Data\IconCache.db
[2010/04/25 19:39:29 | 059,268,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/25 18:58:37 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100425_185816.reg
[2010/04/25 18:58:12 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100425_185811.reg
[2010/04/25 18:57:55 | 000,004,854 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100425_185750.reg
[2010/04/25 18:50:06 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/25 18:49:23 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/25 15:40:41 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/25 15:03:13 | 000,001,132 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\AVGreport.csv
[2010/04/25 13:17:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/25 13:10:53 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/25 11:32:36 | 000,000,839 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/04/25 08:36:07 | 000,040,440 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\lbb myspace logo.jpg
[2010/04/25 02:23:01 | 000,285,795 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\toriblack.png
[2010/04/25 02:18:20 | 000,010,856 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/24 05:18:41 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\tdsskiller.zip
[2010/04/24 01:38:49 | 000,000,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/24 00:41:20 | 000,002,196 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100424_004115.reg
[2010/04/21 00:44:34 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/04/19 22:45:59 | 000,452,096 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\Little Black Box LLC 2010a.april11QBW (Portable).QBM
[2010/04/19 08:53:45 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/19 08:39:40 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/04/18 23:12:04 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/18 23:08:54 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/04/15 10:03:20 | 101,000,794 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\vgas 22.MOV
[2010/04/08 00:34:33 | 003,259,000 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\garHback.pspimage
[2010/04/07 22:56:49 | 000,065,588 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\2009 monthly cash modified.xls
[2010/04/04 19:50:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2010/04/04 19:49:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2010/04/04 19:49:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2010/04/04 19:49:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/03 23:40:45 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/04/03 23:40:44 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/03 23:40:43 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/03 23:40:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/03 23:40:14 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/03 23:40:13 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/03 23:40:12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/03 23:29:09 | 121,175,904 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ginger\Desktop\avg_ipw_stf_all_90_800a2779.exe
[2010/04/03 22:25:53 | 000,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/03 22:25:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/03 22:25:53 | 000,000,184 | -HS- | M] () -- C:\BOOT.INI
[2010/04/03 22:03:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ginger\Local Settings\Application Data\prvlcl.dat
[2010/04/02 13:07:01 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Ginger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 23:39:53 | 000,199,639 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\FN080.zip
[2010/04/01 23:25:16 | 000,449,024 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\Little Black Box LLC 2010a April 1(Portable).QBM
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:17:15 | 000,010,612 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\Las Vegas Itinery.wpd
[2010/03/28 20:37:17 | 000,214,675 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\vegas orleans hotel confirm.jpg
[2010/03/28 20:34:09 | 000,206,089 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\vegas the orleans hotel confirmation.jpg
[2010/03/26 22:19:08 | 006,881,280 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\Little Black Box LLC 2010 (Backup Mar 26,2010 10 18 PM).QBB
[2010/03/26 22:14:24 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/03/24 21:13:28 | 000,057,224 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\Mozilla Bookmarks-2010-03-24
[2010/03/20 04:17:48 | 000,520,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/20 04:17:48 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/20 04:17:48 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 22:25:35 | 036,592,720 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Ginger\Desktop\sdasetup.exe
[2010/03/18 02:50:54 | 000,717,114 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\setupdf2.exe
[2010/03/18 02:10:55 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100318_021051.reg
[2010/03/17 22:57:26 | 012,617,778 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\attachments_2010_03_17.zip
[2010/03/14 18:32:04 | 000,066,072 | ---- | M] () -- C:\Documents and Settings\Ginger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/14 16:37:17 | 000,022,858 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100314_163636.reg
[2010/03/14 16:29:49 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 01:32:51 | 000,239,803 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\EM 2010 descript prices.wpd
[2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/08 22:10:19 | 003,670,577 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\attachments_2010_03_08.zip
[2010/02/26 23:52:25 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100226_225213.reg
[2010/02/19 14:18:50 | 000,012,882 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\Christian M. resume wpd.wpd
[2010/02/18 07:27:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\´ó
[2010/02/17 23:25:36 | 000,000,137 | -H-- | M] () -- C:\Documents and Settings\Ginger\Desktop\.~lock.2010 Lingerie Descriptions EM.ods#
[2010/02/07 13:45:26 | 000,005,985 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\report20100207-124621.iif
[2010/02/07 13:30:28 | 000,017,197 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\report20100207-123122.iif
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/01/31 23:40:20 | 000,076,293 | ---- | M] () -- C:\Documents and Settings\Ginger\Desktop\2009 FINAL INVENTORY.ods
[2010/01/31 18:48:58 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/31 18:48:58 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/31 17:43:54 | 000,003,828 | ---- | M] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100131_164340Jan31.reg
[2010/01/29 08:24:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
========== Files Created - No Company Name ==========
[2010/04/25 23:30:04 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\AVGreport1.csv
[2010/04/25 22:34:27 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\NTREGOPT.lnk
[2010/04/25 18:58:17 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100425_185816.reg
[2010/04/25 18:58:12 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100425_185811.reg
[2010/04/25 18:57:52 | 000,004,854 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100425_185750.reg
[2010/04/25 18:49:23 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/25 15:43:13 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/25 15:43:13 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/25 15:43:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/25 15:43:13 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/25 15:43:13 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/25 15:40:52 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/25 15:40:43 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/25 15:40:43 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/25 15:40:41 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/25 15:40:38 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/25 15:03:13 | 000,001,132 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\AVGreport.csv
[2010/04/25 08:36:05 | 000,040,440 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\lbb myspace logo.jpg
[2010/04/25 02:23:01 | 000,285,795 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\toriblack.png
[2010/04/24 05:31:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ginger\wdm.txt
[2010/04/24 05:18:39 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\tdsskiller.zip
[2010/04/24 04:14:51 | 737,726,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 00:41:16 | 000,002,196 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100424_004115.reg
[2010/04/24 00:09:45 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/19 22:45:58 | 000,452,096 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\Little Black Box LLC 2010a.april11QBW (Portable).QBM
[2010/04/18 23:12:04 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/18 23:12:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/18 23:04:21 | 000,012,074 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\MVI_0071.THM
[2010/04/15 10:03:20 | 101,000,794 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\vgas 22.MOV
[2010/04/11 10:28:25 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/04/08 00:34:31 | 003,259,000 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\garHback.pspimage
[2010/04/07 22:39:58 | 000,065,588 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\2009 monthly cash modified.xls
[2010/04/04 19:50:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2010/04/04 19:49:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2010/04/04 19:49:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2010/04/04 19:49:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/03 23:46:43 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Ginger\AVG.txt
[2010/04/03 23:40:45 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/04/03 23:40:43 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/03 23:40:33 | 059,268,202 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/03 22:25:47 | 000,002,543 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/04/03 22:25:47 | 000,002,120 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/04/03 22:25:47 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\Ginger\Start Menu\Programs\Startup\Nikon Monitor.lnk
[2010/04/01 23:39:52 | 000,199,639 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\FN080.zip
[2010/04/01 23:25:14 | 000,449,024 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\Little Black Box LLC 2010a April 1(Portable).QBM
[2010/03/28 22:33:14 | 000,010,612 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\Las Vegas Itinery.wpd
[2010/03/28 20:37:17 | 000,214,675 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\vegas orleans hotel confirm.jpg
[2010/03/28 20:34:09 | 000,206,089 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\vegas the orleans hotel confirmation.jpg
[2010/03/26 22:18:56 | 006,881,280 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\Little Black Box LLC 2010 (Backup Mar 26,2010 10 18 PM).QBB
[2010/03/24 21:13:28 | 000,057,224 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\Mozilla Bookmarks-2010-03-24
[2010/03/18 02:50:54 | 000,717,114 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\setupdf2.exe
[2010/03/18 02:10:53 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100318_021051.reg
[2010/03/17 22:56:45 | 012,617,778 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\attachments_2010_03_17.zip
[2010/03/14 16:36:39 | 000,022,858 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100314_163636.reg
[2010/03/13 00:16:20 | 000,239,803 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\EM 2010 descript prices.wpd
[2010/03/08 22:21:12 | 003,670,577 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\attachments_2010_03_08.zip
[2010/02/26 23:52:20 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100226_225213.reg
[2010/02/23 09:25:09 | 000,002,707 | ---- | C] () -- C:\Documents and Settings\Ginger\avgrep.txt
[2010/02/19 06:45:57 | 000,012,882 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\Christian M. resume wpd.wpd
[2010/02/18 07:27:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\´ó
[2010/02/17 23:25:36 | 000,000,137 | -H-- | C] () -- C:\Documents and Settings\Ginger\Desktop\.~lock.2010 Lingerie Descriptions EM.ods#
[2010/02/07 13:45:26 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\report20100207-124621.iif
[2010/02/07 13:30:28 | 000,017,197 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\report20100207-123122.iif
[2010/01/31 22:39:22 | 000,076,293 | ---- | C] () -- C:\Documents and Settings\Ginger\Desktop\2009 FINAL INVENTORY.ods
[2010/01/31 17:43:50 | 000,003,828 | ---- | C] () -- C:\Documents and Settings\Ginger\My Documents\cc_20100131_164340Jan31.reg
[2009/08/02 04:15:28 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/07/05 07:33:01 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2008/06/26 01:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/05/02 21:52:25 | 000,000,203 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/09 01:48:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/03/02 00:48:07 | 000,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/02/10 01:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2008/02/05 23:23:36 | 000,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/05 23:23:36 | 000,000,248 | RHS- | C] () -- C:\WINDOWS\System32\069DADDB21.sys
[2006/08/24 19:05:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/24 19:00:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/24 18:51:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/08/24 18:50:38 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/08/24 18:50:05 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2006/08/24 18:50:05 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2006/08/24 18:50:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2006/02/02 20:37:10 | 000,004,676 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/23 08:52:14 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2004/08/09 17:34:32 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000091.DLL
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 04:00:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
========== LOP Check ==========
[2010/04/03 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/08/24 18:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/08/02 04:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/06/26 00:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/11/07 01:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/04/24 00:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/08/24 18:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/04/30 22:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/06/26 00:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/03/18 01:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/05/01 22:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star Shared
[2009/08/02 04:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/04/14 11:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr
[2010/04/26 00:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/05 23:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2008/08/22 01:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/06/26 00:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/04/04 04:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\AVG9
[2008/04/07 01:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\EBookSys
[2010/04/20 23:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Facebook
[2006/08/24 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\IBM
[2009/01/21 04:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Image Zone Express
[2008/04/20 22:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Lenovo
[2008/12/03 00:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\MSNInstaller
[2010/01/09 04:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Nikon
[2009/06/09 00:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\OpenOffice.org
[2010/01/09 10:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Research In Motion
[2008/05/01 22:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Simple Star
[2010/03/18 03:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\SpaceMonger
[2008/02/05 23:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\ThinkVantage
[2009/09/13 13:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Uniblue
[2009/01/08 21:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Unity
[2009/09/08 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ginger\Application Data\Z-Firm LLC
========== Purity Check ==========
========== Custom Scans ==========
< >
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 03:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/09 17:17:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 17:17:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 17:17:00 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/03 23:40:14 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/04/03 23:40:12 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/04/03 23:40:43 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/03 23:40:13 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/04/19 08:53:45 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/25 18:50:06 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys
[2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys
[2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\System32\Èö:Ìpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\WINDOWS\System32\´ó:pctlsp.log
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
OTL LOG No. 2
OTL Extras logfile created on: 4/25/2010 11:58:25 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Ginger\Desktop\COMPUTER MAINTANENCE
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
703.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.99 Gb Total Space | 31.86 Gb Free Space | 45.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LBBBOOKS
Current User Name: Ginger
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SpaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8723:TCP" = 8723:TCP:*:Enabled:Services
"80:TCP" = 80:TCP:*:Enabled:Services
"1709:TCP" = 1709:TCP:*:Enabled:Services
"1552:TCP" = 1552:TCP:*:Enabled:Services
"5256:TCP" = 5256:TCP:*:Enabled:Services
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"6241:TCP" = 6241:TCP:*:Enabled:Services
"2849:TCP" = 2849:TCP:*:Enabled:Services
"7146:TCP" = 7146:TCP:*:Enabled:Services
"2069:TCP" = 2069:TCP:*:Enabled:Services
"6615:TCP" = 6615:TCP:*:Enabled:Services
"6616:TCP" = 6616:TCP:*:Enabled:Services
"7427:TCP" = 7427:TCP:*:Enabled:Services
"7428:TCP" = 7428:TCP:*:Enabled:Services
"3961:TCP" = 3961:TCP:*:Enabled:Services
"6422:TCP" = 6422:TCP:*:Enabled:Services
"7083:TCP" = 7083:TCP:*:Enabled:Services
"7084:TCP" = 7084:TCP:*:Enabled:Services
"4054:TCP" = 4054:TCP:*:Enabled:Services
"6608:TCP" = 6608:TCP:*:Enabled:Services
"4198:TCP" = 4198:TCP:*:Enabled:Services
"4912:TCP" = 4912:TCP:*:Enabled:Services
"8324:TCP" = 8324:TCP:*:Enabled:Services
"8271:TCP" = 8271:TCP:*:Enabled:Services
"8272:TCP" = 8272:TCP:*:Enabled:Services
"6169:TCP" = 6169:TCP:*:Enabled:Services
"6170:TCP" = 6170:TCP:*:Enabled:Services
"8801:TCP" = 8801:TCP:*:Enabled:Services
"8802:TCP" = 8802:TCP:*:Enabled:Services
"1604:TCP" = 1604:TCP:*:Enabled:Services
"6083:TCP" = 6083:TCP:*:Enabled:Services
"6084:TCP" = 6084:TCP:*:Enabled:Services
"7240:TCP" = 7240:TCP:*:Enabled:Services
"7241:TCP" = 7241:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Disabled:Services
"2479:TCP" = 2479:TCP:*:Disabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8723:TCP" = 8723:TCP:*:Disabled:Services
"1709:TCP" = 1709:TCP:*:Disabled:Services
"1552:TCP" = 1552:TCP:*:Enabled:Services
"5256:TCP" = 5256:TCP:*:Disabled:Services
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"6241:TCP" = 6241:TCP:*:Disabled:Services
"2849:TCP" = 2849:TCP:*:Disabled:Services
"7146:TCP" = 7146:TCP:*:Disabled:Services
"2069:TCP" = 2069:TCP:*:Enabled:Services
"6615:TCP" = 6615:TCP:*:Disabled:Services
"6616:TCP" = 6616:TCP:*:Disabled:Services
"7427:TCP" = 7427:TCP:*:Disabled:Services
"7428:TCP" = 7428:TCP:*:Disabled:Services
"3961:TCP" = 3961:TCP:*:Disabled:Services
"6422:TCP" = 6422:TCP:*:Disabled:Services
"7083:TCP" = 7083:TCP:*:Disabled:Services
"7084:TCP" = 7084:TCP:*:Disabled:Services
"4054:TCP" = 4054:TCP:*:Disabled:Services
"6608:TCP" = 6608:TCP:*:Disabled:Services
"4198:TCP" = 4198:TCP:*:Disabled:Services
"4912:TCP" = 4912:TCP:*:Disabled:Services
"8324:TCP" = 8324:TCP:*:Disabled:Services
"8272:TCP" = 8272:TCP:*:Disabled:Services
"8271:TCP" = 8271:TCP:*:Disabled:Services
"6169:TCP" = 6169:TCP:*:Enabled:Services
"6170:TCP" = 6170:TCP:*:Enabled:Services
"8801:TCP" = 8801:TCP:*:Enabled:Services
"8802:TCP" = 8802:TCP:*:Enabled:Services
"1604:TCP" = 1604:TCP:*:Enabled:Services
"6083:TCP" = 6083:TCP:*:Enabled:Services
"6084:TCP" = 6084:TCP:*:Enabled:Services
"7240:TCP" = 7240:TCP:*:Enabled:Services
"7241:TCP" = 7241:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- ()
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1A07F627-0F8F-43EE-B667-38908DF85911}" = Rescue and Recovery
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8E726115-FCBE-43B1-9FB7-06E8E25F9ABE}" = Diskeeper Lite
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1033}" = SecurDisc Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}" = ccCommon
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF654BB0-0833-497B-82D5-4D9A5613AC2C}" = Small Business Center
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"ERUNT_is1" = ERUNT 1.1j
"HitmanPro35" = Hitman Pro 3.5
"Homestead SiteBuilder" = Homestead SiteBuilder
"ie8" = Windows Internet Explorer 8
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"Picasa 3" = Picasa 3
"ProcessScanner_is1" = Uniblue ProcessScanner
"SpaceMonger" = SpaceMonger 2.1.1
"Spyware Doctor" = Spyware Doctor 7.0
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/24/2010 9:07:35 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": InitSystem
CheckDBServerEnvironment fail
Error - 4/24/2010 9:15:39 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 4/24/2010 9:15:39 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 4/24/2010 9:15:39 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 4/24/2010 9:15:39 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand
Error - 4/24/2010 9:16:11 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
Error:Invalid user ID or passwo
Error - 4/24/2010 9:16:11 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\Little Black Box LLC 2010a.QBW;ENG=QB_data_engine_19;DBN=b362e6e150b44832852e0e1d14df05
Error - 4/24/2010 9:16:11 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1003 from
function:'DBMgr::DBConnPool::ini
Error - 4/24/2010 9:16:22 AM | Computer Name = LBBBOOKS | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": InitSystem
OpenDBSession[4] failed. Error code code 0, msg Succeed
Error - 4/25/2010 11:36:35 PM | Computer Name = LBBBOOKS | Source = Application Error | ID = 1000
Description = Faulting application morehope.exe, version 1.0.15.15281, faulting
module morehope.exe, version 1.0.15.15281, fault address 0x0000c4b1.
[ System Events ]
Error - 4/25/2010 10:23:48 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/25/2010 10:23:48 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/25/2010 10:23:48 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The ProtexisLicensing service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/25/2010 10:23:48 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/25/2010 10:23:50 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The TVT Scheduler service terminated unexpectedly. It has done this
1 time(s).
Error - 4/25/2010 10:23:50 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The Simple TCP/IP Services service terminated unexpectedly. It has
done this 1 time(s).
Error - 4/25/2010 10:23:50 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The TVT Backup Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/25/2010 10:23:51 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7034
Description = The AVG E-mail Scanner service terminated unexpectedly. It has done
this 1 time(s).
Error - 4/25/2010 10:29:22 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 4/25/2010 10:29:22 PM | Computer Name = LBBBOOKS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
< End of report >
AVG REPORT CONCERNING TROJAN
"Scan ""Scan whole computer"" was finished."
"Infections";"2";"1";"1"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Monday, April 26, 2010, 12:50:46 AM"
"Scan finished:";"Monday, April 26, 2010, 12:51:03 AM (17 second(s))"
"Total object scanned:";"249"
"User who launched the scan:";"Ginger"
"Infections"
"File";"Infection";"Result"
"C:\WINDOWS\system32\services.exe (800):\memory_010c0000";"Trojan horse Cryptic.FJ";"Object is inaccessible."
"C:\WINDOWS\system32\services.exe (800)";"Trojan horse Cryptic.FJ";""