Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XPS 400 freezing problem [Solved]

Started by MEUNCFREE , May 09 2010 10:56 AM

This topic is locked

#1
MEUNCFREE

Posted 09 May 2010 - 10:56 AM

Member

Member
22 posts

Ladies & Gentlemen, I need your help. I posted this on the hardware forum and someone suggested I post this here. I hope I'm doing this right, if not I apologize. Please just tell me the correct way and I'll do whatever is necessary.

I am running an XPS 400 running XP Pro MCE (SP2) and these components:

2 Intel Celeron 2992 mhz processors

1gig memory

OYC523 motherboard

NVIDIA GeForce 6800 video adaptor

Dell 1905FP Monitor

100gb hard drive of which 47.1 gb are free

My computer came from dell with XP installed and unfortunately, I don't have any hard discs with which to reinstall.

I normally use FireFox for internet surfing and like to play downloaded games.

About a month ago, my computer started freezing. The screen would freeze and the sound would loop on the last sound made before the freeze occurred. I have downloaded and run Malware AntiMalware and originally found some problems that have been fixed for a week now and found no problems when I ran it last night. I have avast antivirus running full speed at this time as well. I also have windows firewall active.

I cannot figure out why my computer continues to freeze. SInce removing SP3 and getting rid of the problems with Malware, it doesn't freeze as often but still freezes. I've tried adjusting accellerations both sound and hardware to no avail. I've done a memory diagnostic and drive diagnostic at startup and both showed clear.

About a week ago, I left my computer off for several hours but accidently left my monitor on. when I booted up the computer, it wouldn't boot up and i got two lights lit up on the front of the terminal which I later found out was supposed to mean a potential problem with the graphics card. I turned the monitor off, turned the computer off and turned it back on and everything has been fine with that issue since.

The freezing happens some with FireFox, usually when playing games, but rarely when working with other applications.

I'm feeling lost and don't know what else to do. Any advice would be greatly appreciated.

Also, I cleaned out inside my computer and all fans appeared to be running fine at that time.

Here are my OTL and GMER logs.

OTL:

OTL logfile created on: 5/8/2010 8:48:34 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\MICHAEL ELLIOTT\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 623.00 Mb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 10000D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 47.15 Gb Free Space | 44.04% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 5.73 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELLIOTT
Current User Name: MICHAEL ELLIOTT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/08 20:44:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1170456750\ee\aolsoftware.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/06/17 09:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/05/09 15:40:26 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2005/05/06 16:12:22 | 000,466,944 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2005/03/23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/03/19 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2010/05/08 20:44:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/03/19 09:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/03/19 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2005/05/06 16:12:22 | 000,466,944 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/03/09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/30 13:29:03 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/01/10 20:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/08/18 19:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/07/08 18:57:00 | 003,198,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/17 14:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/04/01 01:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/02/25 02:20:02 | 000,375,936 | ---- | M] (Emuzed, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Angel.sys -- (Angel)
DRV - [2004/11/29 14:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/11/25 12:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 19:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/10 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 12:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/03/04 02:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 02:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 02:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/03/04 02:50:00 | 000,014,348 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:58:00 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...age={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.5341
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 19:05:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 13:24:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 13:24:37 | 000,000,000 | ---D | M]

[2009/09/05 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Extensions
[2010/05/07 22:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions
[2009/09/05 16:30:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 20:32:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/30 17:39:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/26 20:23:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/03/17 19:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\[email protected]
[2010/03/30 17:41:08 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\searchplugins\aol-search.xml
[2010/04/04 19:25:04 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\searchplugins\bing.xml
[2010/05/07 22:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/22 23:05:02 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170456750\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktopChanges = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Reg Error: Key error. File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (YInstStarter Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136063441875 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game05.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540022} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 06:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/08 20:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\computer error info
[2010/05/08 20:44:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
[2010/05/08 15:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\FlyWheelGames
[2010/05/05 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Fugazo
[2010/04/30 00:02:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/30 00:02:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/30 00:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/29 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/04/29 17:19:49 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/04/29 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/04/29 17:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\iolo
[2010/04/29 17:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/04/29 11:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/04/28 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/04/27 13:21:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/26 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2010/04/26 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/26 14:54:15 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/26 14:54:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/26 14:54:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/26 14:54:15 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/26 14:54:14 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/26 14:54:14 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/26 14:54:14 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/26 14:53:55 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/26 14:53:55 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/26 14:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/26 14:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/25 15:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2010/04/24 22:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\System Tweaker
[2010/04/24 17:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\JoyBits
[2010/04/18 23:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/04/18 23:44:17 | 000,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2010/04/18 23:44:17 | 000,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2010/04/18 23:44:16 | 000,023,372 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LCOINST.DLL
[2010/04/18 23:44:15 | 000,073,134 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMouFlt2.Sys
[2010/04/18 23:44:15 | 000,053,870 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042PR2.SYS
[2010/04/18 23:44:15 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2010/04/18 23:44:15 | 000,025,214 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidFlt2.Sys
[2010/04/18 23:44:15 | 000,014,348 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCcfltr.sys
[2010/04/18 18:43:21 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/18 18:41:14 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver PCL5 v5.0.1
[2010/04/18 18:40:35 | 000,000,000 | ---D | C] -- C:\Compaq
[2010/04/18 18:39:38 | 000,000,000 | ---D | C] -- C:\IBMTOOLS
[2010/04/18 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\MouseWare
[2010/04/18 18:19:50 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/04/18 18:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\DeviceDoctorSoftware
[2010/04/18 18:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Device Doctor
[2010/04/16 19:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/16 17:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/10 18:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\SupportSoft
[2010/04/10 18:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/10 18:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/04/10 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/04/10 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2010/04/09 22:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2010/04/09 22:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/04/08 20:59:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Recent
[2010/04/08 20:44:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/07 15:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Developer
[2010/04/06 19:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Deployment
[2010/04/04 19:03:53 | 000,000,000 | ---D | C] -- C:\615006a37bef80262f0f
[2010/04/04 18:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/04 18:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/04 17:40:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/04/04 17:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/02 22:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Malwarebytes
[2010/04/02 22:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 18:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\bak3CB.tmp
[2010/04/02 18:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\bak3BF.tmp
[2010/04/02 18:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\bak3BD.tmp
[2010/04/02 18:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\bak221.tmp
[2010/04/02 18:29:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\bak215.tmp
[2010/04/02 18:29:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\bak213.tmp
[2010/04/02 18:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Ghost Ship Studios
[2010/03/30 17:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2010/03/30 17:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/28 22:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Specialbit
[2010/03/28 13:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\My Saved Games
[2010/03/26 19:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mariaglorum
[2010/03/25 17:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Magic3
[2010/03/21 15:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\wedding
[2010/03/12 19:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Real
[2010/03/12 19:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/07 19:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/04 20:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\.SunRay Games
[2010/02/28 00:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\stories
[2010/02/27 16:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Gimagin
[2010/02/27 16:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gimagin
[2010/02/22 23:05:35 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/02/22 22:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/02/22 20:26:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/22 20:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\Dial-a-fix-v0.60.0.24
[2010/02/22 20:19:17 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\winsockfix.exe
[2010/02/14 16:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RECIPES
[2010/02/11 19:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/02/08 20:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Merscom LLC
[2010/02/08 20:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom LLC
[9 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/08 20:48:28 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1005.job
[2010/05/08 20:48:28 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1005.job
[2010/05/08 20:47:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DE32CB2-CAC5-4723-96B0-FA6C1388C9C5}.job
[2010/05/08 20:44:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
[2010/05/08 20:16:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/08 20:15:19 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/08 20:15:14 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1007.job
[2010/05/08 20:15:14 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1006.job
[2010/05/08 20:15:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/05/08 20:15:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/08 20:15:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/08 20:14:51 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 18:19:45 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1006.job
[2010/05/08 15:46:05 | 000,000,144 | ---- | M] () -- C:\WINDOWS\wwwbatch.ini
[2010/05/08 15:39:28 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100508_153919.reg
[2010/05/08 15:33:02 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\ntuser.dat
[2010/05/08 15:33:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\ntuser.ini
[2010/05/08 15:32:58 | 010,720,816 | -H-- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\IconCache.db
[2010/05/08 15:13:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 14:25:57 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Dark Tales Edgar Allan Poes Black Cat.exe.lnk
[2010/05/07 18:18:39 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Brunhilda BETA.lnk
[2010/05/07 18:16:59 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Master Wu and the Glory of the Ten Powers.lnk
[2010/05/07 18:16:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\MysteryCruise.exe.lnk
[2010/05/07 18:12:26 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Escape The Lost Kingdom.lnk
[2010/05/07 18:09:45 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tiger Eye - Curse of the Riddle Box.lnk
[2010/05/06 22:18:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/06 22:06:40 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1007.job
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 18:23:52 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Fiction_Fixers_-_Adventures_in_Wonderland_Premium.exe.lnk
[2010/05/05 17:45:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\prvlcl.dat
[2010/05/04 17:43:07 | 000,059,775 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7366109967.pdf
[2010/05/04 17:40:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ShoppingList.xls
[2010/05/03 17:56:26 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2010/05/01 22:09:40 | 000,338,329 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\bookmarks-2010-05-01.json
[2010/05/01 22:04:47 | 000,240,128 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 17:19:34 | 011,411,702 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\dell owners manual.pdf
[2010/04/30 11:34:02 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113400.reg
[2010/04/30 11:33:30 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113322.reg
[2010/04/30 11:33:07 | 000,002,786 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113304.reg
[2010/04/30 11:32:43 | 000,001,038 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113237.reg
[2010/04/30 11:31:02 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113101.reg
[2010/04/30 11:30:31 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113015.reg
[2010/04/30 11:29:38 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112928.reg
[2010/04/30 11:28:51 | 000,001,226 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112835.reg
[2010/04/30 11:24:15 | 000,444,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 11:24:15 | 000,073,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/30 00:02:41 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 21:11:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 21:11:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/29 17:22:43 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/04/29 17:20:30 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\System Mechanic.lnk
[2010/04/29 17:14:52 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/04/29 17:10:51 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\iolo technologies receipt.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 13:13:35 | 000,557,250 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 12:34:53 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 11:23:59 | 000,001,485 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Windows Explorer.lnk
[2010/04/29 11:02:43 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/28 20:13:43 | 001,580,024 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\HPPDU.exe
[2010/04/28 16:43:06 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\SIW.lnk
[2010/04/27 13:29:02 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/04/26 22:21:03 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\What's Running.lnk
[2010/04/26 16:16:30 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\CCleaner.lnk
[2010/04/26 15:32:50 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/04/26 14:54:15 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/25 15:43:34 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\AzadaAdventures.exe.lnk
[2010/04/25 15:33:23 | 000,061,456 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 22:28:51 | 000,060,918 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7365989984.pdf
[2010/04/24 22:14:17 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\GOOD PASSWORD LIST.doc
[2010/04/24 17:24:46 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Bigfoot.exe.lnk
[2010/04/21 14:46:38 | 000,093,096 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/04/21 14:46:28 | 002,316,712 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/20 20:11:27 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/20 20:11:24 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\8901B2EDF5.sys
[2010/04/20 15:40:40 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\american express letter.doc
[2010/04/18 18:15:20 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Device Doctor.lnk
[2010/04/17 15:55:48 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Escape from Frankensteins Castle.exe.lnk
[2010/04/16 19:40:05 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\dominic.exe.lnk
[2010/04/16 19:39:25 | 000,002,069 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Crime and Punishment Who Framed Raskolnikov.lnk
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/11 22:42:27 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/11 13:26:41 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\IMPORTANT - COMPUTER NUMBERS - IMPORTANT.doc
[2010/04/10 18:05:36 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\housecall.guid.cache
[2010/04/09 23:16:30 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\4-9-10 system.evt
[2010/04/09 23:16:08 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\4-9-10.evt
[2010/04/08 20:56:32 | 000,008,470 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100408_205604.reg
[2010/04/08 20:55:24 | 001,697,466 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100408_205150.reg
[2010/04/08 20:44:40 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/08 20:19:21 | 000,004,441 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/06 19:54:01 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Dell DXP051 .MRK
[2010/04/06 19:54:01 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
[2010/04/06 19:20:49 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\windiag.iso
[2010/04/04 19:18:49 | 000,061,456 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/02 22:47:53 | 000,016,020 | -HS- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 22:47:53 | 000,016,020 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/04/02 18:18:36 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Magic Encyclopedia 3 Illusions.lnk
[2010/04/01 23:22:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2010/03/31 21:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/31 19:22:02 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Redrum.exe.lnk
[2010/03/20 14:18:13 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Emerald_Curse.exe.lnk
[2010/03/12 19:08:12 | 000,000,100 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/03/12 19:06:02 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/12 19:03:23 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/06 00:43:59 | 000,007,930 | -HS- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\pDSP5YYtnffP
[2010/02/22 23:05:02 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/22 20:46:58 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100222_194637.reg
[2010/02/22 20:28:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/22 20:28:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/22 17:59:32 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\Dial-a-fix-v0.60.0.24.zip
[2010/02/22 17:56:10 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\winsockfix.exe
[2010/02/14 18:08:52 | 000,226,233 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\PFCU PIN DOCUMENT.jpg
[2010/02/14 18:06:28 | 000,359,089 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\2009 SOCIAL SECURITY EARNINGS HISTORY.jpg
[2010/02/14 18:04:12 | 000,768,493 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\2009 SOCIAL SECURITY STATEMENT.jpg
[2010/02/13 20:37:32 | 000,016,851 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\n1320136_3574.jpg
[2010/02/09 19:31:30 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Shutter_Island.exe.lnk
[2010/02/08 20:24:13 | 000,001,254 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/02/08 20:17:59 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[9 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 20:45:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\gmer.exe
[2010/05/08 16:46:34 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\computer issues.txt
[2010/05/08 15:46:05 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/05/08 15:39:20 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100508_153919.reg
[2010/05/08 14:25:56 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Dark Tales Edgar Allan Poes Black Cat.exe.lnk
[2010/05/07 18:18:39 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Brunhilda BETA.lnk
[2010/05/07 18:16:59 | 000,001,161 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Master Wu and the Glory of the Ten Powers.lnk
[2010/05/07 18:16:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\MysteryCruise.exe.lnk
[2010/05/07 18:12:26 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Escape The Lost Kingdom.lnk
[2010/05/07 18:09:45 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tiger Eye - Curse of the Riddle Box.lnk
[2010/05/05 18:23:52 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Fiction_Fixers_-_Adventures_in_Wonderland_Premium.exe.lnk
[2010/05/04 17:43:07 | 000,059,775 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7366109967.pdf
[2010/05/03 17:53:50 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\ntuser.dat
[2010/05/01 22:09:40 | 000,338,329 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\bookmarks-2010-05-01.json
[2010/05/01 17:19:17 | 011,411,702 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\dell owners manual.pdf
[2010/04/30 11:34:01 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113400.reg
[2010/04/30 11:33:24 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113322.reg
[2010/04/30 11:33:05 | 000,002,786 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113304.reg
[2010/04/30 11:32:38 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113237.reg
[2010/04/30 11:31:02 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113101.reg
[2010/04/30 11:30:16 | 000,002,552 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113015.reg
[2010/04/30 11:29:30 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112928.reg
[2010/04/30 11:28:42 | 000,001,226 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112835.reg
[2010/04/30 00:02:41 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 20:55:51 | 1071,804,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/29 17:22:43 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/04/29 17:20:30 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\System Mechanic.lnk
[2010/04/29 17:19:46 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/29 17:17:39 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/04/29 17:17:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/04/29 17:14:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/04/29 17:10:50 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\iolo technologies receipt.doc
[2010/04/28 20:13:37 | 001,580,024 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\HPPDU.exe
[2010/04/28 16:43:06 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\SIW.lnk
[2010/04/27 13:24:47 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/04/27 13:24:47 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/04/27 10:09:07 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\uniblue.txt
[2010/04/26 22:21:03 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\What's Running.lnk
[2010/04/26 14:54:15 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/25 15:43:34 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\AzadaAdventures.exe.lnk
[2010/04/24 22:28:51 | 000,060,918 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7365989984.pdf
[2010/04/24 17:24:46 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Bigfoot.exe.lnk
[2010/04/20 15:40:38 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\american express letter.doc
[2010/04/18 18:15:20 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Device Doctor.lnk
[2010/04/17 15:55:48 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Escape from Frankensteins Castle.exe.lnk
[2010/04/16 19:40:05 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\dominic.exe.lnk
[2010/04/16 19:39:25 | 000,002,069 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Crime and Punishment Who Framed Raskolnikov.lnk
[2010/04/11 22:42:27 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/11 13:26:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\IMPORTANT - COMPUTER NUMBERS - IMPORTANT.doc
[2010/04/10 18:05:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\housecall.guid.cache
[2010/04/09 23:16:30 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\4-9-10 system.evt
[2010/04/09 23:16:08 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\4-9-10.evt
[2010/04/08 20:56:09 | 000,008,470 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100408_205604.reg
[2010/04/08 20:52:00 | 001,697,466 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100408_205150.reg
[2010/04/08 20:19:12 | 000,004,441 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/07 14:49:58 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/06 19:54:01 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Dell DXP051 .MRK
[2010/04/06 19:54:01 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
[2010/04/06 19:20:33 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\windiag.iso
[2010/04/02 22:31:11 | 000,016,020 | -HS- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 22:31:11 | 000,016,020 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/04/02 18:18:36 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Magic Encyclopedia 3 Illusions.lnk
[2010/03/31 19:22:02 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Redrum.exe.lnk
[2010/03/20 14:18:13 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Emerald_Curse.exe.lnk
[2010/03/17 21:50:50 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1007.job
[2010/03/17 21:50:50 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1007.job
[2010/03/13 23:31:32 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1006.job
[2010/03/13 23:31:31 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1006.job
[2010/03/12 19:06:02 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/12 19:06:02 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1005.job
[2010/03/12 19:06:01 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1005.job
[2010/03/06 00:43:13 | 000,007,930 | -HS- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\pDSP5YYtnffP
[2010/02/22 20:46:40 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100222_194637.reg
[2010/02/22 20:18:58 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\Dial-a-fix-v0.60.0.24.zip
[2010/02/14 21:58:20 | 000,768,493 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\2009 SOCIAL SECURITY STATEMENT.jpg
[2010/02/14 21:58:20 | 000,359,089 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\2009 SOCIAL SECURITY EARNINGS HISTORY.jpg
[2010/02/14 21:58:20 | 000,226,233 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\PFCU PIN DOCUMENT.jpg
[2010/02/13 20:37:30 | 000,016,851 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\n1320136_3574.jpg
[2010/02/09 19:31:30 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Shutter_Island.exe.lnk
[2010/02/08 20:24:13 | 000,001,254 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/02/08 20:17:59 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/02/07 13:52:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/11/21 14:49:27 | 000,000,169 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009/08/28 19:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2008/12/13 10:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/10/22 11:10:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2008/10/17 18:02:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/26 20:30:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2007/11/10 15:43:04 | 000,000,362 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/23 18:51:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/01/23 18:20:54 | 000,000,121 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/23 18:20:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/01/23 18:20:36 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/16 17:50:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\CustomerPOIManager.INI
[2006/10/01 20:54:23 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/10/01 19:36:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/04/02 15:13:52 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8901B2EDF5.sys
[2006/03/23 23:29:00 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/03/23 23:26:45 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/02/19 22:29:36 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/30 22:37:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/01/24 14:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/14 15:18:48 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/30 19:46:51 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\F5EDB20189.sys
[2005/12/30 19:44:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MyCamUnInstall.dll
[2005/12/30 19:44:14 | 000,000,892 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/12/30 19:44:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/12/30 19:43:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini
[2005/12/30 19:38:40 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2005/12/30 19:38:40 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2005/12/30 19:38:40 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2005/12/30 19:38:40 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2005/12/30 19:38:39 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2005/12/30 19:38:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/12/30 19:38:13 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2005/12/30 19:38:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2005/12/30 19:38:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/12/30 19:38:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/12/30 19:38:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2005/12/30 19:37:55 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/12/30 18:49:44 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/30 18:32:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/28 21:19:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/28 21:10:33 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2005/12/28 20:39:10 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/12/28 20:39:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/12/28 20:38:28 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 10:21:48 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/19 19:05:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1998/06/14 04:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2008/12/21 17:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/04/09 22:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/04/26 14:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/12/30 12:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atom
[2010/01/26 19:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2010/04/09 19:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2006/01/08 18:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/01/08 18:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/07/30 13:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/06/23 23:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/08/02 14:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/02/27 16:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gimagin
[2009/10/24 15:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/11/23 02:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2007/12/29 18:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009/06/26 18:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2009/12/11 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/04/29 17:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/12/30 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA126.tmp
[2010/03/20 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/08 20:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom LLC
[2008/03/09 16:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2010/02/11 19:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/04/09 19:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2006/01/07 04:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/03/28 22:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/04/10 18:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2007/01/23 18:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/04/17 16:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/25 06:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2006/02/04 16:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/10/30 18:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2010/04/09 19:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/02/18 20:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/09/26 19:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2010/04/10 18:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/08 15:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/12/28 21:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/03/17 15:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/04/11 18:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/04/08 20:44:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/04 20:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\.SunRay Games
[2010/01/16 23:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\2monkeys
[2007/05/31 21:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\acccore
[2010/04/09 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Artogon
[2010/01/26 19:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\BanzaiInteractive
[2009/11/22 16:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Big Fish Games
[2009/07/25 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Braid
[2009/03/01 14:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\BrandX Games
[2010/04/09 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Cat's Eye Games
[2006/09/16 21:21:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\CrystalSpace
[2010/04/07 15:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Developer
[2010/04/18 18:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\DeviceDoctorSoftware
[2010/04/09 19:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Dragon Altar Games
[2010/05/08 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\ERS G-Studio
[2010/05/08 15:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\FlyWheelGames
[2009/10/11 00:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Friday's games
[2010/05/05 18:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Fugazo
[2010/04/09 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\funkitron
[2010/04/09 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Games
[2010/04/02 18:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Ghost Ship Studios
[2010/02/27 16:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Gimagin
[2008/11/23 02:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Gogii Games
[2009/02/02 00:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\HSA
[2010/05/01 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\iolo
[2009/01/04 16:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\IOMediaSupport6SZZ001s
[2009/02/01 18:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Island
[2010/01/24 15:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Island - The Lost Medallion
[2010/04/09 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\iWin
[2009/12/05 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Jetdogs Studios
[2010/04/24 17:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\JoyBits
[2005/12/30 19:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Leadertech
[2009/07/09 16:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\MA
[2010/03/25 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Magic3
[2010/03/26 19:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mariaglorum
[2010/02/06 16:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Meridian93
[2010/03/20 17:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Merscom
[2010/02/08 20:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Merscom LLC
[2006/01/13 01:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\MSNInstaller
[2009/02/28 18:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\MysteryStudio
[2006/01/07 04:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Otto
[2007/01/23 18:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\pdf995
[2009/10/24 12:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\play2p
[2010/04/09 20:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\PlayFirst
[2009/12/25 06:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\PoBros
[2008/12/18 19:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Pogo Games
[2008/06/07 15:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Restorer
[2008/09/01 13:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Righteous Kill
[2008/10/26 17:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\SecretIslandEng
[2010/03/28 22:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Specialbit
[2009/01/04 16:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Spinapse
[2009/03/29 15:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\SpinTop
[2009/08/16 16:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\SpinTop Games
[2009/01/04 16:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Suspects and Clues Players
[2009/01/04 16:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Suspects and Clues Prefs
[2010/04/29 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\System Tweaker
[2008/09/01 12:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\TMInc
[2007/02/08 19:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Viewpoint
[2006/10/08 00:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\WildTangent
[2008/07/23 22:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Windows Search
[2007/05/06 14:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Zylom
[2010/05/08 20:47:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DE32CB2-CAC5-4723-96B0-FA6C1388C9C5}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/12/19 23:03:09 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/12/19 23:03:09 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/26 15:32:50 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/01/06 14:02:51 | 000,006,700 | ---- | M] () -- C:\DATA_LOG.TXT
[2006/07/30 13:28:39 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2005/12/28 20:43:52 | 000,006,742 | RH-- | M] () -- C:\dell.sdr
[2007/03/10 13:13:49 | 000,000,110 | ---- | M] () -- C:\DownloadLog.txt
[2010/05/08 20:14:51 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 17:56:25 | 000,115,652 | ---- | M] () -- C:\hpfr3420.log
[2010/05/03 17:56:26 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2005/12/30 16:43:25 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/12/26 10:29:21 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2010/05/02 19:08:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/29 11:02:43 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2006/10/07 21:31:12 | 000,000,000 | ---- | M] () -- C:\NvLog.txt
[2007/01/06 14:02:48 | 000,001,821 | ---- | M] () -- C:\OLD_LOGS.TXT
[2010/05/08 20:14:53 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2007/01/06 14:03:48 | 000,335,760 | ---- | M] () -- C:\QDATA.IDX
[2007/01/06 14:03:48 | 002,671,704 | ---- | M] () -- C:\QDATA.QDF
[2007/01/06 14:03:48 | 000,015,360 | ---- | M] () -- C:\QDATA.QEL
[2007/01/06 14:02:51 | 000,000,032 | ---- | M] () -- C:\QDATA.QPH
[2006/09/02 13:54:34 | 000,001,320 | ---- | M] () -- C:\rapport.txt
[2010/02/07 13:57:06 | 000,000,023 | ---- | M] () -- C:\sav_BF.txt
[2005/12/28 21:05:56 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/01/30 18:18:49 | 000,000,000 | ---- | M] () -- C:\UAC Redirection test.log
[2009/12/20 03:26:34 | 000,843,898 | ---- | M] () -- C:\VETlog.txt
[2010/04/01 23:22:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 00:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 06:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 06:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 06:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[9 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB71BBA2
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C012695
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF4E162
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4357F54D
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D29191BC
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CAF6B12
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DA71AE7
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC076721
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F55EB66
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EB547C3
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4C72290
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9732698E
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94878DD7
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:732E4B72
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4009F120
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:235C65B1
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AC1C931
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C2E33C1
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F288A0A
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C477099
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45292A84
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA67B3D9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFB01D2B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97A5A47
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FBE55EA
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D17FCE3E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62672BC8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEBFFE08
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1000DD4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2151AD3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7290F122
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D278FB5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E10A82
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:670278F0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:068E6CBC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E4DE21B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B9B0020
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F80E25A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB1EC531
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA3722
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:828F965F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A484ED8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42509EA1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7972CF54
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5000922E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFA57EAC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BF7ADD1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE08881
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA28756E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8135F61
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C88C8E5
< End of report >

My GMER Log

OTL Extras logfile created on: 5/8/2010 8:48:34 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\MICHAEL ELLIOTT\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 623.00 Mb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 10000D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 47.15 Gb Free Space | 44.04% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 5.73 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELLIOTT
Current User Name: MICHAEL ELLIOTT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1170456750\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1170456750\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL Topspeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1170456750\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1170456750\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\ehome\ehshell.exe" = C:\WINDOWS\ehome\ehshell.exe:*:Enabled:Media Center -- (Microsoft Corporation)
"C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\Downloaded Program Updates\LimeWire\LimeWire.exe" = C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\Downloaded Program Updates\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{07397346-C8BA-4F57-A625-55AC31108AEC}" = CyberPower PowerPanel Personal Edition
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{24C67B54-0718-445E-B663-3138D9246BD1}" = Cisco Systems VPN Client 4.8.00.0440
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{4D2A18B5-934B-4669-9FE5-8550E0ECF771}" = Mystery of Cleopatra
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{53885844-2604-4C08-9F67-1DD9C70D8513}" = DVRMSToolbox
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.76
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.6
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Series Drivers
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{72ACDD15-4C4A-4449-8791-951770DC9C0B}" = Cajun Cop
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{863DC643-4D85-4736-985C-2EE9465C74EA}" = DVR 2 WMV
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF872EF-E6C5-41C8-BCA2-1990396D21DE}" = The Print Shop CD Label Creator
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99E4A778-FCAA-488C-9495-2718A64A7C00}" = Master Wu and the Glory of the Ten Powers
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1740A17-F7D1-4204-9FA1-25177372AEC7}" = Tiger Eye - Curse of the Riddle Box
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7C9A07F-EC37-40C8-B6C2-5BAC806FD668}" = Magellan RoadMate POI Manager
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D36F6AFB-7EFF-4631-A773-24DBB8FDB318}" = Sherlock Holmes - The Mystery of the Persian Carpet
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{DD9F52EA-55A8-4BBE-AB2C-9B3F5044BD10}" = Jewel Quest Mysteries
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD5A6AFF-BC64-4B0F-B7B8-B416106CA94A}" = Escape The Lost Kingdom
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ArcSoft VideoImpression 16" = ArcSoft VideoImpression 1.6
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games Client
"Brunhilda and the Dark Crystal" = Brunhilda and the Dark Crystal 1.0 Beta
"CCleaner" = CCleaner
"CLEARview Twain Driver" = CLEARview Twain Driver
"Crime and Punishment Who Framed Raskolnikov 1.00" = Crime and Punishment Who Framed Raskolnikov 1.00
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Flick_is1" = DVD Flick
"DVDx_is1" = DVDx
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eVision Control Panel" = eVision Control Panel
"FlashGet" = FlashGet 1.9.6.1073
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.9
"Last Half of Darkness: Tomb of Zojir_is1" = Last Half of Darkness: Tomb of Zojir v1.2.3
"Lost Secrets - Ancient Mysteries" = Lost Secrets - Ancient Mysteries
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.2.1 build 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PROSet" = Intel® PRO Network Connections Drivers
"RealArcade 1.2" = RealArcade
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SwordSearcher_5_InnoSetup_is1" = SwordSearcher 5.4.1.2
"TaxCut Basic 2006" = TaxCut Basic 2006
"Total Video Converter_is1" = Total Video Converter 2.603
"UHS Reader (Version 5.21)" = UHS Reader (Version 5.21)
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 1.0.2
"Unexpected Journey 1.00" = Unexpected Journey 1.00
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2010 5:11:36 PM | Computer Name = ELLIOTT | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

Error - 5/8/2010 5:11:36 PM | Computer Name = ELLIOTT | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

Error - 5/8/2010 5:11:36 PM | Computer Name = ELLIOTT | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {03FE075D-96F4-4C23-AEB5-85677B759D82} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.308 s

Error - 5/8/2010 5:11:43 PM | Computer Name = ELLIOTT | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

Error - 5/8/2010 5:11:46 PM | Computer Name = ELLIOTT | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/8/2010 6:03:15 PM | Computer Name = ELLIOTT | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/8/2010 6:16:25 PM | Computer Name = ELLIOTT | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/8/2010 8:15:25 PM | Computer Name = ELLIOTT | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

Error - 5/8/2010 8:15:26 PM | Computer Name = ELLIOTT | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/8/2010 8:15:29 PM | Computer Name = ELLIOTT | Source = EventSystem | ID = 4610
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80040154 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
This may indicate that the COM+ Event System is not properly installed. Please
try reinstalling the COM+ Event Syste

[ System Events ]
Error - 5/8/2010 5:12:04 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 5/8/2010 5:12:04 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The vsdatant service failed to start due to the following error: %%2

Error - 5/8/2010 5:12:04 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 5/8/2010 5:12:06 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 5/8/2010 5:12:12 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147949456

Error - 5/8/2010 8:15:25 PM | Computer Name = ELLIOTT | Source = Microsoft Antimalware | ID = 5101
Description = %%861 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80070002 Error Description: The system
cannot find the file specified.

Error - 5/8/2010 8:15:46 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 5/8/2010 8:15:46 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The vsdatant service failed to start due to the following error: %%2

Error - 5/8/2010 8:15:46 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 5/8/2010 8:15:55 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147949456

< End of report >

Thank you for your time and consideration.

#2
emeraldnzl

Posted 10 May 2010 - 02:16 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello MEUNCFREE,

Welcome to the Malware forum.

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[9 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB71BBA2
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C012695
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF4E162
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4357F54D
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D29191BC
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CAF6B12
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DA71AE7
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC076721
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F55EB66
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EB547C3
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4C72290
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9732698E
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94878DD7
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:732E4B72
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4009F120
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:235C65B1
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AC1C931
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C2E33C1
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F288A0A
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C477099
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45292A84
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA67B3D9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFB01D2B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97A5A47
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FBE55EA
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D17FCE3E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62672BC8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEBFFE08
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1000DD4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2151AD3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7290F122
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D278FB5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E10A82
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:670278F0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:068E6CBC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E4DE21B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B9B0020
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F80E25A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB1EC531
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA3722
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:828F965F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A484ED8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42509EA1
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7972CF54
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5000922E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFA57EAC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BF7ADD1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE08881
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA28756E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8135F61
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C88C8E5

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Next

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
OTL fix log
ComboFix.txt

#3
MEUNCFREE

Posted 10 May 2010 - 05:06 PM

Member

Topic Starter
Member
22 posts

emerald, again, your assistance is greatly appreciated!

OTL Log:

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vso\en-us\us\aolcfg.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vso\en-us\us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vso\en-us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vso\49284929.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vso\mcdelta.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vso folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\temp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\shared\mcunilib.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\shared folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\McAppIns.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\mcappins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\mcinsres.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\mcuninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\Uninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\uninst.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\VsCfgIns.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vsocfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vsoins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\vsoins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp\VsoVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA126.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak213.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak215.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak221.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak3BD.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak3BF.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak3CB.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak4C0.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak4C2.tmp folder deleted successfully.
C:\WINDOWS\system32\drivers\bak4CE.tmp folder deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB71BBA2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9C012695 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EF4E162 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E945C214 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4357F54D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9046031 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D29191BC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:090FB735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8435088 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CAF6B12 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3DA71AE7 deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2871B698 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC076721 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98982C88 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F55EB66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EB547C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D4C72290 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9732698E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA6CA4C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94878DD7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:732E4B72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C66222F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4009F120 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:235C65B1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AC1C931 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C2E33C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F288A0A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:410921CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C477099 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45292A84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CA67B3D9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFB01D2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A97A5A47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:700B9342 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3FBE55EA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D17FCE3E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:943E8182 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:62672BC8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:848CC150 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:067F588D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:918B7566 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:177313FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AEBFFE08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1000DD4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9A953997 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38B32B54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C2151AD3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7290F122 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B30D9A49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D278FB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F9E10A82 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:670278F0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:068E6CBC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E4DE21B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8944C195 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E650B916 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B9B0020 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6425A235 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B4980368 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F80E25A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB1EC531 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2865730 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8ADA3722 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:828F965F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A484ED8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2762B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B212553 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42509EA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5294695 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7972CF54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5000922E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AFA57EAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B845F669 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09064307 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D226A81A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:453190EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0668210 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31106FCB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BF7ADD1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07241935 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BE08881 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:88698068 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:409A775B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA28756E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F3EFA8A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B904C348 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8135F61 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C88C8E5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 91700 bytes
->FireFox cache emptied: 3933110 bytes
->Flash cache emptied: 434 bytes

User: ADRIENNE ELLIOTT
->Temp folder emptied: 93763 bytes
->Temporary Internet Files folder emptied: 21711711 bytes
->Java cache emptied: 355523 bytes
->FireFox cache emptied: 58963834 bytes
->Apple Safari cache emptied: 1351689 bytes
->Flash cache emptied: 78266 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: desktop

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 348 bytes

User: LocalSettings

User: MICHAEL ELLIOTT
->Temp folder emptied: 9043609 bytes
->Temporary Internet Files folder emptied: 126363 bytes
->Java cache emptied: 103532 bytes
->FireFox cache emptied: 91517622 bytes
->Apple Safari cache emptied: 88526968 bytes
->Flash cache emptied: 41847 bytes

User: NetworkService
->Temp folder emptied: 1760716 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: REGINA ELLIOTT
->Temp folder emptied: 100827 bytes
->Temporary Internet Files folder emptied: 12306415 bytes
->Java cache emptied: 402482 bytes
->FireFox cache emptied: 47388925 bytes
->Flash cache emptied: 147139 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1567830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 223233 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 324.00 mb

OTL by OldTimer - Version 3.2.4.1 log created on 05102010_182454

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Combofix log:

ComboFix 10-05-10.02 - MICHAEL ELLIOTT 05/10/2010 18:40:24.1.2 - x86
Running from: c:\documents and settings\MICHAEL ELLIOTT\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 22:24 . 2010-05-10 22:24 -------- dc----w- C:\_OTL
2010-05-08 19:16 . 2010-05-08 19:16 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\FlyWheelGames
2010-05-05 22:24 . 2010-05-05 22:24 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Fugazo
2010-05-05 00:23 . 2010-05-05 21:45 0 ----a-w- c:\documents and settings\ADRIENNE ELLIOTT\Local Settings\Application Data\prvlcl.dat
2010-05-04 00:04 . 2010-05-04 00:04 -------- d-----w- c:\documents and settings\ADRIENNE ELLIOTT\Application Data\iolo
2010-05-03 23:19 . 2010-05-03 23:19 -------- d-----w- c:\documents and settings\ADRIENNE ELLIOTT\Application Data\Malwarebytes
2010-05-03 22:56 . 2010-05-03 22:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-03 13:58 . 2010-05-03 13:58 -------- d-----w- c:\documents and settings\REGINA ELLIOTT\Application Data\iolo
2010-04-30 04:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 04:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 04:02 . 2010-05-02 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 21:21 . 2010-04-29 21:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-04-29 21:19 . 2010-04-21 18:46 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-04-29 21:19 . 2010-04-21 18:46 2316712 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-29 21:17 . 2010-01-28 22:13 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-04-29 21:17 . 2010-01-28 22:13 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-04-29 21:16 . 2010-04-29 21:16 -------- d-----w- c:\program files\iolo
2010-04-29 21:14 . 2010-04-29 21:14 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-04-29 21:12 . 2010-05-01 22:14 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo
2010-04-29 21:12 . 2010-04-29 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-04-29 15:44 . 2010-04-29 16:17 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-29 15:35 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2010-04-28 20:42 . 2010-04-28 20:43 -------- d-----w- c:\program files\SIW
2010-04-27 17:27 . 2010-04-27 17:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\PlayFirst
2010-04-27 13:37 . 2010-04-27 13:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-27 02:20 . 2010-04-27 02:29 -------- d-----w- c:\program files\WhatsRunning
2010-04-27 02:04 . 2010-04-27 02:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-27 02:03 . 2010-04-27 02:03 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-26 18:54 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-26 18:54 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-26 18:54 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-26 18:54 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-26 18:54 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-26 18:54 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-26 18:54 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-26 18:53 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-26 18:53 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-26 18:53 . 2010-04-26 18:53 -------- d-----w- c:\program files\Alwil Software
2010-04-26 18:53 . 2010-04-26 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-25 19:54 . 2010-04-25 19:54 -------- d-----w- c:\program files\Common Files\supportsoft
2010-04-25 02:20 . 2010-04-29 21:52 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\System Tweaker
2010-04-24 21:25 . 2010-04-24 21:25 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\JoyBits
2010-04-18 22:43 . 2010-04-18 22:43 -------- dc----w- C:\Intel
2010-04-18 22:41 . 2010-04-18 22:52 -------- dc----w- C:\HP Universal Print Driver PCL5 v5.0.1
2010-04-18 22:40 . 2010-04-18 22:40 -------- dc----w- C:\Compaq
2010-04-18 22:39 . 2010-04-18 22:39 -------- dc----w- C:\IBMTOOLS
2010-04-18 22:20 . 2010-04-19 03:44 -------- d-----w- c:\program files\MouseWare
2010-04-18 22:19 . 2010-04-18 22:19 -------- dc----w- C:\SWSetup
2010-04-18 22:15 . 2010-04-18 22:15 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\DeviceDoctorSoftware
2010-04-18 22:15 . 2010-04-18 22:15 -------- d-----w- c:\program files\Device Doctor
2010-04-16 23:04 . 2010-04-30 15:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-16 21:58 . 2010-05-08 21:57 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 22:50 . 2006-01-14 16:42 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-05-10 21:48 . 2005-12-29 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-08 19:17 . 2007-04-15 21:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-08 19:13 . 2006-11-19 19:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-08 18:26 . 2009-10-01 22:35 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\ERS G-Studio
2010-05-07 22:16 . 2009-08-13 21:23 -------- d-----w- c:\program files\LeeGTs Games
2010-05-05 21:45 . 2009-12-11 00:18 0 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Local Settings\Application Data\prvlcl.dat
2010-05-05 21:45 . 2009-12-03 21:18 0 ----a-w- c:\documents and settings\REGINA ELLIOTT\Local Settings\Application Data\prvlcl.dat
2010-05-01 03:20 . 2006-01-02 22:38 -------- d-----w- c:\program files\Shockwave.com
2010-05-01 02:41 . 2005-12-29 01:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 19:27 . 2010-04-29 23:42 1543 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo\restore.bat
2010-04-30 15:25 . 2008-07-24 02:34 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-30 15:15 . 2008-07-12 21:38 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-30 00:34 . 2010-04-30 00:34 518 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo\Registry\Last\restore.bat
2010-04-29 21:52 . 2007-12-17 18:06 -------- d-----w- c:\program files\FlashGet
2010-04-29 21:52 . 2006-03-01 03:06 -------- d-----w- c:\program files\Support Tools
2010-04-29 21:52 . 2006-02-20 01:07 -------- d-----w- c:\program files\UHS
2010-04-26 21:06 . 2010-04-29 21:13 19552856 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo\Installers\SystemMechanic.exe
2010-04-26 20:16 . 2008-09-06 00:59 -------- d-----w- c:\program files\CCleaner
2010-04-26 00:11 . 2009-04-16 20:14 117760 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 19:56 . 2010-04-10 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-04-25 19:54 . 2010-04-10 22:03 -------- d-----w- c:\program files\Dell Support Center
2010-04-21 00:11 . 2006-02-20 02:29 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-21 00:11 . 2006-04-02 19:13 88 --sh--r- c:\windows\system32\8901B2EDF5.sys
2010-04-19 03:44 . 2010-04-19 03:44 -------- d-----w- c:\program files\Common Files\Logitech
2010-04-18 22:44 . 2005-12-29 01:01 -------- d-----w- c:\program files\Intel
2010-04-17 20:10 . 2007-05-23 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-04-17 19:54 . 2010-02-06 18:19 -------- d-----w- c:\program files\Games
2010-04-12 02:42 . 2009-06-05 22:51 -------- d-----w- c:\program files\QuickTime
2010-04-12 02:40 . 2007-12-19 03:20 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 22:04 . 2010-04-10 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-04-10 22:04 . 2010-04-10 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-04-10 02:09 . 2010-04-10 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-10 00:06 . 2008-08-02 16:19 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\PlayFirst
2010-04-10 00:03 . 2007-03-10 17:27 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iWin
2010-04-10 00:02 . 2008-05-09 13:45 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Games
2010-04-10 00:01 . 2007-03-11 20:50 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\funkitron
2010-04-09 23:59 . 2008-02-23 20:24 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\dvdcss
2010-04-09 23:59 . 2008-10-16 22:20 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Dragon Altar Games
2010-04-09 23:58 . 2008-12-22 22:47 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Cat's Eye Games
2010-04-09 23:58 . 2009-01-24 20:58 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\BigFishv1002
2010-04-09 23:57 . 2008-11-16 22:28 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Artogon
2010-04-09 23:52 . 2009-04-11 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-04-09 23:50 . 2006-01-29 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2010-04-09 23:44 . 2009-01-04 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-04-09 23:16 . 2008-06-17 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-09 01:25 . 2008-09-06 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 00:44 . 2010-04-07 18:49 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-09 00:44 . 2010-04-09 00:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-07 22:00 . 2005-12-29 01:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-07 21:58 . 2005-12-29 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-07 19:55 . 2010-04-07 19:55 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Developer
2010-04-07 00:09 . 2010-03-30 21:39 -------- d-----w- c:\program files\AOL Toolbar
2010-04-07 00:09 . 2007-06-11 01:01 -------- d-----w- c:\program files\bfgclient
2010-04-05 22:57 . 2006-03-01 06:30 61456 ----a-w- c:\documents and settings\ADRIENNE ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 23:59 . 2005-12-30 20:42 61456 ----a-w- c:\documents and settings\REGINA ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 23:18 . 2005-12-30 21:05 61456 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 22:57 . 2010-04-04 22:57 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 21:24 . 2010-04-04 21:24 3584 ----a-r- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-04 21:24 . 2010-04-04 21:24 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-04 21:24 . 2009-11-07 08:53 -------- d-----w- c:\program files\MSECache
2010-04-03 02:57 . 2010-04-03 02:57 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Malwarebytes
2010-04-03 02:56 . 2010-04-03 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-03 02:39 . 2010-03-06 04:46 52224 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-02 22:18 . 2010-04-02 22:18 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Ghost Ship Studios
2010-03-30 21:39 . 2010-03-30 21:39 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-29 02:55 . 2010-01-24 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Particles
2010-03-29 02:55 . 2010-03-29 02:55 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Specialbit
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Mariaglorum
2010-03-25 22:11 . 2010-03-25 21:33 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Magic3
2010-03-20 21:18 . 2009-10-22 22:34 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Merscom
2010-03-20 21:18 . 2009-10-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-03-12 23:06 . 2010-03-12 23:06 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-12 23:06 . 2010-03-12 23:06 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-12 23:06 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-12 23:05 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-12 23:05 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-12 23:05 . 2010-03-12 23:05 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-12 23:05 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-12 23:05 . 2010-03-12 23:05 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-12 23:05 . 2005-12-29 01:05 -------- d-----w- c:\program files\Common Files\Real
2010-03-12 23:04 . 2005-12-29 01:05 -------- d-----w- c:\program files\Real
2010-03-12 23:04 . 2010-03-12 23:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-12 21:47 . 2010-03-12 21:47 102400 ----a-w- c:\documents and settings\All Users\Application Data\AOL Toolbar\ieToolbar\resources\en-US\aoltbres.dll
2010-03-10 06:15 . 2005-08-16 10:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:16 . 2009-10-03 01:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:31 . 2008-07-12 20:08 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 00:17 . 2010-02-19 00:17 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
2010-02-19 00:17 . 2010-02-19 00:17 148 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_86F7CCC4734A95548A045F0E01399415.dll
2010-02-19 00:17 . 2010-02-19 00:17 122 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9D1D7EAC497396144BDD69A4BD5C43EE.dll
2010-02-19 00:17 . 2010-02-19 00:17 220 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_44858835406280C4F976D19D7CD05831.dll
2010-02-19 00:17 . 2010-02-19 00:17 594 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B902C5BBDD824645A3773B5595141BC.dll
2010-02-19 00:17 . 2010-02-19 00:17 58 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_211951C3B47555243B3E344B1F5D7306.dll
2010-02-19 00:17 . 2010-02-19 00:17 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-02-19 00:17 . 2010-02-19 00:17 31 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425.dll
2010-02-19 00:17 . 2010-02-19 00:17 141 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_346CD36858D4637489C5E29E64C547AE.dll
2010-02-19 00:17 . 2010-02-19 00:17 139 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll
2010-02-19 00:17 . 2010-02-19 00:17 423 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2010-02-16 17:35 . 2008-07-12 20:08 2143744 ----a-w- c:\windows\system32\ntoskrnl.exe
.

------- Sigcheck -------

[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-05-09 262144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1170456750\ee\AOLSoftware.exe" [2007-10-08 41824]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-21 01:17 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^MICHAEL ELLIOTT^Start Menu^Programs^Startup^AOL Desktop.lnk]
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MICHAEL ELLIOTT^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-04-28 18:34 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2005-12-29 01:14 168448 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-09-18 18:46 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-09-18 18:46 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-11-17 16:10 86016 ----a-w- c:\progra~1\MODEMO~1\moh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-08 22:57 7110656 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-14 23:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-12 23:03 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170456750\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170456750\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\ehome\\ehshell.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\documents and settings\MICHAEL ELLIOTT\My Documents\My Videos\games\VMLaunch\BuddyVM.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\55.tmp [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
S2 aswFsBlk;aswFsBlk; [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-04-21 704432]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-04-21 704432]
S3 Angel;Angel MPEG Device;c:\windows\system32\DRIVERS\Angel.sys [2005-02-25 375936]

.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\User_Feed_Synchronization-{6DE32CB2-CAC5-4723-96B0-FA6C1388C9C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\MICHAEL ELLIOTT\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-dimsntfy - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86486D50]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75bffc3
\Driver\ACPI -> ACPI.sys @ 0xf7452cb8
\Driver\atapi -> sfsync02.sys @ 0xf780bd60
\Driver\iaStor -> 0x86486d50
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel® PRO/1000 PL Network Connection -> SendCompleteHandler -> 0x85be5330
PacketIndicateHandler -> NDIS.sys @ 0xf71ffb21
SendHandler -> NDIS.sys @ 0xf71dd87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\55.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3728)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\dllhost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\stsystra.exe
c:\program files\MouseWare\system\em_exec.exe
c:\windows\ehome\mcrdsvc.exe
.
**************************************************************************
.
Completion time: 2010-05-10 18:56:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 22:56

Pre-Run: 50,774,614,016 bytes free
Post-Run: 51,294,441,472 bytes free

- - End Of File - - C2657928E1D1472F609E4A92823490C3

I patiently await your next chapter in this saga.

#4
emeraldnzl

Posted 10 May 2010 - 05:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello MEUNCFREE,

Please go to Start > Run.

Copy and past the contents of the code box below and click enter.

mbr -f

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
MEMSWEEP2

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Finally in this post

Double click on the OTL icon to run it again. Make sure all other windows are closed to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so.

Please post the log it produces back here

So when you return please post
ComboFix.txt
OTL scan log - OTL.txt

#5
MEUNCFREE

Posted 10 May 2010 - 08:50 PM

Member

Topic Starter
Member
22 posts

Here are the logs. Also, when i ran Combofix,it gave me a "C:\boot.ini not properly formatted" message when trying to set a reset point. Just thought I'd mention it. Again, thanks for all your help.

ComboFix log:

ComboFix 10-05-10.02 - MICHAEL ELLIOTT 05/10/2010 22:19:08.2.2 - x86
Running from: c:\documents and settings\MICHAEL ELLIOTT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MICHAEL ELLIOTT\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-10 22:24 . 2010-05-10 22:24 -------- dc----w- C:\_OTL
2010-05-08 19:16 . 2010-05-08 19:16 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\FlyWheelGames
2010-05-05 22:24 . 2010-05-05 22:24 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Fugazo
2010-05-05 00:23 . 2010-05-05 21:45 0 ----a-w- c:\documents and settings\ADRIENNE ELLIOTT\Local Settings\Application Data\prvlcl.dat
2010-05-04 00:04 . 2010-05-04 00:04 -------- d-----w- c:\documents and settings\ADRIENNE ELLIOTT\Application Data\iolo
2010-05-03 23:19 . 2010-05-03 23:19 -------- d-----w- c:\documents and settings\ADRIENNE ELLIOTT\Application Data\Malwarebytes
2010-05-03 22:56 . 2010-05-03 22:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-03 13:58 . 2010-05-03 13:58 -------- d-----w- c:\documents and settings\REGINA ELLIOTT\Application Data\iolo
2010-04-30 04:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-30 04:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 04:02 . 2010-05-02 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 21:21 . 2010-04-29 21:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-04-29 21:19 . 2010-04-21 18:46 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-04-29 21:19 . 2010-04-21 18:46 2316712 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-29 21:17 . 2010-01-28 22:13 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-04-29 21:17 . 2010-01-28 22:13 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-04-29 21:16 . 2010-04-29 21:16 -------- d-----w- c:\program files\iolo
2010-04-29 21:14 . 2010-04-29 21:14 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-04-29 21:12 . 2010-05-01 22:14 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo
2010-04-29 21:12 . 2010-04-29 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-04-29 15:44 . 2010-04-29 16:17 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-29 15:35 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2010-04-28 20:42 . 2010-04-28 20:43 -------- d-----w- c:\program files\SIW
2010-04-27 17:27 . 2010-04-27 17:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\PlayFirst
2010-04-27 13:37 . 2010-04-27 13:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-27 02:20 . 2010-04-27 02:29 -------- d-----w- c:\program files\WhatsRunning
2010-04-27 02:04 . 2010-04-27 02:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-27 02:03 . 2010-04-27 02:03 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-26 18:54 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-26 18:54 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-26 18:54 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-26 18:54 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-26 18:54 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-26 18:54 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-26 18:54 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-26 18:53 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-26 18:53 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-26 18:53 . 2010-04-26 18:53 -------- d-----w- c:\program files\Alwil Software
2010-04-26 18:53 . 2010-04-26 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-25 19:54 . 2010-04-25 19:54 -------- d-----w- c:\program files\Common Files\supportsoft
2010-04-25 02:20 . 2010-04-29 21:52 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\System Tweaker
2010-04-24 21:25 . 2010-04-24 21:25 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\JoyBits
2010-04-18 22:43 . 2010-04-18 22:43 -------- dc----w- C:\Intel
2010-04-18 22:41 . 2010-04-18 22:52 -------- dc----w- C:\HP Universal Print Driver PCL5 v5.0.1
2010-04-18 22:40 . 2010-04-18 22:40 -------- dc----w- C:\Compaq
2010-04-18 22:39 . 2010-04-18 22:39 -------- dc----w- C:\IBMTOOLS
2010-04-18 22:20 . 2010-04-19 03:44 -------- d-----w- c:\program files\MouseWare
2010-04-18 22:19 . 2010-04-18 22:19 -------- dc----w- C:\SWSetup
2010-04-18 22:15 . 2010-04-18 22:15 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\DeviceDoctorSoftware
2010-04-18 22:15 . 2010-04-18 22:15 -------- d-----w- c:\program files\Device Doctor
2010-04-16 23:04 . 2010-04-30 15:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-16 21:58 . 2010-05-08 21:57 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 02:28 . 2006-01-14 16:42 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-05-08 19:17 . 2007-04-15 21:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-08 19:13 . 2006-11-19 19:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-08 18:26 . 2009-10-01 22:35 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\ERS G-Studio
2010-05-07 22:16 . 2009-08-13 21:23 -------- d-----w- c:\program files\LeeGTs Games
2010-05-05 21:45 . 2009-12-11 00:18 0 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Local Settings\Application Data\prvlcl.dat
2010-05-05 21:45 . 2009-12-03 21:18 0 ----a-w- c:\documents and settings\REGINA ELLIOTT\Local Settings\Application Data\prvlcl.dat
2010-05-01 03:20 . 2006-01-02 22:38 -------- d-----w- c:\program files\Shockwave.com
2010-05-01 02:41 . 2005-12-29 01:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 19:27 . 2010-04-29 23:42 1543 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo\restore.bat
2010-04-30 15:25 . 2008-07-24 02:34 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-30 15:15 . 2008-07-12 21:38 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-30 00:34 . 2010-04-30 00:34 518 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo\Registry\Last\restore.bat
2010-04-29 21:52 . 2007-12-17 18:06 -------- d-----w- c:\program files\FlashGet
2010-04-29 21:52 . 2006-03-01 03:06 -------- d-----w- c:\program files\Support Tools
2010-04-29 21:52 . 2006-02-20 01:07 -------- d-----w- c:\program files\UHS
2010-04-26 21:06 . 2010-04-29 21:13 19552856 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo\Installers\SystemMechanic.exe
2010-04-26 20:16 . 2008-09-06 00:59 -------- d-----w- c:\program files\CCleaner
2010-04-26 00:11 . 2009-04-16 20:14 117760 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 19:56 . 2010-04-10 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-04-25 19:54 . 2010-04-10 22:03 -------- d-----w- c:\program files\Dell Support Center
2010-04-21 00:11 . 2006-02-20 02:29 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-21 00:11 . 2006-04-02 19:13 88 --sh--r- c:\windows\system32\8901B2EDF5.sys
2010-04-19 03:44 . 2010-04-19 03:44 -------- d-----w- c:\program files\Common Files\Logitech
2010-04-18 22:44 . 2005-12-29 01:01 -------- d-----w- c:\program files\Intel
2010-04-17 20:10 . 2007-05-23 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-04-17 19:54 . 2010-02-06 18:19 -------- d-----w- c:\program files\Games
2010-04-12 02:42 . 2009-06-05 22:51 -------- d-----w- c:\program files\QuickTime
2010-04-12 02:40 . 2007-12-19 03:20 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 22:04 . 2010-04-10 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-04-10 22:04 . 2010-04-10 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-04-10 02:09 . 2010-04-10 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-10 00:06 . 2008-08-02 16:19 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\PlayFirst
2010-04-10 00:03 . 2007-03-10 17:27 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\iWin
2010-04-10 00:02 . 2008-05-09 13:45 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Games
2010-04-10 00:01 . 2007-03-11 20:50 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\funkitron
2010-04-09 23:59 . 2008-02-23 20:24 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\dvdcss
2010-04-09 23:59 . 2008-10-16 22:20 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Dragon Altar Games
2010-04-09 23:58 . 2008-12-22 22:47 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Cat's Eye Games
2010-04-09 23:58 . 2009-01-24 20:58 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\BigFishv1002
2010-04-09 23:57 . 2008-11-16 22:28 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Artogon
2010-04-09 23:52 . 2009-04-11 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-04-09 23:50 . 2006-01-29 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2010-04-09 23:44 . 2009-01-04 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-04-09 23:16 . 2008-06-17 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-09 01:25 . 2008-09-06 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 00:44 . 2010-04-07 18:49 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-09 00:44 . 2010-04-09 00:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-07 22:00 . 2005-12-29 01:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-07 21:58 . 2005-12-29 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-07 19:55 . 2010-04-07 19:55 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Developer
2010-04-07 00:09 . 2010-03-30 21:39 -------- d-----w- c:\program files\AOL Toolbar
2010-04-07 00:09 . 2007-06-11 01:01 -------- d-----w- c:\program files\bfgclient
2010-04-05 22:57 . 2006-03-01 06:30 61456 ----a-w- c:\documents and settings\ADRIENNE ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 23:59 . 2005-12-30 20:42 61456 ----a-w- c:\documents and settings\REGINA ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 23:18 . 2005-12-30 21:05 61456 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 22:57 . 2010-04-04 22:57 -------- d-----w- c:\program files\Reference Assemblies
2010-04-04 21:24 . 2010-04-04 21:24 3584 ----a-r- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-04 21:24 . 2010-04-04 21:24 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-04 21:24 . 2009-11-07 08:53 -------- d-----w- c:\program files\MSECache
2010-04-03 02:57 . 2010-04-03 02:57 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Malwarebytes
2010-04-03 02:56 . 2010-04-03 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-03 02:39 . 2010-03-06 04:46 52224 ----a-w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-02 22:18 . 2010-04-02 22:18 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Ghost Ship Studios
2010-03-30 21:39 . 2010-03-30 21:39 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-29 02:55 . 2010-01-24 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Particles
2010-03-29 02:55 . 2010-03-29 02:55 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Specialbit
2010-03-26 23:40 . 2010-03-26 23:40 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Mariaglorum
2010-03-25 22:11 . 2010-03-25 21:33 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Magic3
2010-03-20 21:18 . 2009-10-22 22:34 -------- d-----w- c:\documents and settings\MICHAEL ELLIOTT\Application Data\Merscom
2010-03-20 21:18 . 2009-10-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-03-12 23:06 . 2010-03-12 23:06 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-12 23:06 . 2010-03-12 23:06 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-12 23:06 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-12 23:05 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-12 23:05 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-12 23:05 . 2010-03-12 23:05 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-12 23:05 . 2010-03-12 23:05 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-12 23:05 . 2010-03-12 23:05 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-12 23:05 . 2005-12-29 01:05 -------- d-----w- c:\program files\Common Files\Real
2010-03-12 23:04 . 2005-12-29 01:05 -------- d-----w- c:\program files\Real
2010-03-12 23:04 . 2010-03-12 23:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-12 21:47 . 2010-03-12 21:47 102400 ----a-w- c:\documents and settings\All Users\Application Data\AOL Toolbar\ieToolbar\resources\en-US\aoltbres.dll
2010-03-10 06:15 . 2005-08-16 10:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:16 . 2009-10-03 01:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:31 . 2008-07-12 20:08 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 00:17 . 2010-02-19 00:17 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6BBFDF96D153C8B4988D68D79C0D2A4A.dll
2010-02-19 00:17 . 2010-02-19 00:17 148 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_86F7CCC4734A95548A045F0E01399415.dll
2010-02-19 00:17 . 2010-02-19 00:17 122 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9D1D7EAC497396144BDD69A4BD5C43EE.dll
2010-02-19 00:17 . 2010-02-19 00:17 220 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_44858835406280C4F976D19D7CD05831.dll
2010-02-19 00:17 . 2010-02-19 00:17 594 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1B902C5BBDD824645A3773B5595141BC.dll
2010-02-19 00:17 . 2010-02-19 00:17 58 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_211951C3B47555243B3E344B1F5D7306.dll
2010-02-19 00:17 . 2010-02-19 00:17 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-02-19 00:17 . 2010-02-19 00:17 31 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1881ED2242D918945BCCCEE7F9F2D425.dll
2010-02-19 00:17 . 2010-02-19 00:17 141 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_346CD36858D4637489C5E29E64C547AE.dll
2010-02-19 00:17 . 2010-02-19 00:17 139 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll
2010-02-19 00:17 . 2010-02-19 00:17 423 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2010-02-16 17:35 . 2008-07-12 20:08 2143744 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 16:57 . 2008-07-12 20:08 2021888 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-05-09 262144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1170456750\ee\AOLSoftware.exe" [2007-10-08 41824]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-21 01:17 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\MICHAEL ELLIOTT\Application Data\iolo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^MICHAEL ELLIOTT^Start Menu^Programs^Startup^AOL Desktop.lnk]
backup=c:\windows\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MICHAEL ELLIOTT^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-04-28 18:34 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2005-12-29 01:14 168448 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-09-18 18:46 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-09-18 18:46 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-11-17 16:10 86016 ----a-w- c:\progra~1\MODEMO~1\moh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-08 22:57 7110656 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-14 23:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-12 23:03 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170456750\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170456750\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\ehome\\ehshell.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\documents and settings\MICHAEL ELLIOTT\My Documents\My Videos\games\VMLaunch\BuddyVM.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
S2 aswFsBlk;aswFsBlk; [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-04-21 704432]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-04-21 704432]
S3 Angel;Angel MPEG Device;c:\windows\system32\DRIVERS\Angel.sys [2005-02-25 375936]

.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{6DE32CB2-CAC5-4723-96B0-FA6C1388C9C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\MICHAEL ELLIOTT\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 22:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86826250]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75bffc3
\Driver\ACPI -> ACPI.sys @ 0xf7452cb8
\Driver\atapi -> sfsync02.sys @ 0xf780bd60
\Driver\iaStor -> 0x86826250
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel® PRO/1000 PL Network Connection -> SendCompleteHandler -> 0x85b62330
PacketIndicateHandler -> NDIS.sys @ 0xf71ffb21
SendHandler -> NDIS.sys @ 0xf71dd87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2020)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\dllhost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\program files\MouseWare\system\em_exec.exe
.
**************************************************************************
.
Completion time: 2010-05-10 22:35:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 02:35
ComboFix2.txt 2010-05-10 22:56

Pre-Run: 51,340,001,280 bytes free
Post-Run: 51,316,219,904 bytes free

- - End Of File - - 857AB499D4199954109AFE2453ED632B

OTL Log:

OTL logfile created on: 5/10/2010 10:37:44 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\MICHAEL ELLIOTT\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 581.00 Mb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 10000D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 47.82 Gb Free Space | 44.66% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 5.73 Gb Free Space | 15.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELLIOTT
Current User Name: MICHAEL ELLIOTT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 20:44:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1170456750\ee\aolsoftware.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/06/17 09:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/05/09 15:40:26 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2005/05/06 16:12:22 | 000,466,944 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2005/03/23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/03/19 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2010/05/08 20:44:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/03/19 09:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/03/19 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2005/05/06 16:12:22 | 000,466,944 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/03/09 16:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/30 13:29:03 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/01/10 20:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/08/18 19:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/07/08 18:57:00 | 003,198,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/17 14:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/04/01 01:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/02/25 02:20:02 | 000,375,936 | ---- | M] (Emuzed, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Angel.sys -- (Angel)
DRV - [2004/11/29 14:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/11/25 12:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 19:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/10 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 12:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/03/04 02:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 02:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 02:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/03/04 02:50:00 | 000,014,348 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:58:00 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...age={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.5341
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 19:05:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 13:24:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 13:24:37 | 000,000,000 | ---D | M]

[2009/09/05 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Extensions
[2010/05/10 19:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions
[2009/09/05 16:30:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/17 20:32:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/30 17:39:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/26 20:23:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/03/17 19:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\extensions\[email protected]
[2010/03/30 17:41:08 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\searchplugins\aol-search.xml
[2010/04/04 19:25:04 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Mozilla\Firefox\Profiles\kvnxm999.default\searchplugins\bing.xml
[2010/05/10 19:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/10 22:28:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170456750\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktopChanges = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Reg Error: Key error. File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (YInstStarter Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136063441875 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game05.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540022} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\iolo) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 06:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 18:36:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/10 18:33:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/10 18:33:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/10 18:33:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/10 18:32:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/10 18:32:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/10 18:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/08 20:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\computer error info
[2010/05/08 20:44:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
[2010/05/08 15:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\FlyWheelGames
[2010/05/05 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\Fugazo
[2010/04/30 00:02:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/30 00:02:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/30 00:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/29 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/04/29 17:19:49 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/04/29 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/04/29 17:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\iolo
[2010/04/29 17:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/04/29 11:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/04/29 11:35:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/04/28 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/04/27 13:21:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/26 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2010/04/26 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/26 14:54:15 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/26 14:54:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/26 14:54:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/26 14:54:15 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/26 14:54:14 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/26 14:54:14 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/26 14:54:14 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/26 14:53:55 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/26 14:53:55 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/26 14:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/26 14:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/25 15:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2010/04/24 22:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\System Tweaker
[2010/04/24 17:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\JoyBits
[2010/04/18 23:44:18 | 000,098,304 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/04/18 23:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/04/18 23:44:17 | 000,104,960 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\COMNCTR.DLL
[2010/04/18 23:44:17 | 000,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2010/04/18 23:44:17 | 000,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2010/04/18 23:44:16 | 000,152,064 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lmoufrc.dll
[2010/04/18 23:44:16 | 000,023,372 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LCOINST.DLL
[2010/04/18 23:44:16 | 000,019,968 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
[2010/04/18 23:44:15 | 000,073,134 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMouFlt2.Sys
[2010/04/18 23:44:15 | 000,053,870 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042PR2.SYS
[2010/04/18 23:44:15 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2010/04/18 23:44:15 | 000,025,214 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidFlt2.Sys
[2010/04/18 23:44:15 | 000,014,348 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCcfltr.sys
[2010/04/18 18:43:21 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/18 18:41:14 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver PCL5 v5.0.1
[2010/04/18 18:40:35 | 000,000,000 | ---D | C] -- C:\Compaq
[2010/04/18 18:39:38 | 000,000,000 | ---D | C] -- C:\IBMTOOLS
[2010/04/18 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\MouseWare
[2010/04/18 18:19:50 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/04/18 18:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\DeviceDoctorSoftware
[2010/04/18 18:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Device Doctor
[2010/04/16 19:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/16 17:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 30 Days ==========

[2010/05/10 22:37:48 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\ntuser.dat
[2010/05/10 22:37:41 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1005.job
[2010/05/10 22:37:41 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1005.job
[2010/05/10 22:37:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DE32CB2-CAC5-4723-96B0-FA6C1388C9C5}.job
[2010/05/10 22:29:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 22:29:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/10 22:29:10 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/10 22:28:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/10 22:28:39 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1007.job
[2010/05/10 22:28:39 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-1006.job
[2010/05/10 22:28:39 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/05/10 22:28:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 22:28:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 22:28:16 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/10 22:27:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\ntuser.ini
[2010/05/10 22:27:28 | 010,723,200 | -H-- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\IconCache.db
[2010/05/10 20:11:16 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1007.job
[2010/05/10 18:31:07 | 003,686,568 | R--- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\ComboFix.exe
[2010/05/10 16:19:13 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-1006.job
[2010/05/09 23:13:20 | 000,242,176 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 20:44:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\OTL.exe
[2010/05/08 15:46:05 | 000,000,144 | ---- | M] () -- C:\WINDOWS\wwwbatch.ini
[2010/05/08 15:39:28 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100508_153919.reg
[2010/05/08 15:13:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 18:18:39 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Brunhilda BETA.lnk
[2010/05/07 18:16:59 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Master Wu and the Glory of the Ten Powers.lnk
[2010/05/07 18:16:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\MysteryCruise.exe.lnk
[2010/05/07 18:12:26 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Escape The Lost Kingdom.lnk
[2010/05/07 18:09:45 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tiger Eye - Curse of the Riddle Box.lnk
[2010/05/06 22:18:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 18:23:52 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Fiction_Fixers_-_Adventures_in_Wonderland_Premium.exe.lnk
[2010/05/05 17:45:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Local Settings\Application Data\prvlcl.dat
[2010/05/04 17:43:07 | 000,059,775 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7366109967.pdf
[2010/05/04 17:40:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ShoppingList.xls
[2010/05/03 17:56:26 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2010/05/01 22:09:40 | 000,338,329 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\bookmarks-2010-05-01.json
[2010/05/01 17:19:34 | 011,411,702 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\dell owners manual.pdf
[2010/04/30 11:34:02 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113400.reg
[2010/04/30 11:33:30 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113322.reg
[2010/04/30 11:33:07 | 000,002,786 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113304.reg
[2010/04/30 11:32:43 | 000,001,038 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113237.reg
[2010/04/30 11:31:02 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113101.reg
[2010/04/30 11:30:31 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113015.reg
[2010/04/30 11:29:38 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112928.reg
[2010/04/30 11:28:51 | 000,001,226 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112835.reg
[2010/04/30 11:24:15 | 000,444,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 11:24:15 | 000,073,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/30 00:02:41 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 21:11:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 17:22:43 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/04/29 17:20:30 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\System Mechanic.lnk
[2010/04/29 17:14:52 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/04/29 17:10:51 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\iolo technologies receipt.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 13:13:35 | 000,557,250 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 12:34:53 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/29 11:23:59 | 000,001,485 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Windows Explorer.lnk
[2010/04/29 11:02:43 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/28 20:13:43 | 001,580,024 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\HPPDU.exe
[2010/04/28 16:43:06 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\SIW.lnk
[2010/04/27 13:29:02 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/04/26 22:21:03 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\What's Running.lnk
[2010/04/26 16:16:30 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\CCleaner.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 15:32:50 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/04/26 14:54:15 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/25 15:43:34 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\AzadaAdventures.exe.lnk
[2010/04/25 15:33:23 | 000,061,456 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 22:28:51 | 000,060,918 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7365989984.pdf
[2010/04/24 22:14:17 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\GOOD PASSWORD LIST.doc
[2010/04/24 17:24:46 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Bigfoot.exe.lnk
[2010/04/21 14:46:38 | 000,093,096 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/04/21 14:46:28 | 002,316,712 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/20 20:11:27 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/20 20:11:24 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\8901B2EDF5.sys
[2010/04/20 15:40:40 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\american express letter.doc
[2010/04/18 18:15:20 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Device Doctor.lnk
[2010/04/17 15:55:48 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Escape from Frankensteins Castle.exe.lnk
[2010/04/16 19:40:05 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\dominic.exe.lnk
[2010/04/16 19:39:25 | 000,002,069 | ---- | M] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Crime and Punishment Who Framed Raskolnikov.lnk
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/11 22:42:27 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/11 13:26:41 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\IMPORTANT - COMPUTER NUMBERS - IMPORTANT.doc

========== Files Created - No Company Name ==========

[2010/05/10 22:11:33 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\mbr.log
[2010/05/10 18:33:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/10 18:33:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/10 18:33:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/10 18:33:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/10 18:33:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/10 18:31:07 | 003,686,568 | R--- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\ComboFix.exe
[2010/05/08 20:45:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\gmer.exe
[2010/05/08 16:46:34 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\computer issues.txt
[2010/05/08 15:46:05 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/05/08 15:39:20 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100508_153919.reg
[2010/05/07 18:18:39 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Brunhilda BETA.lnk
[2010/05/07 18:16:59 | 000,001,161 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Master Wu and the Glory of the Ten Powers.lnk
[2010/05/07 18:16:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\MysteryCruise.exe.lnk
[2010/05/07 18:12:26 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Escape The Lost Kingdom.lnk
[2010/05/07 18:09:45 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tiger Eye - Curse of the Riddle Box.lnk
[2010/05/05 18:23:52 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Fiction_Fixers_-_Adventures_in_Wonderland_Premium.exe.lnk
[2010/05/04 17:43:07 | 000,059,775 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7366109967.pdf
[2010/05/03 17:53:50 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\ntuser.dat
[2010/05/01 22:09:40 | 000,338,329 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\bookmarks-2010-05-01.json
[2010/05/01 17:19:17 | 011,411,702 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\dell owners manual.pdf
[2010/04/30 11:34:01 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113400.reg
[2010/04/30 11:33:24 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113322.reg
[2010/04/30 11:33:05 | 000,002,786 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113304.reg
[2010/04/30 11:32:38 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113237.reg
[2010/04/30 11:31:02 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113101.reg
[2010/04/30 11:30:16 | 000,002,552 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_113015.reg
[2010/04/30 11:29:30 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112928.reg
[2010/04/30 11:28:42 | 000,001,226 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\cc_20100430_112835.reg
[2010/04/30 00:02:41 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 20:55:51 | 1071,804,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/29 17:22:43 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/04/29 17:20:30 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\System Mechanic.lnk
[2010/04/29 17:19:46 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/29 17:17:39 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/04/29 17:17:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/04/29 17:14:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/04/29 17:10:50 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\iolo technologies receipt.doc
[2010/04/28 20:13:37 | 001,580,024 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\HPPDU.exe
[2010/04/28 16:43:06 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\SIW.lnk
[2010/04/27 13:24:47 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/04/27 13:24:47 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1335557147-534332963-624509898-500.job
[2010/04/27 10:09:07 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\uniblue.txt
[2010/04/26 22:21:03 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\What's Running.lnk
[2010/04/26 14:54:15 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/25 15:43:34 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\AzadaAdventures.exe.lnk
[2010/04/24 22:28:51 | 000,060,918 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\AKD-7365989984.pdf
[2010/04/24 17:24:46 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Bigfoot.exe.lnk
[2010/04/20 15:40:38 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\My Documents\american express letter.doc
[2010/04/18 18:15:20 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Device Doctor.lnk
[2010/04/17 15:55:48 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Escape from Frankensteins Castle.exe.lnk
[2010/04/16 19:40:05 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\dominic.exe.lnk
[2010/04/16 19:39:25 | 000,002,069 | ---- | C] () -- C:\Documents and Settings\MICHAEL ELLIOTT\Desktop\Crime and Punishment Who Framed Raskolnikov.lnk
[2010/04/11 22:42:27 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/11 13:26:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\IMPORTANT - COMPUTER NUMBERS - IMPORTANT.doc
[2010/04/08 20:19:12 | 000,004,441 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/07 13:52:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/11/21 14:49:27 | 000,000,169 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009/08/28 19:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2008/12/13 10:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/10/22 11:10:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2008/10/17 18:02:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/26 20:30:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2007/11/10 15:43:04 | 000,000,362 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/23 18:51:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/01/23 18:20:54 | 000,000,121 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/23 18:20:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/01/23 18:20:36 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/16 17:50:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\CustomerPOIManager.INI
[2006/10/01 20:54:23 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/10/01 19:36:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/04/02 15:13:52 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8901B2EDF5.sys
[2006/03/23 23:29:00 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/03/23 23:26:45 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/02/19 22:29:36 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/30 22:37:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/01/24 14:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/14 15:18:48 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/30 19:46:51 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\F5EDB20189.sys
[2005/12/30 19:44:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MyCamUnInstall.dll
[2005/12/30 19:44:14 | 000,000,892 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/12/30 19:44:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/12/30 19:43:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini
[2005/12/30 19:38:40 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2005/12/30 19:38:40 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2005/12/30 19:38:40 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2005/12/30 19:38:40 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2005/12/30 19:38:39 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2005/12/30 19:38:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/12/30 19:38:13 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2005/12/30 19:38:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2005/12/30 19:38:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2005/12/30 19:38:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/12/30 19:38:12 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2005/12/30 19:37:55 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/12/30 18:49:44 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/30 18:32:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/28 21:19:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/28 21:10:33 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2005/12/28 20:39:10 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/12/28 20:39:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/12/28 20:38:28 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 10:21:48 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/19 19:05:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1998/06/14 04:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/12/19 23:03:09 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/12/19 23:03:09 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/26 15:32:50 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/05/10 22:35:16 | 000,047,464 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/01/06 14:02:51 | 000,006,700 | ---- | M] () -- C:\DATA_LOG.TXT
[2006/07/30 13:28:39 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2005/12/28 20:43:52 | 000,006,742 | RH-- | M] () -- C:\dell.sdr
[2007/03/10 13:13:49 | 000,000,110 | ---- | M] () -- C:\DownloadLog.txt
[2010/05/10 22:28:16 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 17:56:25 | 000,115,652 | ---- | M] () -- C:\hpfr3420.log
[2010/05/03 17:56:26 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2005/12/30 16:43:25 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/12/26 10:29:21 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2010/05/02 19:08:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/29 11:02:43 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2006/10/07 21:31:12 | 000,000,000 | ---- | M] () -- C:\NvLog.txt
[2007/01/06 14:02:48 | 000,001,821 | ---- | M] () -- C:\OLD_LOGS.TXT
[2010/05/10 22:28:16 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2007/01/06 14:03:48 | 000,335,760 | ---- | M] () -- C:\QDATA.IDX
[2007/01/06 14:03:48 | 002,671,704 | ---- | M] () -- C:\QDATA.QDF
[2007/01/06 14:03:48 | 000,015,360 | ---- | M] () -- C:\QDATA.QEL
[2007/01/06 14:02:51 | 000,000,032 | ---- | M] () -- C:\QDATA.QPH
[2006/09/02 13:54:34 | 000,001,320 | ---- | M] () -- C:\rapport.txt
[2010/02/07 13:57:06 | 000,000,023 | ---- | M] () -- C:\sav_BF.txt
[2005/12/28 21:05:56 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/01/30 18:18:49 | 000,000,000 | ---- | M] () -- C:\UAC Redirection test.log
[2009/12/20 03:26:34 | 000,843,898 | ---- | M] () -- C:\VETlog.txt
[2010/04/01 23:22:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 00:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 06:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 06:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 06:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

#6
emeraldnzl

Posted 10 May 2010 - 10:11 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again MEUNCFREE,

Also, when i ran Combofix,it gave me a "C:\boot.ini not properly formatted" message when trying to set a reset point.

Go to repair boot.ini for information on how to repair or replace Boot.ini in XP.

Note: ComboFix should have installed the Recovery Console on your machine so you can access that at boot up (when you boot up you should be given an option to enter the Recovery Console... use the up and down arrows on your keyboard to access). You shouldn't need your Windows Installation CD which is mentioned in the article.

Next

Your machine has a number of System files missing or corrupted. The simplest and safest way to fix this is for you to install SP3.

You will need to use Internet Explorer to download:

Please go to Windows updates

You may need to allow Microsoft to install an active x component to check your machine before it downloads. Let it do that.

Come back if you have any difficulties.

After that

Please run ComboFix again and post the log back here.

#7
MEUNCFREE

Posted 12 May 2010 - 05:33 PM

Member

Topic Starter
Member
22 posts

Sorry, been away from computer location for the past 24 hours.

Well, I've tried to install SP3 but it go to "Finishing Installation" section and just sat here for about 30 minutes so I had to reboot and it uninstalled and will try again. Will post ComboFix after that.

BTW, I never get the Recovery Console upon bootup. It looks like ComboFIx didn't install it. We'll try to install SP3 again and post.

#8
emeraldnzl

Posted 12 May 2010 - 05:45 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Okie dokie

#9
MEUNCFREE

Posted 13 May 2010 - 04:57 PM

Member

Topic Starter
Member
22 posts

I've tried twice to paste my log here but the error message says my post is too long. Should I post the log in two separate postings? what are your preferences here?

#10
emeraldnzl

Posted 13 May 2010 - 04:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Okay, that can happen, especially after updating. Best thing to do is upload that one.

To attach a file, do the following:

* Click Add Reply
* Under the reply panel is the Attachments Editor
* Browse to find the attachment file you want to upload, highlight the file by clicking once on it, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* On the left you will see a icon like a letter with a little green cross on it. Please click on that and it should upload to the thread.

#11
MEUNCFREE

Posted 13 May 2010 - 05:13 PM

Member

Topic Starter
Member
22 posts

combofix_log3.txt 644.81KB 136 downloads

#12
emeraldnzl

Posted 13 May 2010 - 05:47 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello MEUNCFREE,

Hopefully the log from this one will be shorter and you can post it back in the normal way.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"=""
"NoActiveDesktop"=""
"NoSaveSettings"=""
"ClassicShell"=""

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

#13
MEUNCFREE

Posted 13 May 2010 - 06:06 PM

Member

Topic Starter
Member
22 posts

One quick thing, when I ran it last time, it kept telling me I had Microsoft Security Essentials running and I couldn't find the program anywhere. Where should I look and how do I turn it off?

#14
emeraldnzl

Posted 13 May 2010 - 06:30 PM

GeekU Instructor

GeekU Moderator
20,051 posts

How to turn off Microsoft Security Essentials

right click the green castle icon in your task bar
click open
on the left hand side click Real-time protection
Uncheck "Monitor file and program activity on your computer" and "Scan all downloaded files and attachments"
reverse the process and click Save Changes when ready