Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan alphabet

Started by Patty63 , Apr 27 2010 08:07 AM

Please log in to reply

#1
Patty63

Posted 27 April 2010 - 08:07 AM

New Member

Member
8 posts

Hi. We have been infected badly lately. Constantly get redirected etc. I ram malwarebytes and it said we had 3 trojan vundo and trojan alphabet. The vundos were removed, the alphabet will not remove. Yesterday internet explorer disappeared from computer. It says it was deleted. We can not use any desktop items = it will not go to them. Most links I try to click on - say even on your site when it says click here to download - it will not go there.
Please help.

#2
RKinner

Posted 27 April 2010 - 10:10 PM

Malware Expert

Expert
24,625 posts

What browser are you using?

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

You can also try booting into Safe mode with Networking.

Reboot and when you see the PC Maker's logo or hear a beep start slowly tapping the F8 key. Keep tapping until you see the Safe Mode menu. Choose Safe Mode with Networking. See if thinks work enough to download and run our tools. I'd go for step 5 first http://www.geekstogo...uide-t2852.html. With an OTL log we can see what is going on.

If all else fails have a friend download the tools and burn them to a CD. Then copy them to your desktop or a folder on the PC.

Ron

#3
Patty63

Posted 28 April 2010 - 06:30 AM

New Member

Topic Starter
Member
8 posts

Okay I am back. Whew! Had a hard time logging in for some reason. I did the OTL and this is what I got - hope I did it right. Oh as for what browser I was using - not IE since I posted that it deleted from my cpu and I cant download it. I did this on Firefox. Thanks!!

Oh I want to add - Malwarebytes was uninstalled on a tip my son got to uninstall and reinstall it. It will not reinstall. I can't even go to malwarebytes - or hardly anywhere else for that matter. It just says page not available or error.

OTL logfile created on: 4/28/2010 8:05:24 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Our Family\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 698.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 1.21 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.49 Gb Free Space | 99.41% Space Free | Partition Type: NTFS
Drive E: | 646.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCHB7W91
Current User Name: Our Family
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/28 08:02:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Our Family\My Documents\Downloads\OTL(3).exe
PRC - [2010/01/15 23:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/04/28 08:02:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Our Family\My Documents\Downloads\OTL(3).exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [Auto | Stopped] -- -- (ATI Smart)
SRV - [2010/04/23 19:26:59 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/03 10:12:41 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/03 21:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 20:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/10/23 13:18:53 | 001,371,584 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/05/22 01:02:26 | 000,225,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 01:00:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 00:45:58 | 001,220,120 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\VsapiNT.sys -- (vsapint)
DRV - [2009/05/01 22:34:53 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/28 11:33:44 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/28 11:33:42 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/28 11:33:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/02 19:08:54 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 19:08:52 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 19:08:48 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/20 23:04:30 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/03 23:22:59 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2006/05/02 13:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2006/01/24 20:52:30 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/24 15:17:40 | 000,162,816 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/03/16 11:31:36 | 000,038,402 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.co...r/ie8/done.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.magentic.com/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://mystart.magen...essBar&search="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 13:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 18:17:39 | 000,000,000 | ---D | M]

[2009/04/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Extensions
[2009/04/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Extensions\[email protected]
[2010/04/27 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions
[2010/02/02 20:23:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/20 20:44:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/03 17:21:44 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\searchplugins\MyStart Search.xml
[2010/04/27 18:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 18:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/01/27 20:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2010/04/27 18:17:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/10 13:46:42 | 000,061,440 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkanevapatch.dll

O1 HOSTS File: ([2009/09/05 17:50:33 | 000,001,235 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (United Online, Inc.)
O2 - BHO: (JSLoader Class) - {7D30F20A-5577-4c73-8D9B-AB1EDE8DC94B} - C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\FaceBookBHO.dll (Company name)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [smgr] File not found
O4 - HKLM..\Run: [TSTrayIcon] C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\TSTrayIcon.exe (Make The Web Better, LLC)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe ()
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\Our Family\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://mypoints.worl...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193101025740 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} http://www.consumeri...bot/BotCtrl.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.233,93.188.166.79
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://images.neopet.../sm_maraqua.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Our Family\My Documents\My Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Our Family\My Documents\My Pictures\untitled.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/27 14:52:35 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2005/03/24 12:00:24 | 000,119,016 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/07/21 18:39:35 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 18:30:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/04/26 22:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/26 21:27:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Our Family\Recent
[2010/04/23 19:26:59 | 000,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/04/19 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dora Saves the Snow Princess
[2010/04/19 21:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/04/19 21:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/04/12 12:24:27 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/04/08 21:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\My Art
[2010/04/08 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\NPS
[2010/04/08 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/08 21:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\PC Suite
[2010/04/08 21:34:04 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/04/08 21:32:50 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys
[2010/04/08 21:32:50 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys
[2010/04/08 21:32:50 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys
[2010/04/08 21:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/04/08 21:32:31 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/04/08 21:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\My NPS Files
[2010/04/08 21:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Samsung
[2010/04/08 21:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/04/08 21:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/08 21:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/06 17:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2010/04/05 15:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\peytonn
[2010/04/03 17:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod 2 iPod
[2010/04/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/03 13:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 13:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/02 19:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\easter egg hunt, peyton, beach
[2010/04/02 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/03/29 17:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/16 19:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Skype
[2010/03/03 17:22:37 | 000,750,984 | ---- | C] (IncrediMail LTD.) -- C:\WINDOWS\System32\Magentic Screensaver.scr
[2010/03/03 17:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Magentic
[2010/03/03 17:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Magentic
[2010/02/21 15:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\winter dance
[2010/02/19 08:47:08 | 000,287,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Tmfilter.sys
[2010/02/19 08:41:04 | 000,709,896 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Our Family\Desktop\Update_Tool.exe
[2010/02/19 08:33:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Service
[2010/02/16 22:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMR to MP3 Converter
[2010/02/15 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\ituens music
[2010/02/14 22:57:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/14 13:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/02/13 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/02/13 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/02/13 10:57:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/04 16:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/03 12:45:52 | 000,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/03 12:45:52 | 000,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/02/03 12:45:52 | 000,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/02/03 12:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/02/03 12:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Trend Micro
[2010/02/03 10:14:04 | 000,661,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/02/03 10:13:19 | 001,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\VsapiNT.sys
[2010/02/03 10:13:18 | 000,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010/02/03 10:13:17 | 000,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/02/03 10:13:17 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2010/02/02 14:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/02 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/02 14:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/02/02 13:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/02 13:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/02 11:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/02/01 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\Downloads
[2010/02/01 18:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/01 17:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DIGStream
[2010/01/31 20:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Facebook
[2010/01/30 12:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\Rugrats Go Wild
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/28 07:56:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/28 07:56:44 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/04/28 07:56:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 07:55:11 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Our Family\ntuser.dat
[2010/04/28 07:55:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/28 07:55:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Our Family\ntuser.ini
[2010/04/28 07:50:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 07:48:16 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2018829623-105930549-269167778-1006UA.job
[2010/04/28 07:48:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2018829623-105930549-269167778-1006Core.job
[2010/04/27 22:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 21:55:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/04/27 18:22:11 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex_runescape_preferences2.dat
[2010/04/27 18:21:22 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job
[2010/04/27 18:19:57 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex_runescape_preferences.dat
[2010/04/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/26 22:59:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/26 22:59:38 | 000,000,275 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/26 22:59:38 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/04/26 21:36:18 | 000,229,126 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100426_213608.reg
[2010/04/25 22:19:32 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\The Ellen DeGeneres Show The place for Ellen tickets, celebrity photos, videos, games, giveaways and more..url
[2010/04/24 09:09:27 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barnyard.lnk
[2010/04/23 19:26:59 | 000,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/23 19:26:59 | 000,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/04/21 13:56:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/19 21:06:43 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Saves the Snow Princess.lnk
[2010/04/19 21:06:43 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/19 21:03:53 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/04/19 16:55:19 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/18 12:58:24 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Google.url
[2010/04/14 16:32:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\A Glimmer of Hope.doc
[2010/04/14 13:15:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 13:15:22 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Spin N'Win with MyPoints.url
[2010/04/12 11:31:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex__preferences3.dat
[2010/04/12 10:35:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Works Cited.doc
[2010/04/10 13:30:44 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/04/08 21:57:40 | 000,532,716 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 21:57:40 | 000,448,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 21:57:40 | 000,073,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 21:32:07 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Our Family\Application Data\$_hpcst$.hpc
[2010/04/08 21:31:43 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2010/04/07 23:33:57 | 003,713,720 | -H-- | M] () -- C:\Documents and Settings\Our Family\Local Settings\Application Data\IconCache.db
[2010/04/07 15:32:20 | 000,077,061 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\IMG_0031.jpg
[2010/04/07 13:01:18 | 000,040,280 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100407_130110.reg
[2010/04/07 10:21:49 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\JumpStart 3D Virtual World - Adventure Based Learning For Kids.url
[2010/04/06 17:42:37 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/05 19:09:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/04 16:33:31 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\Party Checklist Kimmy.doc
[2010/04/03 13:16:42 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 13:03:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 11:56:21 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\party for when i grow up.doc
[2010/04/03 10:30:33 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\When i grow up test.doc
[2010/04/02 19:48:01 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Our Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 09:13:14 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\PrizeRebel.com Free Maplestory Nexon Cards, Free Mesos, Free Xbox 360 Games and Live Codes.url
[2010/03/24 17:25:57 | 001,707,008 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\kimmys presentation.ppt
[2010/03/22 16:34:07 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\james and the giant peach kimmy.doc
[2010/03/19 13:22:20 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Surveyhead! Take paid surveys online for cash rewards. Consumer panels for market research firms..url
[2010/03/15 19:32:34 | 000,000,715 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/15 19:32:30 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
[2010/03/14 16:44:10 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Kyle Glover.doc
[2010/03/13 22:47:19 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214714.reg
[2010/03/13 22:46:55 | 000,798,890 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214613.reg
[2010/03/13 22:45:45 | 000,582,062 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214527.reg
[2010/03/11 20:06:54 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Weight Training Program.doc
[2010/03/09 16:53:20 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\bananas for p.e..doc
[2010/03/08 16:52:26 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\kimmy's book talk paper.doc
[2010/03/04 23:52:20 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SurveySpot.url
[2010/03/04 20:00:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Friday.doc
[2010/03/04 17:37:18 | 000,007,062 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\201003042136183553140.rtf
[2010/03/03 17:22:40 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Games.lnk
[2010/03/03 17:22:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magentic by IncrediMail.lnk
[2010/03/01 21:43:28 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\MommyTalkSurveys.com.url
[2010/02/28 14:14:22 | 000,518,974 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2554.JPG
[2010/02/28 14:14:14 | 000,518,568 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2553.JPG
[2010/02/21 17:41:25 | 000,033,089 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\pants.png
[2010/02/21 16:54:57 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\DBQ.doc
[2010/02/20 17:58:00 | 001,181,696 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\FantasticTrip.pps
[2010/02/19 21:09:54 | 000,544,714 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2551.JPG
[2010/02/19 20:06:36 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\D.A.R.E Kimmmy's Essay.doc
[2010/02/19 19:29:56 | 000,014,681 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\IMG0006A.jpg
[2010/02/19 08:41:09 | 000,709,896 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Our Family\Desktop\Update_Tool.exe
[2010/02/18 15:32:00 | 014,990,912 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\ode to a grecian urn.pptx
[2010/02/14 15:19:55 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\Theodor Seuss Geisel KIMMY.doc
[2010/02/03 12:46:19 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/03 10:14:04 | 000,661,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/02/02 20:21:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 21:36:11 | 000,229,126 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100426_213608.reg
[2010/04/24 09:09:27 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barnyard.lnk
[2010/04/23 19:26:59 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/19 21:06:43 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Saves the Snow Princess.lnk
[2010/04/19 21:06:43 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/19 21:03:53 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/04/17 01:07:17 | 009,175,040 | ---- | C] () -- C:\Documents and Settings\Our Family\ntuser.dat
[2010/04/14 16:32:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\A Glimmer of Hope.doc
[2010/04/14 13:15:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 13:15:21 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Spin N'Win with MyPoints.url
[2010/04/12 11:31:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Our Family\jagex__preferences3.dat
[2010/04/08 21:32:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/04/08 21:32:31 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/04/08 21:32:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Our Family\Application Data\$_hpcst$.hpc
[2010/04/08 21:31:43 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2010/04/07 15:32:20 | 000,077,061 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\IMG_0031.jpg
[2010/04/07 13:01:13 | 000,040,280 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100407_130110.reg
[2010/04/06 17:42:37 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/04 16:33:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\Party Checklist Kimmy.doc
[2010/04/03 13:16:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 13:03:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 11:56:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\party for when i grow up.doc
[2010/04/03 10:30:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\When i grow up test.doc
[2010/03/30 09:13:14 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\PrizeRebel.com Free Maplestory Nexon Cards, Free Mesos, Free Xbox 360 Games and Live Codes.url
[2010/03/24 17:25:53 | 001,707,008 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\kimmys presentation.ppt
[2010/03/22 16:34:06 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\james and the giant peach kimmy.doc
[2010/03/15 19:32:30 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
[2010/03/14 14:49:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Kyle Glover.doc
[2010/03/13 22:47:16 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214714.reg
[2010/03/13 22:46:14 | 000,798,890 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214613.reg
[2010/03/13 22:45:30 | 000,582,062 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214527.reg
[2010/03/11 20:06:53 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Weight Training Program.doc
[2010/03/11 18:10:38 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Works Cited.doc
[2010/03/10 17:45:12 | 000,014,681 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\IMG0006A.jpg
[2010/03/09 16:53:19 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\bananas for p.e..doc
[2010/03/08 16:52:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\kimmy's book talk paper.doc
[2010/03/04 23:52:20 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SurveySpot.url
[2010/03/04 20:00:47 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Friday.doc
[2010/03/04 17:37:18 | 000,007,062 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\201003042136183553140.rtf
[2010/03/03 17:22:40 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Games.lnk
[2010/03/03 17:22:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magentic by IncrediMail.lnk
[2010/03/01 21:43:28 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\MommyTalkSurveys.com.url
[2010/03/01 21:43:03 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Surveyhead! Take paid surveys online for cash rewards. Consumer panels for market research firms..url
[2010/03/01 12:05:57 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\The Ellen DeGeneres Show The place for Ellen tickets, celebrity photos, videos, games, giveaways and more..url
[2010/02/28 13:06:49 | 000,518,568 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2553.JPG
[2010/02/28 13:06:48 | 000,518,974 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2554.JPG
[2010/02/23 18:59:47 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Google.url
[2010/02/21 17:41:24 | 000,033,089 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\pants.png
[2010/02/21 16:54:56 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\DBQ.doc
[2010/02/21 15:24:55 | 000,544,714 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2551.JPG
[2010/02/21 15:08:02 | 014,990,912 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\ode to a grecian urn.pptx
[2010/02/20 17:58:00 | 001,181,696 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\FantasticTrip.pps
[2010/02/19 20:06:35 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\D.A.R.E Kimmmy's Essay.doc
[2010/02/11 19:22:24 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\Theodor Seuss Geisel KIMMY.doc
[2010/02/04 16:39:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/03 12:46:19 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/02/03 12:38:49 | 000,046,456 | R--- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2010/02/02 20:21:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/01 13:27:51 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\JumpStart 3D Virtual World - Adventure Based Learning For Kids.url
[2009/12/26 17:57:12 | 000,000,123 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/09/09 03:05:37 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/16 16:43:40 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/11/01 12:43:19 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\dbbedaabfafd_g.dll
[2008/08/26 16:25:30 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}_WiseFW.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/28 21:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/10 18:47:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2007/04/02 09:59:22 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/03/06 00:40:27 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2007/03/06 00:27:27 | 001,294,422 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2007/02/16 19:06:07 | 000,001,513 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/14 15:19:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/01/30 20:38:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/01 19:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/01/01 19:22:09 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/12/31 16:11:43 | 000,000,124 | ---- | C] () -- C:\WINDOWS\aceznewyear.ini
[2006/12/30 21:27:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/12/25 13:02:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/06 14:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/09 12:36:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/10/27 22:57:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/10/27 22:53:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2006/09/16 05:47:02 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/04 20:56:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/04 20:48:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/22 21:47:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/18 22:00:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/13 16:36:28 | 000,000,837 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/05/02 23:31:44 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7F5A393E49.sys
[2006/04/29 20:56:02 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/29 20:56:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\493E395A7F.sys
[2006/04/25 13:57:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/25 13:50:53 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/25 13:44:32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/25 13:37:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/25 13:10:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/10/13 06:48:28 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\sunCollection.dll
[2004/06/30 16:04:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2000/09/10 23:08:18 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

========== LOP Check ==========

[2009/01/07 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/12/25 13:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/04/08 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/30 23:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/04/27 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/26 22:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/02 11:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/03/29 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/04/03 13:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/04 16:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/09/04 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Aim
[2007/01/01 21:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Atari
[2008/04/17 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\AVG7
[2009/03/07 13:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Browzar
[2010/02/28 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Facebook
[2009/10/04 17:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE
[2008/02/14 19:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\ICAClient
[2007/11/16 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\iLike
[2009/05/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\IObit
[2009/12/31 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\ITTNord
[2007/02/19 17:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\LANGMaster
[2006/04/28 23:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Leadertech
[2008/11/01 14:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\NCH Swift Sound
[2008/11/21 19:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Neopets Toolbar
[2009/02/22 21:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\OfficeUpdate12
[2009/09/22 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\OpenOffice.org
[2010/04/08 21:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\PC Suite
[2009/12/30 23:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\PlayFirst
[2008/04/09 18:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\RegClean
[2010/01/23 17:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Road Runner
[2010/04/08 21:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Samsung
[2007/04/01 19:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\SBTT
[2006/06/18 23:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Simple Star
[2009/12/22 19:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Sony Online Entertainment
[2009/10/19 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Unity
[2007/03/01 23:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\WMA 64K
[2010/04/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/04/19 16:55:19 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/04/27 18:21:22 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/04/28 07:56:06 | 000,017,244 | ---- | M] () -- C:\aaw7boot.log
[2010/04/26 22:59:38 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/04/25 13:16:08 | 000,006,684 | RH-- | M] () -- C:\dell.sdr
[2010/02/03 12:46:19 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/06/15 14:42:17 | 000,003,100 | -H-- | M] () -- C:\IPH.PH
[2009/05/06 22:50:29 | 001,340,797 | ---- | M] () -- C:\MGtools.exe
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/01 14:54:30 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/28 07:56:09 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/02/15 12:11:52 | 000,043,408 | ---- | M] () -- C:\playground.log
[2006/04/25 13:41:35 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/04 09:55:11 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys
[2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39964175
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05A9EC70
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

OTL Extras logfile created on: 4/28/2010 8:05:25 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Our Family\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 698.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 1.21 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.49 Gb Free Space | 99.41% Space Free | Partition Type: NTFS
Drive E: | 646.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCHB7W91
Current User Name: Our Family
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Documents and Settings\Our Family\Application Data\U3\000015672B62FD1A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and Settings\Our Family\Application Data\U3\000015672B62FD1A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Documents and Settings\Our Family\Desktop\magentic_install.exe" = C:\Documents and Settings\Our Family\Desktop\magentic_install.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe" = C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe:*:Enabled:FLYMonitor.exe -- File not found
"C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe" = C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe:*:Enabled:FLYWorld.exe -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- ()
"C:\Program Files\AIM6\aolsoftware.exe" = C:\Program Files\AIM6\aolsoftware.exe:*:Enabled:aolsoftware -- File not found
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" = C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe:*:Enabled:avguard -- File not found
"C:\Program Files\Spyware Doctor\pctsSvc.exe" = C:\Program Files\Spyware Doctor\pctsSvc.exe:*:Enabled:pctsSvc -- File not found
"C:\Documents and Settings\All Users\Application Data\Disney\Disney Online\Playhouse Disney\Data\DisneyPO.exe" = C:\Documents and Settings\All Users\Application Data\Disney\Disney Online\Playhouse Disney\Data\DisneyPO.exe:*:Enabled:DisneyPO -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Documents and Settings\Our Family\Local Settings\Application Data\download.exe" = C:\Documents and Settings\Our Family\Local Settings\Application Data\download.exe:*:Enabled:File Downloader (Demo Version) -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388887F6-0661-4C80-B272-A6A23EFC7A31}" = MY CAMERA
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E3E57A1-2BBB-4B15-9ED4-44C51C729758}" = Monopoly - SpongeBob SquarePants Edition
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}" = FLY World
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{71813834-C5F1-4B86-907A-54CEF83EB2E2}" = PSShortcuts
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E69787DB-D427-4590-B148-EAC9F7E4116D}" = iPod 2 iPod
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F111C643-418B-41A1-9CF7-EF4659B684CB}" = Barnyard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"10CB2083F7325ECF7648ED6DB0E2392F905A2829" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"8F1A19F8168CB0908127999D4F53773EAF35C31E" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"ATI Display Driver" = ATI Display Driver
"BFGC" = Big Fish Games: Game Manager
"BFG-Dora Saves the Snow Princess" = Dora Saves the Snow Princess
"Burn My Files_is1" = Burn My Files
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cooking Academy" = Cooking Academy
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Diner Dash 2" = Diner Dash 2
"Fashion Apprentice" = Fashion Apprentice
"Finale NotePad 2009" = Finale NotePad 2009
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"ie8" = Windows Internet Explorer 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JumpStart 3D Ages 3-5" = JumpStart 3D Ages 3-5
"JumpStart 3D Ages 6-8" = JumpStart 3D Ages 6-8
"LimeWire" = LimeWire 5.1.2
"Magentic" = Magentic
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Petz Vet" = Petz Vet
"PROSet" = Intel® PRO Network Connections Drivers
"Quicken WillMaker Plus 2006" = Quicken WillMaker Plus 2006
"Road Runner PhotoShow 5" = Road Runner PhotoShow 5
"Road Runner PhotoShow Deluxe 4" = Road Runner PhotoShow Deluxe 4
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Smart Defrag_is1" = Smart Defrag 1.11
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (Tattoodle Skins)
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Wedding Dash" = Wedding Dash
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WT016060" = Penguins!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 8:05:58 PM | Computer Name = DCHB7W91 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office PowerPoint.

Error - 4/24/2010 5:10:58 PM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 12.0.6500.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2010 5:10:59 PM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 12.0.6500.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2010 5:11:19 PM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1001
Description = Fault bucket 1251227047.

Error - 4/24/2010 5:11:32 PM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1001
Description = Fault bucket 1251227047.

Error - 4/27/2010 9:05:00 AM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8313.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2010 9:05:32 AM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1001
Description = Fault bucket 1553636449.

Error - 4/27/2010 6:30:34 PM | Computer Name = DCHB7W91 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/27/2010 8:14:11 PM | Computer Name = DCHB7W91 | Source = Application Hang | ID = 1002
Description = Hanging application bfgclient.exe, version 1.5.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2010 8:14:26 PM | Computer Name = DCHB7W91 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office PowerPoint.

[ System Events ]
Error - 4/27/2010 6:41:42 PM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/27/2010 6:41:44 PM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/27/2010 6:41:46 PM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/27/2010 6:41:48 PM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/27/2010 6:41:49 PM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/27/2010 8:09:47 PM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/27/2010 8:17:58 PM | Computer Name = DCHB7W91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 4/28/2010 7:40:49 AM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/28/2010 7:41:17 AM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/28/2010 7:41:19 AM | Computer Name = DCHB7W91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

Edited by Patty63, 28 April 2010 - 06:35 AM.

#4
RKinner

Posted 28 April 2010 - 08:36 AM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (JSLoader Class) - {7D30F20A-5577-4c73-8D9B-AB1EDE8DC94B} - C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\FaceBookBHO.dll (Company name)
O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [smgr] File not found
O4 - HKLM..\Run: [TSTrayIcon] C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\TSTrayIcon.exe (Make The Web Better, LLC)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\Our Family\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.233,93.188.166.79
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found

:Files
C:\WINDOWS\System32\dbbedaabfafd_g.dll
C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE
C:\Program Files\SGPSA
C:\WINDOWS\system32\service
C:\WINDOWS\System32\mkghj.dll
C:\WINDOWS\System32\winsflt.dll
C:\Documents and Settings\Our Family\Application Data\Facebook
C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE
C:\WINDOWS\System32\7F5A393E49.sys

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron

PS Your hard drive is showing signs of failure.
1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check.

Also if you have still have problems with the internet:
Normally the DNS is your local router or one belonging to your ISP. In your case, thanks to an infection, the DNS computer is located in the Ukraine. This evil DNS computer can easily redirect you to a wrong site by giving you the wrong IP Address or block access to an antivirus site by telling your computer that it can't find the address. (I tried to remove this with OTL but in case it doesn't work: )

1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 199.166.28.10 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot. Verify that the changes worked:

Click "Start," Click "Run," type: cmd , OK to bring up a black command window. Type with an Enter after each line

ipconfig /all

(There will be an entry for DNS Server. Verify that it has the 199.168.28.10 and 4.2.2.1 addresses.)

exit.

#5
Patty63

Posted 28 April 2010 - 08:51 AM

New Member

Topic Starter
Member
8 posts

Okay I am stuck already - sorry. I am not very geeky.
Copy the lines between the stars - no idea what that means.
And farther down you talk about downloading malwarebytes - I told you I cannot download anything.
The OTL downloaded so I could open it but I can not put it on my desktop. It just opened in a window.

Okay I think I figured it out. I hope.

This one came up first - dont know if you need this or not

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: 82.98.231.89 url.adtrgt.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 a1.review.zdnet.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 reviews.download.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 reviews.pcmag.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 reviews.techradar.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 toptenreviews.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 208.43.47.212 www.reevoo.com> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (JSLoader Class) - {7D30F20A-5577-4c73-8D9B-AB1EDE8DC94B} - C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\FaceBookBHO.dll (Company name)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [KernelFaultCheck] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NPSStartup] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [smgr] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [TSTrayIcon] C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\TSTrayIcon.exe (Make The Web Better, LLC)> in the current context!
Error: Unable to interpret <O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Our Family\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()> in the current context!
Error: Unable to interpret <O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.233,93.188.166.79> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found> in the current context!
========== FILES ==========
C:\WINDOWS\System32\dbbedaabfafd_g.dll moved successfully.
C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\Data folder moved successfully.
C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE folder moved successfully.
C:\Program Files\SGPSA folder moved successfully.
C:\WINDOWS\system32\Service folder moved successfully.
C:\WINDOWS\System32\mkghj.dll moved successfully.
C:\WINDOWS\System32\winsflt.dll moved successfully.
C:\Documents and Settings\Our Family\Application Data\Facebook folder moved successfully.
File\Folder C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE not found.
C:\WINDOWS\System32\7F5A393E49.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 348 bytes

User: All Users
->Java cache emptied: 0 bytes

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 468 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 616267 bytes

User: Our Family
->Temp folder emptied: 7398527 bytes
->Temporary Internet Files folder emptied: 14617238 bytes
->Java cache emptied: 39259 bytes
->FireFox cache emptied: 69850454 bytes
->Google Chrome cache emptied: 149394370 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2347 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124966 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 231.00 mb

OTL by OldTimer - Version 3.2.3.0 log created on 04282010_111834

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\._msige52\program files\Google\Google Earth\client\res\paddle\e.png not found!

Registry entries deleted on Reboot...

This is the one after quick scan

OTL logfile created on: 4/28/2010 11:42:33 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Our Family\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 1.35 Gb Free Space | 2.64% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.49 Gb Free Space | 99.41% Space Free | Partition Type: NTFS
Drive E: | 646.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCHB7W91
Current User Name: Our Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/28 11:41:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Our Family\My Documents\Downloads\OTL (2).exe
PRC - [2010/04/27 18:31:06 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/03/27 23:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 07:42:52 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/17 20:00:42 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/03 10:12:41 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2010/02/03 10:12:41 | 000,341,256 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/10/20 20:50:12 | 000,995,528 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/09/03 21:07:28 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/03 20:51:40 | 000,677,128 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/04/23 13:52:44 | 000,124,264 | ---- | M] () -- C:\Program Files\Magentic\bin\MgApp.exe
PRC - [2009/03/05 19:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/02/16 23:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/05/04 18:17:06 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2004/05/04 03:21:22 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010/04/28 11:41:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Our Family\My Documents\Downloads\OTL (2).exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [Auto | Stopped] -- -- (ATI Smart)
SRV - [2010/04/23 19:26:59 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/03 10:12:41 | 000,341,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/03 21:07:28 | 000,497,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 20:51:40 | 000,677,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/10/23 13:18:53 | 001,371,584 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/05/22 01:02:26 | 000,225,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 01:00:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 00:45:58 | 001,220,120 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VsapiNT.sys -- (vsapint)
DRV - [2009/05/01 22:34:53 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/28 11:33:44 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/28 11:33:42 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/28 11:33:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/02 19:08:54 | 000,050,192 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 19:08:52 | 000,050,192 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 19:08:48 | 000,153,104 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/20 23:04:30 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/03 23:22:59 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2006/05/02 13:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2006/01/24 20:52:30 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/24 15:17:40 | 000,162,816 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/03/16 11:31:36 | 000,038,402 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.co...r/ie8/done.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.magentic.com/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://mystart.magen...essBar&search="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 13:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 18:17:39 | 000,000,000 | ---D | M]

[2009/04/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Extensions
[2009/04/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Extensions\[email protected]
[2010/04/27 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions
[2010/02/02 20:23:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/20 20:44:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/03 17:21:44 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\searchplugins\MyStart Search.xml
[2010/04/27 18:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 18:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/01/27 20:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2010/04/27 18:17:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/10 13:46:42 | 000,061,440 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkanevapatch.dll

O1 HOSTS File: ([2009/09/05 17:50:33 | 000,001,235 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (United Online, Inc.)
O2 - BHO: (JSLoader Class) - {7D30F20A-5577-4c73-8D9B-AB1EDE8DC94B} - C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\FaceBookBHO.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [smgr] File not found
O4 - HKLM..\Run: [TSTrayIcon] C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\TSTrayIcon.exe File not found
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe ()
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\Our Family\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://mypoints.worl...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193101025740 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} http://www.consumeri...bot/BotCtrl.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.233,93.188.166.79
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://images.neopet.../sm_maraqua.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Our Family\My Documents\My Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Our Family\My Documents\My Pictures\untitled.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/27 14:52:35 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2005/03/24 12:00:24 | 000,119,016 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\lbegin.exe -- [2006/06/26 15:32:31 | 000,032,721 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/28 11:18:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/26 22:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/26 21:27:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Our Family\Recent
[2010/04/23 19:26:59 | 000,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/04/19 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dora Saves the Snow Princess
[2010/04/19 21:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/04/19 21:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/04/12 12:24:27 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/04/08 21:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\My Art
[2010/04/08 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\NPS
[2010/04/08 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/08 21:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\PC Suite
[2010/04/08 21:34:04 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/04/08 21:32:50 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys
[2010/04/08 21:32:50 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys
[2010/04/08 21:32:50 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys
[2010/04/08 21:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/04/08 21:32:31 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/04/08 21:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\My NPS Files
[2010/04/08 21:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Samsung
[2010/04/08 21:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/04/08 21:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/08 21:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/06 17:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2010/04/05 15:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\peytonn
[2010/04/03 17:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod 2 iPod
[2010/04/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/03 13:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 13:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/02 19:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\easter egg hunt, peyton, beach
[2010/04/02 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/03/29 17:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/16 19:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Skype
[2010/03/03 17:22:37 | 000,750,984 | ---- | C] (IncrediMail LTD.) -- C:\WINDOWS\System32\Magentic Screensaver.scr
[2010/03/03 17:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Magentic
[2010/03/03 17:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Magentic
[2010/02/21 15:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\winter dance
[2010/02/19 08:47:08 | 000,287,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Tmfilter.sys
[2010/02/19 08:41:04 | 000,709,896 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Our Family\Desktop\Update_Tool.exe
[2010/02/16 22:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMR to MP3 Converter
[2010/02/15 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\ituens music
[2010/02/14 22:57:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/14 13:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/02/13 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/02/13 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/02/13 10:57:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/04 16:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/03 12:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/02/03 12:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Trend Micro
[2010/02/03 10:14:04 | 000,661,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/02/03 10:13:19 | 001,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\VsapiNT.sys
[2010/02/03 10:13:18 | 000,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010/02/03 10:13:17 | 000,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/02/03 10:13:17 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2010/02/02 14:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/02 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/02 14:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/02/02 13:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/02 13:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/02 11:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/02/01 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\Downloads
[2010/02/01 18:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/01 17:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DIGStream
[2010/01/30 12:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\Rugrats Go Wild

========== Files - Modified Within 90 Days ==========

[2010/04/28 11:51:45 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job
[2010/04/28 11:48:04 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2018829623-105930549-269167778-1006UA.job
[2010/04/28 11:31:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/28 11:31:42 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/04/28 11:31:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 11:31:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/28 11:31:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 11:29:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Our Family\ntuser.ini
[2010/04/28 11:29:57 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Our Family\ntuser.dat
[2010/04/28 07:48:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2018829623-105930549-269167778-1006Core.job
[2010/04/27 22:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 21:55:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/04/27 18:22:11 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex_runescape_preferences2.dat
[2010/04/27 18:19:57 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex_runescape_preferences.dat
[2010/04/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/26 22:59:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/26 22:59:38 | 000,000,275 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/26 22:59:38 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/04/26 21:36:18 | 000,229,126 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100426_213608.reg
[2010/04/25 22:19:32 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\The Ellen DeGeneres Show The place for Ellen tickets, celebrity photos, videos, games, giveaways and more..url
[2010/04/24 09:09:27 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barnyard.lnk
[2010/04/23 19:26:59 | 000,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/23 19:26:59 | 000,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/04/21 13:56:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/19 21:06:43 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Saves the Snow Princess.lnk
[2010/04/19 21:06:43 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/19 21:03:53 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/04/19 16:55:19 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/18 12:58:24 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Google.url
[2010/04/14 16:32:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\A Glimmer of Hope.doc
[2010/04/14 13:15:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 13:15:22 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Spin N'Win with MyPoints.url
[2010/04/12 11:31:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex__preferences3.dat
[2010/04/12 10:35:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Works Cited.doc
[2010/04/10 13:30:44 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/04/08 21:57:40 | 000,532,716 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 21:57:40 | 000,448,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 21:57:40 | 000,073,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 21:32:07 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Our Family\Application Data\$_hpcst$.hpc
[2010/04/08 21:31:43 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2010/04/07 23:33:57 | 003,713,720 | -H-- | M] () -- C:\Documents and Settings\Our Family\Local Settings\Application Data\IconCache.db
[2010/04/07 15:32:20 | 000,077,061 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\IMG_0031.jpg
[2010/04/07 13:01:18 | 000,040,280 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100407_130110.reg
[2010/04/07 10:21:49 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\JumpStart 3D Virtual World - Adventure Based Learning For Kids.url
[2010/04/06 17:42:37 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/05 19:09:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/04 16:33:31 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\Party Checklist Kimmy.doc
[2010/04/03 13:16:42 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 13:03:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 11:56:21 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\party for when i grow up.doc
[2010/04/03 10:30:33 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\When i grow up test.doc
[2010/04/02 19:48:01 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Our Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 09:13:14 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\PrizeRebel.com Free Maplestory Nexon Cards, Free Mesos, Free Xbox 360 Games and Live Codes.url
[2010/03/24 17:25:57 | 001,707,008 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\kimmys presentation.ppt
[2010/03/22 16:34:07 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\james and the giant peach kimmy.doc
[2010/03/19 13:22:20 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Surveyhead! Take paid surveys online for cash rewards. Consumer panels for market research firms..url
[2010/03/15 19:32:34 | 000,000,715 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/15 19:32:30 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
[2010/03/14 16:44:10 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Kyle Glover.doc
[2010/03/13 22:47:19 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214714.reg
[2010/03/13 22:46:55 | 000,798,890 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214613.reg
[2010/03/13 22:45:45 | 000,582,062 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214527.reg
[2010/03/11 20:06:54 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Weight Training Program.doc
[2010/03/09 16:53:20 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\bananas for p.e..doc
[2010/03/08 16:52:26 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\kimmy's book talk paper.doc
[2010/03/04 23:52:20 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SurveySpot.url
[2010/03/04 20:00:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Friday.doc
[2010/03/04 17:37:18 | 000,007,062 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\201003042136183553140.rtf
[2010/03/03 17:22:40 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Games.lnk
[2010/03/03 17:22:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magentic by IncrediMail.lnk
[2010/03/01 21:43:28 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\MommyTalkSurveys.com.url
[2010/02/28 14:14:22 | 000,518,974 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2554.JPG
[2010/02/28 14:14:14 | 000,518,568 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2553.JPG
[2010/02/21 17:41:25 | 000,033,089 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\pants.png
[2010/02/21 16:54:57 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\DBQ.doc
[2010/02/20 17:58:00 | 001,181,696 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\FantasticTrip.pps
[2010/02/19 21:09:54 | 000,544,714 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2551.JPG
[2010/02/19 20:06:36 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\D.A.R.E Kimmmy's Essay.doc
[2010/02/19 19:29:56 | 000,014,681 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\IMG0006A.jpg
[2010/02/19 08:41:09 | 000,709,896 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Our Family\Desktop\Update_Tool.exe
[2010/02/18 15:32:00 | 014,990,912 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\ode to a grecian urn.pptx
[2010/02/14 15:19:55 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\Theodor Seuss Geisel KIMMY.doc
[2010/02/03 12:46:19 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/03 10:14:04 | 000,661,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/02/02 20:21:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/04/26 21:36:11 | 000,229,126 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100426_213608.reg
[2010/04/24 09:09:27 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barnyard.lnk
[2010/04/23 19:26:59 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/19 21:06:43 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Saves the Snow Princess.lnk
[2010/04/19 21:06:43 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/19 21:03:53 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/04/17 01:07:17 | 009,175,040 | ---- | C] () -- C:\Documents and Settings\Our Family\ntuser.dat
[2010/04/14 16:32:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\A Glimmer of Hope.doc
[2010/04/14 13:15:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 13:15:21 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Spin N'Win with MyPoints.url
[2010/04/12 11:31:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Our Family\jagex__preferences3.dat
[2010/04/08 21:32:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/04/08 21:32:31 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/04/08 21:32:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Our Family\Application Data\$_hpcst$.hpc
[2010/04/08 21:31:43 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2010/04/07 15:32:20 | 000,077,061 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\IMG_0031.jpg
[2010/04/07 13:01:13 | 000,040,280 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100407_130110.reg
[2010/04/06 17:42:37 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/04 16:33:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\Party Checklist Kimmy.doc
[2010/04/03 13:16:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 13:03:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 11:56:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\party for when i grow up.doc
[2010/04/03 10:30:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\When i grow up test.doc
[2010/03/30 09:13:14 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\PrizeRebel.com Free Maplestory Nexon Cards, Free Mesos, Free Xbox 360 Games and Live Codes.url
[2010/03/24 17:25:53 | 001,707,008 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\kimmys presentation.ppt
[2010/03/22 16:34:06 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\james and the giant peach kimmy.doc
[2010/03/15 19:32:30 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
[2010/03/14 14:49:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Kyle Glover.doc
[2010/03/13 22:47:16 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214714.reg
[2010/03/13 22:46:14 | 000,798,890 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214613.reg
[2010/03/13 22:45:30 | 000,582,062 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214527.reg
[2010/03/11 20:06:53 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Weight Training Program.doc
[2010/03/11 18:10:38 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Works Cited.doc
[2010/03/10 17:45:12 | 000,014,681 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\IMG0006A.jpg
[2010/03/09 16:53:19 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\bananas for p.e..doc
[2010/03/08 16:52:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\kimmy's book talk paper.doc
[2010/03/04 23:52:20 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SurveySpot.url
[2010/03/04 20:00:47 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Friday.doc
[2010/03/04 17:37:18 | 000,007,062 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\201003042136183553140.rtf
[2010/03/03 17:22:40 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Games.lnk
[2010/03/03 17:22:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magentic by IncrediMail.lnk
[2010/03/01 21:43:28 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\MommyTalkSurveys.com.url
[2010/03/01 21:43:03 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Surveyhead! Take paid surveys online for cash rewards. Consumer panels for market research firms..url
[2010/03/01 12:05:57 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\The Ellen DeGeneres Show The place for Ellen tickets, celebrity photos, videos, games, giveaways and more..url
[2010/02/28 13:06:49 | 000,518,568 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2553.JPG
[2010/02/28 13:06:48 | 000,518,974 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2554.JPG
[2010/02/23 18:59:47 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Google.url
[2010/02/21 17:41:24 | 000,033,089 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\pants.png
[2010/02/21 16:54:56 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\DBQ.doc
[2010/02/21 15:24:55 | 000,544,714 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2551.JPG
[2010/02/21 15:08:02 | 014,990,912 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\ode to a grecian urn.pptx
[2010/02/20 17:58:00 | 001,181,696 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\FantasticTrip.pps
[2010/02/19 20:06:35 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\D.A.R.E Kimmmy's Essay.doc
[2010/02/11 19:22:24 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\Theodor Seuss Geisel KIMMY.doc
[2010/02/04 16:39:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/03 12:46:19 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/02/03 12:45:52 | 000,153,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/03 12:45:52 | 000,050,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/02/03 12:45:52 | 000,050,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/02/03 12:38:49 | 000,046,456 | R--- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2010/02/02 20:21:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/01 13:27:51 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\JumpStart 3D Virtual World - Adventure Based Learning For Kids.url
[2009/12/26 17:57:12 | 000,000,123 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/09/09 03:05:37 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/16 16:43:40 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/08/26 16:25:30 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}_WiseFW.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/28 21:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/10 18:47:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2007/04/02 09:59:22 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/02/16 19:06:07 | 000,001,513 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/14 15:19:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/01/30 20:38:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/01 19:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/01/01 19:22:09 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/12/31 16:11:43 | 000,000,124 | ---- | C] () -- C:\WINDOWS\aceznewyear.ini
[2006/12/30 21:27:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/12/25 13:02:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/06 14:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/09 12:36:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/10/27 22:57:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/10/27 22:53:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2006/09/16 05:47:02 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/04 20:56:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/04 20:48:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/22 21:47:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/18 22:00:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/13 16:36:28 | 000,000,837 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/04/29 20:56:02 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/29 20:56:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\493E395A7F.sys
[2006/04/25 13:57:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/25 13:50:53 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/25 13:44:32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/25 13:37:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/25 13:10:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/10/13 06:48:28 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\sunCollection.dll
[2004/06/30 16:04:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2000/09/10 23:08:18 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

========== LOP Check ==========

[2009/01/07 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/12/25 13:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/04/08 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/30 23:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/04/27 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/26 22:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/02 11:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/03/29 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/04/03 13:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/04 16:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/09/04 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Aim
[2007/01/01 21:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Atari
[2008/04/17 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\AVG7
[2009/03/07 13:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Browzar
[2008/02/14 19:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\ICAClient
[2007/11/16 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\iLike
[2009/05/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\IObit
[2009/12/31 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\ITTNord
[2007/02/19 17:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\LANGMaster
[2006/04/28 23:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Leadertech
[2008/11/01 14:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\NCH Swift Sound
[2008/11/21 19:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Neopets Toolbar
[2009/02/22 21:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\OfficeUpdate12
[2009/09/22 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\OpenOffice.org
[2010/04/08 21:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\PC Suite
[2009/12/30 23:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\PlayFirst
[2008/04/09 18:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\RegClean
[2010/01/23 17:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Road Runner
[2010/04/08 21:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Samsung
[2007/04/01 19:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\SBTT
[2006/06/18 23:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Simple Star
[2009/12/22 19:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Sony Online Entertainment
[2009/10/19 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Unity
[2007/03/01 23:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\WMA 64K
[2010/04/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/04/19 16:55:19 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/04/28 11:51:45 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39964175
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05A9EC70
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Edited by Patty63, 28 April 2010 - 10:04 AM.

#6
Patty63

Posted 28 April 2010 - 10:20 AM

New Member

Topic Starter
Member
8 posts

As I said I cannot get to malwarebytes - it just says page not found. I don't know if I am supposed to continue to other steps or just wait for instructions. Thank you

#7
RKinner

Posted 28 April 2010 - 10:34 AM

Malware Expert

Expert
24,625 posts

Close but no cigar. After you paste the text into the custom scan box you have to press the RUN FIX button.

If it works you should have normal internet connectivity so should be able to download stuff again.

Ron

#8
Patty63

Posted 28 April 2010 - 10:50 AM

New Member

Topic Starter
Member
8 posts

I did click run/fix. Did I do something wrong? Sorry. I will try again later - have to run out. Thanks for your help - you guys are amazing!!

#9
RKinner

Posted 28 April 2010 - 11:23 AM

Malware Expert

Expert
24,625 posts

I'm not sure. That is the same format I've been using for OTL for months and it always worked before. The "Unable to interpret <OTL> in the current context!" message usually means the wrong button was pressed. I wonder if there is a new version and it's a bit buggy? I see it did remove the files at least.

Try it again and make sure you press the Run Fix button. I've modified the script a bit so use the one in the Code box. (We don't want the word Code: in our copy and paste):

:OTL
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (JSLoader Class) - {7D30F20A-5577-4c73-8D9B-AB1EDE8DC94B} - C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\FaceBookBHO.dll 
O2 - BHO: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [smgr] File not found
O4 - HKLM..\Run: [TSTrayIcon] C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE\TSTrayIcon.exe (Make The Web Better, LLC)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.233,93.188.166.79
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found

:Files
C:\WINDOWS\System32\dbbedaabfafd_g.dll
C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE
C:\Program Files\SGPSA
C:\WINDOWS\system32\service
C:\WINDOWS\System32\mkghj.dll
C:\WINDOWS\System32\winsflt.dll
C:\Documents and Settings\Our Family\Application Data\Facebook
C:\Documents and Settings\Our Family\Application Data\FaceBookStyleIE
C:\WINDOWS\System32\7F5A393E49.sys

:Commands
[purity]
[RESETHOSTS]
[emptytemp]
[Reboot]

Don't forget the stuff in my PS. You need to do that too. The last one should fix it so you can download stuff again even if OTL won't work right.

I am leaving for the mainland at 11:30 AM. PDT. Won't be back until late.

If OTL give you the same context message then see if you can now download Hijackthis v2.0.4 from
http://free.antivirus.com/hijackthis/

Download the Executable then Save it and run it. Accept the disclaimer then run Scan Only and look for the same lines as in the OTL script. Check the box in front of each one and when you have as many as you can find, click Fix Checked. Click Scan and then Save Log and copy (Ctrl + a, Ctrl + c)) and paste (Ctrl + v) the text into a reply.

Ron

#10
Patty63

Posted 28 April 2010 - 02:22 PM

New Member

Topic Starter
Member
8 posts

Hope I did it right this time!!!

OTL logfile created on: 4/28/2010 4:09:58 PM - Run 3
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Our Family\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 1.32 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 18.49 Gb Free Space | 99.41% Space Free | Partition Type: NTFS
Drive E: | 646.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DCHB7W91
Current User Name: Our Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/28 11:14:13 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Our Family\My Documents\Downloads\OTL (1).exe
PRC - [2010/04/27 18:31:06 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/26 13:13:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 07:42:52 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/17 20:00:42 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/03 10:12:41 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2010/02/03 10:12:41 | 000,341,256 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/10/20 20:50:12 | 000,995,528 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/09/03 21:07:28 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/03 20:51:40 | 000,677,128 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/23 13:52:44 | 000,124,264 | ---- | M] () -- C:\Program Files\Magentic\bin\MgApp.exe
PRC - [2009/03/05 19:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/02/16 23:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/05/04 18:17:06 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2004/05/04 03:21:22 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

========== Modules (SafeList) ==========

MOD - [2010/04/28 11:14:13 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Our Family\My Documents\Downloads\OTL (1).exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [Auto | Stopped] -- -- (ATI Smart)
SRV - [2010/04/23 19:26:59 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/03 10:12:41 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/10/20 20:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/03 21:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 20:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/10/23 13:18:53 | 001,371,584 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/05/22 01:02:26 | 000,225,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 01:00:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 00:45:58 | 001,220,120 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VsapiNT.sys -- (vsapint)
DRV - [2009/05/01 22:34:53 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/28 11:33:44 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/04/28 11:33:42 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/28 11:33:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/02 19:08:54 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 19:08:52 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 19:08:48 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/20 23:04:30 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/03 23:22:59 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2006/05/02 13:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2006/01/24 20:52:30 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/24 15:17:40 | 000,162,816 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/03/16 11:31:36 | 000,038,402 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.co...r/ie8/done.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.magentic.com/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://mystart.magen...essBar&search="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 13:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 18:17:39 | 000,000,000 | ---D | M]

[2009/04/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Extensions
[2009/04/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Extensions\[email protected]
[2010/04/27 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions
[2010/02/02 20:23:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/20 20:44:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/03 17:21:44 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\Our Family\Application Data\Mozilla\Firefox\Profiles\jgix1zsw.default\searchplugins\MyStart Search.xml
[2010/04/27 18:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 18:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/01/27 20:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2010/04/27 18:17:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/10 13:46:42 | 000,061,440 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkanevapatch.dll

O1 HOSTS File: ([2010/04/28 15:54:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (United Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe ()
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Our Family\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://mypoints.worl...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193101025740 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} http://www.consumeri...bot/BotCtrl.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://images.neopet.../sm_maraqua.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Our Family\My Documents\My Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Our Family\My Documents\My Pictures\untitled.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/27 14:52:35 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [2005/03/24 12:00:24 | 000,119,016 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\lbegin.exe -- [2006/06/26 15:32:31 | 000,032,721 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/28 11:18:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/26 22:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/26 21:27:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Our Family\Recent
[2010/04/23 19:26:59 | 000,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/04/19 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dora Saves the Snow Princess
[2010/04/19 21:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/04/19 21:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/04/12 12:24:27 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/04/08 21:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\My Art
[2010/04/08 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\NPS
[2010/04/08 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/08 21:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\PC Suite
[2010/04/08 21:34:04 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/04/08 21:32:50 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys
[2010/04/08 21:32:50 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys
[2010/04/08 21:32:50 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys
[2010/04/08 21:32:50 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys
[2010/04/08 21:32:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/04/08 21:32:31 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/04/08 21:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\My NPS Files
[2010/04/08 21:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Samsung
[2010/04/08 21:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/04/08 21:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/08 21:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/06 17:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2010/04/05 15:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\peytonn
[2010/04/03 17:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod 2 iPod
[2010/04/03 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/03 13:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 13:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/02 19:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\easter egg hunt, peyton, beach
[2010/04/02 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/03/29 17:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/03/16 19:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Application Data\Skype
[2010/03/03 17:22:37 | 000,750,984 | ---- | C] (IncrediMail LTD.) -- C:\WINDOWS\System32\Magentic Screensaver.scr
[2010/03/03 17:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Magentic
[2010/03/03 17:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Magentic
[2010/02/21 15:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\winter dance
[2010/02/19 08:47:08 | 000,287,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Tmfilter.sys
[2010/02/19 08:41:04 | 000,709,896 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Our Family\Desktop\Update_Tool.exe
[2010/02/16 22:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMR to MP3 Converter
[2010/02/15 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Desktop\ituens music
[2010/02/14 22:57:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/14 13:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/02/13 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/02/13 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/02/13 10:57:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/04 16:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/03 12:45:52 | 000,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/03 12:45:52 | 000,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/02/03 12:45:52 | 000,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/02/03 12:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/02/03 12:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\Local Settings\Application Data\Trend Micro
[2010/02/03 10:14:04 | 000,661,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/02/03 10:13:19 | 001,220,120 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\VsapiNT.sys
[2010/02/03 10:13:18 | 000,335,376 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010/02/03 10:13:17 | 000,225,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/02/03 10:13:17 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2010/02/02 14:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/02 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/02 14:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/02/02 13:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/02 13:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/02 11:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/02/01 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\Downloads
[2010/02/01 18:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/01 17:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DIGStream
[2010/01/30 12:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Our Family\My Documents\Rugrats Go Wild

========== Files - Modified Within 90 Days ==========

[2010/04/28 16:05:36 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/28 16:01:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/28 16:01:19 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/04/28 16:00:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 16:00:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/28 16:00:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 15:59:56 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Our Family\ntuser.dat
[2010/04/28 15:58:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Our Family\ntuser.ini
[2010/04/28 15:54:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/28 15:48:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2018829623-105930549-269167778-1006UA.job
[2010/04/28 15:40:42 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job
[2010/04/28 15:30:03 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex_runescape_preferences2.dat
[2010/04/28 15:30:03 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex_runescape_preferences.dat
[2010/04/28 13:56:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/28 13:55:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/04/28 07:48:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2018829623-105930549-269167778-1006Core.job
[2010/04/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/26 22:59:38 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/26 22:59:38 | 000,000,275 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/26 22:59:38 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/04/26 21:36:18 | 000,229,126 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100426_213608.reg
[2010/04/25 22:19:32 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\The Ellen DeGeneres Show The place for Ellen tickets, celebrity photos, videos, games, giveaways and more..url
[2010/04/24 09:09:27 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barnyard.lnk
[2010/04/23 19:26:59 | 000,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/23 19:26:59 | 000,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/04/19 21:06:43 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Saves the Snow Princess.lnk
[2010/04/19 21:06:43 | 000,001,222 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/19 21:03:53 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/04/19 16:55:19 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/18 12:58:24 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Google.url
[2010/04/14 16:32:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\A Glimmer of Hope.doc
[2010/04/14 13:15:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 13:15:22 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Spin N'Win with MyPoints.url
[2010/04/12 11:31:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Our Family\jagex__preferences3.dat
[2010/04/12 10:35:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Works Cited.doc
[2010/04/10 13:30:44 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/04/08 21:57:40 | 000,532,716 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 21:57:40 | 000,448,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 21:57:40 | 000,073,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 21:32:07 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Our Family\Application Data\$_hpcst$.hpc
[2010/04/08 21:31:43 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2010/04/07 23:33:57 | 003,713,720 | -H-- | M] () -- C:\Documents and Settings\Our Family\Local Settings\Application Data\IconCache.db
[2010/04/07 15:32:20 | 000,077,061 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\IMG_0031.jpg
[2010/04/07 13:01:18 | 000,040,280 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100407_130110.reg
[2010/04/07 10:21:49 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\JumpStart 3D Virtual World - Adventure Based Learning For Kids.url
[2010/04/06 17:42:37 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/05 19:09:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/04 16:33:31 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\Party Checklist Kimmy.doc
[2010/04/03 13:16:42 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 13:03:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 11:56:21 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\party for when i grow up.doc
[2010/04/03 10:30:33 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\When i grow up test.doc
[2010/04/02 19:48:01 | 000,108,544 | ---- | M] () -- C:\Documents and Settings\Our Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 09:13:14 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\PrizeRebel.com Free Maplestory Nexon Cards, Free Mesos, Free Xbox 360 Games and Live Codes.url
[2010/03/24 17:25:57 | 001,707,008 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\kimmys presentation.ppt
[2010/03/22 16:34:07 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\james and the giant peach kimmy.doc
[2010/03/19 13:22:20 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Surveyhead! Take paid surveys online for cash rewards. Consumer panels for market research firms..url
[2010/03/15 19:32:34 | 000,000,715 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/15 19:32:30 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
[2010/03/14 16:44:10 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Kyle Glover.doc
[2010/03/13 22:47:19 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214714.reg
[2010/03/13 22:46:55 | 000,798,890 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214613.reg
[2010/03/13 22:45:45 | 000,582,062 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214527.reg
[2010/03/11 20:06:54 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Weight Training Program.doc
[2010/03/09 16:53:20 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\bananas for p.e..doc
[2010/03/08 16:52:26 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\kimmy's book talk paper.doc
[2010/03/04 23:52:20 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SurveySpot.url
[2010/03/04 20:00:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\Friday.doc
[2010/03/04 17:37:18 | 000,007,062 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\201003042136183553140.rtf
[2010/03/03 17:22:40 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Games.lnk
[2010/03/03 17:22:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magentic by IncrediMail.lnk
[2010/03/01 21:43:28 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\MommyTalkSurveys.com.url
[2010/02/28 14:14:22 | 000,518,974 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2554.JPG
[2010/02/28 14:14:14 | 000,518,568 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2553.JPG
[2010/02/21 17:41:25 | 000,033,089 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\pants.png
[2010/02/21 16:54:57 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\DBQ.doc
[2010/02/20 17:58:00 | 001,181,696 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\FantasticTrip.pps
[2010/02/19 21:09:54 | 000,544,714 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\SANY2551.JPG
[2010/02/19 20:06:36 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\D.A.R.E Kimmmy's Essay.doc
[2010/02/19 19:29:56 | 000,014,681 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\IMG0006A.jpg
[2010/02/19 08:41:09 | 000,709,896 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Our Family\Desktop\Update_Tool.exe
[2010/02/18 15:32:00 | 014,990,912 | ---- | M] () -- C:\Documents and Settings\Our Family\Desktop\ode to a grecian urn.pptx
[2010/02/14 15:19:55 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Our Family\My Documents\Theodor Seuss Geisel KIMMY.doc
[2010/02/03 12:46:19 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/03 10:14:04 | 000,661,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/02/03 10:13:18 | 000,335,376 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2010/02/03 10:13:17 | 000,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/02/02 20:21:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/04/26 21:36:11 | 000,229,126 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100426_213608.reg
[2010/04/24 09:09:27 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barnyard.lnk
[2010/04/23 19:26:59 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/19 21:06:43 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Dora Saves the Snow Princess.lnk
[2010/04/19 21:06:43 | 000,001,222 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/04/19 21:03:53 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/04/17 01:07:17 | 009,175,040 | ---- | C] () -- C:\Documents and Settings\Our Family\ntuser.dat
[2010/04/14 16:32:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\A Glimmer of Hope.doc
[2010/04/14 13:15:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 13:15:21 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Spin N'Win with MyPoints.url
[2010/04/12 11:31:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Our Family\jagex__preferences3.dat
[2010/04/08 21:32:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/04/08 21:32:31 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/04/08 21:32:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Our Family\Application Data\$_hpcst$.hpc
[2010/04/08 21:31:43 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung New PC Studio.lnk
[2010/04/07 15:32:20 | 000,077,061 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\IMG_0031.jpg
[2010/04/07 13:01:13 | 000,040,280 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100407_130110.reg
[2010/04/06 17:42:37 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2010/04/04 16:33:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\Party Checklist Kimmy.doc
[2010/04/03 13:16:42 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 13:03:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 11:56:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\party for when i grow up.doc
[2010/04/03 10:30:32 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\When i grow up test.doc
[2010/03/30 09:13:14 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\PrizeRebel.com Free Maplestory Nexon Cards, Free Mesos, Free Xbox 360 Games and Live Codes.url
[2010/03/24 17:25:53 | 001,707,008 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\kimmys presentation.ppt
[2010/03/22 16:34:06 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\james and the giant peach kimmy.doc
[2010/03/15 19:32:30 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
[2010/03/14 14:49:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Kyle Glover.doc
[2010/03/13 22:47:16 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214714.reg
[2010/03/13 22:46:14 | 000,798,890 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214613.reg
[2010/03/13 22:45:30 | 000,582,062 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\cc_20100313_214527.reg
[2010/03/11 20:06:53 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Weight Training Program.doc
[2010/03/11 18:10:38 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Works Cited.doc
[2010/03/10 17:45:12 | 000,014,681 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\IMG0006A.jpg
[2010/03/09 16:53:19 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\bananas for p.e..doc
[2010/03/08 16:52:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\kimmy's book talk paper.doc
[2010/03/04 23:52:20 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SurveySpot.url
[2010/03/04 20:00:47 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Friday.doc
[2010/03/04 17:37:18 | 000,007,062 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\201003042136183553140.rtf
[2010/03/03 17:22:40 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Games.lnk
[2010/03/03 17:22:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magentic by IncrediMail.lnk
[2010/03/01 21:43:28 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\MommyTalkSurveys.com.url
[2010/03/01 21:43:03 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Surveyhead! Take paid surveys online for cash rewards. Consumer panels for market research firms..url
[2010/03/01 12:05:57 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\The Ellen DeGeneres Show The place for Ellen tickets, celebrity photos, videos, games, giveaways and more..url
[2010/02/28 13:06:49 | 000,518,568 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2553.JPG
[2010/02/28 13:06:48 | 000,518,974 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2554.JPG
[2010/02/23 18:59:47 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\Google.url
[2010/02/21 17:41:24 | 000,033,089 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\pants.png
[2010/02/21 16:54:56 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\DBQ.doc
[2010/02/21 15:24:55 | 000,544,714 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\SANY2551.JPG
[2010/02/21 15:08:02 | 014,990,912 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\ode to a grecian urn.pptx
[2010/02/20 17:58:00 | 001,181,696 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\FantasticTrip.pps
[2010/02/19 20:06:35 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\D.A.R.E Kimmmy's Essay.doc
[2010/02/11 19:22:24 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Our Family\My Documents\Theodor Seuss Geisel KIMMY.doc
[2010/02/04 16:39:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/03 12:46:19 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/02/03 12:38:49 | 000,046,456 | R--- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2010/02/02 20:21:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/01 13:27:51 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Our Family\Desktop\JumpStart 3D Virtual World - Adventure Based Learning For Kids.url
[2009/12/26 17:57:12 | 000,000,123 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/09/09 03:05:37 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/16 16:43:40 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/08/26 16:25:30 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}_WiseFW.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/28 21:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/10 18:47:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2007/04/02 09:59:22 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/02/16 19:06:07 | 000,001,513 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/14 15:19:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/01/30 20:38:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/01 19:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/01/01 19:22:09 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/12/31 16:11:43 | 000,000,124 | ---- | C] () -- C:\WINDOWS\aceznewyear.ini
[2006/12/30 21:27:15 | 000,000,073 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/12/25 13:02:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/06 14:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/09 12:36:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/10/27 22:57:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/10/27 22:53:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2006/09/16 05:47:02 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/04 20:56:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/04 20:48:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/22 21:47:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/18 22:00:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/13 16:36:28 | 000,000,837 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/04/29 20:56:02 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/29 20:56:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\493E395A7F.sys
[2006/04/25 13:57:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/25 13:50:53 | 000,000,534 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/25 13:44:32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/25 13:37:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/25 13:10:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2005/08/16 04:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/10/13 06:48:28 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\sunCollection.dll
[2004/06/30 16:04:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2000/09/10 23:08:18 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

========== LOP Check ==========

[2009/01/07 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/12/25 13:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/04/08 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/30 23:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/04/27 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/26 22:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/02 11:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/03/29 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/04/03 13:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/04 16:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/09/04 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Aim
[2007/01/01 21:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Atari
[2008/04/17 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\AVG7
[2009/03/07 13:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Browzar
[2008/02/14 19:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\ICAClient
[2007/11/16 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\iLike
[2009/05/01 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\IObit
[2009/12/31 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\ITTNord
[2007/02/19 17:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\LANGMaster
[2006/04/28 23:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Leadertech
[2008/11/01 14:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\NCH Swift Sound
[2008/11/21 19:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Neopets Toolbar
[2009/02/22 21:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\OfficeUpdate12
[2009/09/22 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\OpenOffice.org
[2010/04/08 21:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\PC Suite
[2009/12/30 23:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\PlayFirst
[2008/04/09 18:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\RegClean
[2010/01/23 17:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Road Runner
[2010/04/08 21:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Samsung
[2007/04/01 19:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\SBTT
[2006/06/18 23:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Simple Star
[2009/12/22 19:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Sony Online Entertainment
[2009/10/19 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\Unity
[2007/03/01 23:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Our Family\Application Data\WMA 64K
[2010/04/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/04/19 16:55:19 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/04/28 15:40:42 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39964175
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05A9EC70
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#11
Patty63

Posted 28 April 2010 - 08:47 PM

New Member

Topic Starter
Member
8 posts

OKay I got the mbam log. Yes I finally got to download it. I did the combo fix - it went to about #50 then the screen went blue and it said
Problem detected - windows has shut down to protect damage
BAD_POOL_HEADER
IF this is the first time you are seeing this message restart
If you see it again make sure new hardware/software is properly installed

Beginning dump physical memory
Physical memory dump complete

So I waited and nothing happened so I restarted. So I dont know how to get that log - nothing came up with notepad. I did not touch anything while it was running

Here is the other log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4049

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/28/2010 10:01:10 PM
mbam-log-2010-04-28 (22-01-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 265970
Time elapsed: 2 hour(s), 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Our Family\My Documents\frogger.exe (Adware.FunWebProducts) -> Quarantined and deleted successfully.

One more thing - I realize we have no memory. I know we have a lot of pictures on here (that I am so afraid of losing) that I am working on getting off. And the kids have several big games. But I know there is probably a bunch of crap we DON"T need that we don't know if we can delete or not. Or would this stuff have gotten rid of that?

Thank you again for all your help. I am sorry if I am being non-geeky and if it is my fault these things are not working right. This is pretty advanced stuff for me!!!

Edited by Patty63, 28 April 2010 - 08:53 PM.

#12
RKinner

Posted 28 April 2010 - 10:27 PM

Malware Expert

Expert
24,625 posts

Don't worry about it. I don't expect you to be a techy. If you were you wouldn't be here. Just glad it worked since I really like OTL fixes. They save me a lot of time.

Not sure what happened to Combofix. Did you disable your antivirus while downloading and running it? If it left a log we can see it by:

Start, Run, cmd, OK

notepad  \combofix.txt

(I use two spaces to show where one space should be.)

If it says file not found then it didn't leave a log.

You are very short on hard drive space - at least on the C:\. Windows is not happy unless it has about 11% free and you have . The D:\ drive has lots of room so you could move stuff to it.

For pictures tho I think the smart thing to do is to download Picasa from Google then upload as many pictures as they will let you (I think it's 2 gig worth which is a lot of pictures.). That way if something happens to your hard drive which looks like it is getting a bit old then you will still have them.

I don't see a lot of stuff that I would automatically remove from your system. Limewire would be my top choice for something to remove. When you get a file via a P2P program like Limewire you are just getting it from someone else's PC. You don't know what infection their PC might have that might have been injected into file so it's sort of like Russian roulette.

I'm not sure you need both Open Office and Office 2007. Seems like you could drop one of them. You could also uninstall Google Earth. Beautiful program but you can always reinstall it when you get more memory freed up.

I do see some folders that could be removed since it appears the programs that created them are no longer installed:

C:\Documents and Settings\Our Family\Application Data\IObit
C:\Documents and Settings\Our Family\Application Data\RegClean
C:\Documents and Settings\Our Family\Application Data\AVG7

There may be corresponding folders under C:\Program Files\ which could also be removed. They may just be empty folders. Can't tell from here.

There are three scheduled tasks that I think I would remove:
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS\Tasks\SmartDefrag.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C828587-FC9D-4BB7-9476-602ABE8DB684}.job

The first one is just a nag to register. The second is a defrag job but I don't think you have enough free space for it to be successful. The last one updates RSS feeds in IE which you no longer have.

How is it running now?

Ron

#13
Patty63

Posted 29 April 2010 - 05:52 AM

New Member

Topic Starter
Member
8 posts

Hi. It seems to be much better - still slow but that is our space problem I know. But everything is back to normal!! Thank you so much.
For the start run cmd thing
when I go to the black box, thee is a curser at the end of the line
I'm not sure where to put code in - if I hit return it just keeps displaying the same thing
which is C documents - our family
so I am kinda confused on that part.
But as I said all is better now - I will try to do this other stuff later - have a busy
morning with my daughter! Thank you again and God Bless!

Just want to add - I did do the start run thing - no file. I didn't know if you wanted me to try combofix again or not. I deleted the things you told me to except the 3rd one - window task user feed - couldn't find that one.
We are in the process of doing the pictures on picasa. It is excellent! Thank you for suggesting this to me. It will take a while but will be well worth it I am sure.
And I totally agree with you on the Limewire but at the moment this is our only computer and my 17 year old son will probably have a heart attack if I delete it. Hopefully he will get a laptop in the future and solve that problem.
Also we keep getting the notice on the task bar _low on disk space (duh) and to click here to fix problem. Don't know if there is anything that can be done so I havent clicked it yet.
I know these pics take up most of our space though.
Just wanted to thank you again. This is an amazing thing to do for people for free. God Bless you!!\

If I could update one more time - SInce I last replied, we are lagging again. We took tons of pics off (filled the picasa) and it keeps freezing on pages and being slow again. I ran mbam - all clear. Any additional info would be super. Thank you again.

I know I am being a PITA but one more update - we were totally slowed down almost to freezing state again. Don't know why so I did chkdsk again and after it ran I got this message - a serious error has been fixed - then it said this....please advise!!

Troubleshoot a problem with a device driver
You received this message because a device driver installed on your computer caused Windows to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer.

Steps to address this problem
Use Windows Update to check for updated drivers

Click to go online to the Windows Update website

Click Custom to check for available updates.

In the left pane, under Select by Type, click Hardware, Optional. Select the updates for a device driver, click Review and install updates, and then click Install Updates.

Note
We recommend that you install all High-Priority updates. These updates improve your computer's security and stability.

Steps to work around this problem
Warning
These steps are designed to address a particular problem but might do so by temporarily disabling or removing some functionality on your computer.

If this problem occurred after you installed a new hardware device on your computer, the problem might be caused by the device driver. Go online to learn how to use the Dell Driver Reset Tool or uninstall the driver.

How do I disable or uninstall a device driver?

Click Start, and then click Control Panel. If you are using Classic View, click Switch to Category View.
Click Performance and Maintenance, and then click System.
Click the Hardware tab, and then click Device Manager.
Click the plus sign (+) next to the faulting device. You should now see the device listed.
Right-click the device, and then click Disable or Uninstall.
If this problem occurred after you installed new software, the software might have installed a driver that caused the problem. Try uninstalling the software.

How do I uninstall a program?

Click Start, click Control Panel, and then click Add or Remove Programs.

Click Change or Remove Programs, click the program you want to remove, and then click Change/Remove or Remove.

Note
If the program that you want to uninstall isn't listed, it might not have been created for your version of Windows. To uninstall the program, check the information that came with the program or contact the manufacturer for more information.

If you don't know the specific driver or software, go online to learn more about performing a System Restore.

.

Edited by Patty63, 03 May 2010 - 06:43 PM.