Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rundll error


  • Please log in to reply

#1
CathyT

CathyT

    New Member

  • Member
  • Pip
  • 5 posts
All-

Suspect may have some problem malware, trojan etc.
On boot error is: RUNDLL Error: Unable to find specified module:
C:\Documents and Settings\....\Adobe\Update\traybe.dat

Have done/run
Diskcleanup
CWShredder
AVG antivirus
Spybot
Adaware
Housecall
Could not get moosoft trojan scan to run


Here is my latest Hijack this log. Thanks in advance for any help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:14 AM, on 5/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FireflyMini] "C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Memdlg] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traybe.dat""
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [4ciiT4Lj1g] C:\Documents and Settings\All Users\Application Data\ybatwhyh\gpufmfox.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 12547 bytes
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

This line
O4 - HKCU\..\Run: [Memdlg] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traybe.dat""

is your error. You can check it and Fix Checked. Or just uninstall Adboe Acrobat or Reader and download the newest version.

O4 - HKLM\..\Policies\Explorer\Run: [4ciiT4Lj1g] C:\Documents and Settings\All Users\Application Data\ybatwhyh\gpufmfox.exe

This line indicates an infection. You can try to check it and Fix Checked but HJT doesn't seem to be much good these days.


Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
CathyT

CathyT

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks Ron for the information.


I followed your instructions up to...."Do as much as you can of..."

Seems like HJT removed my Adobe rundll error. Also I no longer see the infection you had pointed out in my latest log from HJT. Would you still recommend taking the steps in the malware removal guide you posted the link to? Let me know your thoughts.

Thanks again!

Cathy

Here's the lastest HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:00 PM, on 5/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\SnapStream Media\Firefly\Firefly.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVTask.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FireflyMini] "C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 11945 bytes
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
How about doing step 5 of the guide? That log will tell if we need to do more.

Ron
  • 0

#5
CathyT

CathyT

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron-

Here are the log files from OTL (step 5) of the guide.

Thanks again...Cathy


OTL logfile created on: 5/9/2010 6:39:22 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 65.46 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 25.76 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 4.38 Gb Total Space | 4.38 Gb Free Space | 100.00% Space Free | Partition Type: CDUDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 38.87 Gb Total Space | 30.41 Gb Free Space | 78.24% Space Free | Partition Type: NTFS
Drive O: | 240.58 Gb Total Space | 228.71 Gb Free Space | 95.07% Space Free | Partition Type: NTFS

Computer Name: CATHYHOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/09 18:37:47 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/05/04 19:38:35 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/04 19:38:32 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/03 15:37:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 23:13:46 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/23 01:36:37 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/12/23 01:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/12/23 01:13:58 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/12/23 01:13:57 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/12/23 01:13:51 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/21 15:11:28 | 000,394,752 | ---- | M] () -- C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
PRC - [2008/11/21 15:09:44 | 000,178,176 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
PRC - [2008/11/21 15:09:12 | 000,088,576 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
PRC - [2008/11/21 15:09:12 | 000,062,464 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
PRC - [2008/11/21 15:08:42 | 000,400,384 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
PRC - [2008/11/21 15:06:10 | 000,087,040 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
PRC - [2008/11/21 15:05:40 | 000,056,320 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVTask.exe
PRC - [2007/06/11 18:53:44 | 000,455,600 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
PRC - [2007/06/01 13:06:09 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
PRC - [2007/05/29 11:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe
PRC - [2007/01/18 13:20:26 | 000,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
PRC - [2007/01/12 13:27:02 | 000,135,168 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe
PRC - [2006/10/31 21:24:18 | 000,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/01/19 11:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/08/18 12:07:35 | 000,184,320 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Firefly\Firefly.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/13 15:36:44 | 001,470,464 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2003/12/21 16:30:54 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\SnapStream\Common\X10nets.exe
PRC - [2003/12/17 15:51:58 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2003/12/17 15:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/06/11 01:52:26 | 000,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
PRC - [2003/06/11 01:52:24 | 000,380,928 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
PRC - [2003/05/29 16:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/10/16 21:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 18:37:47 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/07 04:41:56 | 000,081,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll
MOD - [2003/06/11 01:52:24 | 000,098,304 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (OpcEnum)
SRV - [2010/05/04 19:38:32 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/23 01:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/12/23 01:13:51 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/29 11:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/29 11:06:20 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2007/02/08 17:38:52 | 000,056,344 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/01/19 11:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/19 11:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/07/25 12:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)
SRV - [2003/12/21 16:30:54 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\Program Files\Common Files\SnapStream\Common\X10nets.exe -- (x10nets)
SRV - [2003/12/17 15:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/23 01:13:58 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/23 01:13:57 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/23 01:13:53 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/05/14 17:03:46 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/25 22:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/06 20:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/10/17 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/10/17 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/06 14:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/26 18:21:07 | 000,012,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidacxx.sys -- (ATIDACXX)
DRV - [2005/09/26 18:21:04 | 000,044,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidtuxx.sys -- (ATIDTUXX)
DRV - [2005/09/26 18:20:59 | 000,009,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidxbxx.sys -- (ATIDXBXX)
DRV - [2005/09/26 18:20:57 | 000,201,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidvcxx.sys -- (ATIDVCXX)
DRV - [2005/09/26 18:20:38 | 000,010,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atiddcxx.sys -- (ATIDDCXX)
DRV - [2004/08/04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation)
DRV - [2004/08/03 22:29:32 | 000,073,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation)
DRV - [2004/08/03 22:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio) ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation)
DRV - [2004/08/03 22:29:30 | 000,052,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx) ATI WDM Rage Theater Audio (Microsoft Corporation)
DRV - [2004/08/03 22:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/04/13 15:37:56 | 000,285,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/04/13 15:37:30 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/04/13 15:32:50 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/04/13 15:29:44 | 000,198,528 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/04/13 15:29:22 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/04/13 15:23:58 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/01/22 17:31:54 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2003/12/17 15:41:38 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/10/23 06:28:00 | 000,174,336 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/24 11:55:40 | 000,005,337 | ---- | M] (ALi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2003/06/24 11:47:06 | 000,104,088 | ---- | M] (ALi Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/09/19 19:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/06/27 22:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/10 03:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586
FF - prefs.js..extensions.enabledItems: [email protected]networks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 01:37:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected] [2009/12/23 01:36:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/01 13:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 15:37:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/09 15:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.8\Extensions\\Components: C:\PROGRA~1\MOZILL~2\components\ [2009/12/18 01:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.8\Extensions\\Plugins: C:\PROGRA~1\MOZILL~2\plugins\ [2010/05/09 15:30:02 | 000,000,000 | ---D | M]

[2008/08/25 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 17:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions
[2010/02/20 12:09:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/12/02 13:44:21 | 000,000,000 | ---D | M] (Yahoo! Photos Easy Upload Tool) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\{DD99D76F-5129-4fd3-A2DC-AB41D6FBCF98}
[2010/03/14 16:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]
[2008/10/09 20:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]
[2009/04/21 22:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected](2).com
[2009/04/22 23:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]
[2010/05/09 15:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 15:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/07/20 21:57:37 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/01/19 19:14:22 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/05/19 14:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/02/28 14:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 14:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/05/03 23:57:54 | 000,228,598 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8018 more lines...
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - HKCU..\Run: [FireflyMini] C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe (SnapStream Media)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/16 15:07:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/07/16 07:50:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 18:37:46 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/09 17:37:39 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/05/09 15:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/09 11:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/07 23:26:21 | 000,989,970 | ---- | C] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard(2).exe
[2010/05/07 23:25:11 | 000,989,970 | ---- | C] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard.exe
[2010/05/07 23:20:16 | 036,946,400 | ---- | C] (MooSoft Development LLC ) -- C:\Documents and Settings\Administrator\Desktop\cleaner7_setup.exe
[2010/05/07 21:52:01 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/05/07 21:38:35 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Administrator\Desktop\cwshredder.exe
[2010/05/04 19:40:44 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/04 19:40:31 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/04 19:32:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/04 19:06:28 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/05/02 17:23:42 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr930_en_US.exe
[2010/04/26 20:59:56 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/04/20 18:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVD_4
[2010/04/18 10:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HandBrake
[2010/04/18 10:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2010/04/18 10:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/04/10 20:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/04/10 20:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVStoDVD
[2010/04/10 20:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/04/10 20:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
[2010/04/10 20:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/04/10 20:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/22 22:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/22 22:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/20 14:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2008/01/27 23:01:20 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll
[2008/01/27 23:01:19 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll
[2008/01/27 23:01:19 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll
[2008/01/27 23:01:19 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll
[2008/01/27 23:01:18 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll
[2008/01/27 23:01:18 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll
[2008/01/27 23:01:18 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll
[2008/01/27 23:01:18 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll
[2008/01/27 23:01:15 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll
[2008/01/27 23:01:14 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll
[2008/01/27 23:01:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll
[2006/11/26 22:27:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2006/11/26 22:27:51 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2006/11/26 22:27:51 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2006/11/26 22:27:51 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2006/11/26 22:27:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2006/11/26 22:27:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2006/11/26 22:27:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/09 18:50:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-682003330-500UA.job
[2010/05/09 18:37:47 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/09 18:17:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/09 18:05:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 18:05:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 18:05:17 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 18:03:43 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/09 18:03:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/09 17:37:40 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/05/09 15:30:04 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/09 11:38:37 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/05/09 11:37:05 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/05/09 10:33:00 | 000,000,929 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 10:33:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/09 10:33:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/09 10:28:03 | 059,766,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/08 20:50:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-682003330-500Core.job
[2010/05/07 23:26:21 | 000,989,970 | ---- | M] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard(2).exe
[2010/05/07 23:25:14 | 000,989,970 | ---- | M] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard.exe
[2010/05/07 23:24:37 | 036,946,400 | ---- | M] (MooSoft Development LLC ) -- C:\Documents and Settings\Administrator\Desktop\cleaner7_setup.exe
[2010/05/07 21:53:09 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/07 21:52:32 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/05/07 21:38:35 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Administrator\Desktop\cwshredder.exe
[2010/05/07 18:09:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 19:40:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/04 19:40:16 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/04 19:31:41 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/04 19:17:38 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/05/03 23:57:54 | 000,228,598 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/03 20:33:06 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/05/02 19:47:12 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 17:26:45 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr930_en_US.exe
[2010/04/29 21:52:12 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/04/26 21:00:28 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/04/20 21:39:44 | 000,010,681 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\life.a2d
[2010/04/20 18:31:36 | 100,779,840 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.mp2
[2010/04/20 18:30:54 | 1439,554,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.m2v
[2010/04/20 18:29:33 | 100,793,952 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:28:49 | 1440,195,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:22:33 | 005,148,864 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:22:26 | 050,197,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:16:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_2_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:36:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_1_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:34:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_0_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/15 00:04:31 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DVD copy software free.URL
[2010/04/11 10:31:10 | 000,337,021 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Joaquín.jpg
[2010/04/11 10:24:45 | 000,084,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/11 10:22:21 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/10 20:43:44 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/04/10 20:42:34 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD.lnk
[2010/04/10 20:34:38 | 024,160,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD_226_Install.exe
[2010/04/10 20:27:40 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVS4YOU Software Navigator.lnk
[2010/04/02 20:06:22 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/03/31 22:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/27 13:34:25 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error.doc
[2010/03/14 15:56:38 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 15:56:38 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 15:56:36 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/11 08:14:18 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/25 03:51:40 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2010/02/25 03:51:39 | 000,000,102 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/25 03:51:38 | 000,078,386 | ---- | M] () -- C:\WINDOWS\msacm32.drv
[2010/02/25 03:51:24 | 000,000,004 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010/02/22 22:51:16 | 000,060,432 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 22:37:50 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/09 11:38:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/05/09 11:35:52 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/05/07 21:53:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/05 00:57:32 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/04 19:56:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/04 19:31:41 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/02 17:32:57 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/20 18:30:56 | 100,779,840 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.mp2
[2010/04/20 18:29:34 | 1439,554,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.m2v
[2010/04/20 18:28:53 | 100,793,952 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:25:37 | 1440,195,784 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:22:31 | 005,148,864 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:22:20 | 050,197,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:16:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_2_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:36:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_1_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:34:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_0_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/15 00:04:31 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DVD copy software free.URL
[2010/04/11 10:31:09 | 000,337,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Joaquín.jpg
[2010/04/10 20:56:55 | 000,010,681 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\life.a2d
[2010/04/10 20:42:34 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD.lnk
[2010/04/10 20:32:16 | 024,160,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD_226_Install.exe
[2010/04/10 20:27:40 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVS4YOU Software Navigator.lnk
[2010/04/02 20:06:22 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/03/27 13:34:25 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error.doc
[2010/02/22 22:51:16 | 000,060,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 22:37:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/08 07:10:31 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/02/08 07:10:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/02/08 07:10:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/02/07 23:31:45 | 000,078,386 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/02/07 23:31:45 | 000,000,102 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/07 13:28:10 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/02/07 13:16:10 | 000,000,133 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/01/01 23:04:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/01 23:04:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/28 05:08:32 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/11/30 00:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/06/13 15:47:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2008/03/20 18:06:36 | 001,480,232 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008/01/27 23:24:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll
[2008/01/27 23:24:12 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll
[2008/01/27 23:23:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll
[2008/01/27 23:23:02 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll
[2008/01/27 23:23:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll
[2008/01/27 23:21:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL
[2008/01/27 23:21:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL
[2008/01/27 23:21:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll
[2008/01/27 23:01:35 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini
[2008/01/27 23:01:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll
[2008/01/27 23:01:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll
[2007/11/27 22:39:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/03 14:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/26 22:27:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2006/11/02 13:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/07/17 06:15:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/07/17 06:15:50 | 000,000,160 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/16 22:45:12 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/07/16 21:57:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/07/16 20:40:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/07/16 18:16:59 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006/07/16 17:54:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/07/16 17:54:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC86.ini
[2006/07/16 16:47:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/07/16 15:56:29 | 000,000,091 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/16 15:34:16 | 000,003,455 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/07/16 15:34:15 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/19 16:20:42 | 000,702,768 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2004/12/19 06:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 06:17:10 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/28 11:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2002/10/06 11:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 16:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 07:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 06:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000050.DLL
[2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/09/02 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/09/02 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/09/02 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/09/02 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/02 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/11/28 00:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\6500 Series
[2008/06/29 23:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
[2008/03/28 19:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2008/11/10 01:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GyroTools GO
[2008/11/10 01:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GyroTools PC
[2010/04/18 10:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2010/01/01 23:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2006/07/23 08:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/01/27 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lexmark Productivity Studio
[2009/02/13 13:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2009/10/11 23:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009/01/15 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009/05/14 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2006/11/26 23:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoStudio Expressions
[2006/07/29 13:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/06/22 23:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2006/09/20 22:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VideoReDoPlus
[2006/09/20 00:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2008/01/27 23:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6500 Series
[2006/11/28 23:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/01/02 11:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/10 19:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/09/21 21:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/02/13 13:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2008/12/28 13:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/10/09 19:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/02/24 00:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2008/03/30 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2009/06/22 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/07/16 15:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/10/04 08:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ybatwhyh
[2009/03/25 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/04 19:32:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/18 01:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/16 23:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/09 18:17:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/09 18:05:11 | 000,001,868 | ---- | M] () -- C:\aaw7boot.log
[2006/07/16 15:07:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/15 05:58:16 | 3320,381,440 | ---- | M] () -- C:\biglove-season3-1.iso
[2010/05/09 10:33:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/11/26 22:27:36 | 000,000,242 | ---- | M] () -- C:\CDFE.log
[2006/07/16 15:07:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/30 16:23:19 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2006/07/22 22:08:12 | 000,004,795 | -H-- | M] () -- C:\ffastun.ffa
[2006/07/22 22:08:12 | 000,262,144 | -H-- | M] () -- C:\ffastun.ffl
[2006/07/22 22:08:12 | 000,122,880 | -H-- | M] () -- C:\ffastun.ffo
[2006/07/22 22:08:12 | 000,897,024 | -H-- | M] () -- C:\ffastun0.ffx
[2010/05/09 18:05:17 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2006/07/16 15:07:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 18:03:46 | 000,132,327 | ---- | M] () -- C:\lxcf.log
[2006/11/26 22:27:31 | 000,000,000 | ---- | M] () -- C:\lxcffire.csv
[2006/11/26 22:28:01 | 000,000,144 | ---- | M] () -- C:\LXCFINST.csv
[2008/05/31 23:23:12 | 000,000,701 | ---- | M] () -- C:\mmcInst.log
[2006/07/16 15:07:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/02 13:06:13 | 000,007,659 | ---- | M] () -- C:\muxman.log
[2009/09/28 16:24:34 | 1612,870,358 | ---- | M] () -- C:\NPS-The Scripture of Nature (1851-1890).avi
[2009/10/15 22:44:19 | 000,246,740 | ---- | M] () -- C:\nps1-2.dfproj
[2009/10/15 22:39:56 | 000,214,049 | ---- | M] () -- C:\nps1-2.zip
[2006/07/16 16:43:59 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/07/16 16:43:58 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/09 18:05:12 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/09/28 06:28:20 | 000,000,644 | ---- | M] () -- C:\The National Parks_ America's Best Idea-(The Scripture of Nature (1851-1890))-2009-09-27-0.avi.chapters.xml
[2009/09/27 15:02:11 | 1603,733,335 | ---- | M] () -- C:\The National Parks_ America's Best Idea-(The Scripture of Nature (1851-1890))-2009-09-27-0.tp
[2009/09/28 06:28:20 | 000,000,644 | ---- | M] () -- C:\The National Parks_ America's Best Idea-(The Scripture of Nature (1851-1890))-2009-09-27-0.tp.chapters.xml
[2009/10/18 22:39:36 | 334,149,631 | ---- | M] () -- C:\The National Parks_ America's Best Idea-(The Scripture of Nature (1851-1890))-2009-09-27-0_S2D.mpg
[2009/10/15 22:31:55 | 000,113,584 | ---- | M] () -- C:\The Scripture of Nature (1850-1890).dfproj
[2009/08/16 22:31:20 | 035,651,584 | ---- | M] () -- C:\VIRTPART.DAT

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/03/20 18:06:36 | 001,480,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\LegitCheckControl.dll
[2006/06/19 16:20:42 | 000,702,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\WgaLogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/07/16 07:51:45 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/07/16 07:51:45 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/16 07:51:45 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/04 19:40:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
< End of report >

OTL Extras logfile created on: 5/9/2010 6:39:23 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 65.46 Gb Free Space | 43.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 25.76 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 4.38 Gb Total Space | 4.38 Gb Free Space | 100.00% Space Free | Partition Type: CDUDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 38.87 Gb Total Space | 30.41 Gb Free Space | 78.24% Space Free | Partition Type: NTFS
Drive O: | 240.58 Gb Total Space | 228.71 Gb Free Space | 95.07% Space Free | Partition Type: NTFS

Computer Name: CATHYHOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service -- (SnapStream Media)
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape -- (SnapStream Media, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe" = C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard -- (SnapStream Media, Inc.)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\WINDOWS\system32\lxdfcoms.exe" = C:\WINDOWS\system32\lxdfcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 6500 Series\lxdfamon.exe" = C:\Program Files\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 6500 Series\frun.exe" = C:\Program Files\Lexmark 6500 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Lexmark 6500 Series\lxdfmon.exe" = C:\Program Files\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Documents and Settings\Administrator\Local Settings\Temp\lxdf\wireless\ENGLISH\lxdfwpss.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\lxdf\wireless\ENGLISH\lxdfwpss.exe:*:Enabled: -- File not found
"C:\WINDOWS\system32\lxdfcfg.exe" = C:\WINDOWS\system32\lxdfcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Lexmark 6500 Series\LXDFFax.exe" = C:\Program Files\Lexmark 6500 Series\LXDFFax.exe:*:Enabled:Fax Solutions Software -- ()
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\SnapStream Media\Beyond TV\BTVPlaybackEngine.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVPlaybackEngine.exe:*:Enabled:TV Playback Engine -- (SnapStream Media, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC)
"{0A26C729-ECE1-F335-5E34-0C901BB8ADEF}" = ccc-core-preinstall
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}" = MS Export
"{17766AD8-856F-FDC6-38A2-C04232E5FD22}" = Catalyst Control Center Localization Japanese
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{245BBD95-C8FA-DD66-5CD6-71F4C4F5552E}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A6EBAE2-B82D-5DAD-064E-E3F99C0F2BAA}" = CCC Help Chinese Traditional
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42E351BC-E7C2-583C-D782-2DE6DF53F9B6}" = Catalyst Control Center Localization Chinese Traditional
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{46BF5495-A17D-4413-B165-97B9AAECBA92}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A46CD8B-9BBB-4F2D-810C-5C3DAA0E2B20}" = Multiple Image Resizer .NET
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{51A2692C-5E38-4DFD-8230-288C0E8B5BBA}" = ArcSoft MediaConverter 2
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{62FE8186-5A37-BC85-B271-DCB7A25BC33B}" = Catalyst Control Center Graphics Full Existing
"{655DFA09-0631-D7D4-FE37-BDEFE2113D32}" = CCC Help Korean
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7385EE94-C8DD-B2A5-6A43-C2A48EAB9A1C}" = CCC Help Chinese Standard
"{74C07829-4800-7CB5-DF82-8A8BE55F9091}" = CCC Help English
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82DA76D0-A964-B120-B3BF-26BD6FA38787}" = Catalyst Control Center Core Implementation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)
"{87D0FAD0-C76F-45B1-A249-5B91779F0355}" = GyroTools GO Edition
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C59329A-FE1B-D00B-3208-9624776754EB}" = ccc-utility
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{8FBC47DC-8452-69AD-F042-8C7D0FA54DBA}" = CCC Help Japanese
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{93D98530-2627-3FAA-09BC-7C79462B34A0}" = Catalyst Control Center Localization Thai
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0582BFA-16B4-6573-38B0-29DD589FD43A}" = Catalyst Control Center Localization Korean
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3DD7BA6-37A6-4245-A167-B3AA137B2157}" = TitanTV Client components for ATI
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A99AE198-60A2-0744-F768-F700EFDA4D2D}" = Catalyst Control Center Localization Chinese Standard
"{A9FF0492-05E5-F426-3104-3DDA813E2E23}" = Catalyst Control Center Graphics Previews Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.0
"{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}" = Norton Ghost
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}" = Beyond TV DVD Burning Foundation
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C5F2DBF1-6A08-39D2-9871-BF8F29F73C88}" = Skins
"{C849D7B5-DCE7-9080-687E-CF5D3D535190}" = CCC Help Thai
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6209782-BDE3-461A-81BC-D6BF0965E5F0}" = AutoBackup
"{D63B08C9-50B9-D513-083C-BF9310149C35}" = Catalyst Control Center Graphics Full New
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE MS SCSI Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E99DCB15-75AC-49CF-AF65-715AA1469E76}" = HDTV2DVD 0.4
"{EF128055-9B10-4FF9-8500-5648CF8F899C}" = ATI Decoder
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"AVI Codec Pack" = AVI Codec Pack
"AVI Codec Pack Lite" = AVI Codec Pack Lite
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVStoDVD" = AVStoDVD 2.2.6
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.3.1
"Beyond TV" = SnapStream Beyond TV 4.9.0
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"BroadJump Client Foundation" = BroadJump Client Foundation
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Firefly" = Snapstream Firefly 1.2.0.816
"Firefly Mini" = SnapStream Firefly Mini 1.0.2
"Forces of Nature 2008" = Forces of Nature 2008 Screen Saver
"graphiquEcalendar 2008 Forces of Nature" = graphiquEcalendar 2008 Forces of Nature
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.16
"InstallShield_{4A46CD8B-9BBB-4F2D-810C-5C3DAA0E2B20}" = Multiple Image Resizer .NET
"InstallShield_{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{EF128055-9B10-4FF9-8500-5648CF8F899C}" = ATI Decoder
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"InterActual Player" = InterActual Player
"Lexmark 6500 Series" = Lexmark 6500 Series
"Lexmark 730 Series" = Lexmark 730 Series
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (1.5.0.8)" = Mozilla Thunderbird (1.5.0.8)
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"Nokia PC Suite" = Nokia PC Suite
"Office8.0" = Microsoft Office 97, Professional Edition
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"SBC.MCCInstall" = SBC Self Support Tool
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Total Video2Dvd 3.10_is1" = Total Video2Dvd 3.10
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.1.489
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"Google Chrome" = Google Chrome
"InstallShield_{D6209782-BDE3-461A-81BC-D6BF0965E5F0}" = AutoBackup

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 3:12:19 AM | Computer Name = CATHYHOME | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.437, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/4/2010 6:44:03 AM | Computer Name = CATHYHOME | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/4/2010 2:00:29 PM | Computer Name = CATHYHOME | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/4/2010 2:05:29 PM | Computer Name = CATHYHOME | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/4/2010 2:10:29 PM | Computer Name = CATHYHOME | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/4/2010 2:15:30 PM | Computer Name = CATHYHOME | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/4/2010 2:20:30 PM | Computer Name = CATHYHOME | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 5/4/2010 10:34:11 PM | Computer Name = CATHYHOME | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/8/2010 12:39:28 AM | Computer Name = CATHYHOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/9/2010 8:24:06 PM | Computer Name = CATHYHOME | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/9/2010 9:09:36 PM | Computer Name = CATHYHOME | Source = Service Control Manager | ID = 7000
Description = The ALi PCI to USB Enhanced Host Controller service failed to start
due to the following error: %%1058

Error - 5/9/2010 9:09:36 PM | Computer Name = CATHYHOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AutoBackup service to
connect.

Error - 5/9/2010 9:09:36 PM | Computer Name = CATHYHOME | Source = Service Control Manager | ID = 7000
Description = The AutoBackup service failed to start due to the following error:
%%1053

Error - 5/9/2010 9:09:36 PM | Computer Name = CATHYHOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdfCATSCustConnectService
service to connect.

Error - 5/9/2010 9:09:36 PM | Computer Name = CATHYHOME | Source = Service Control Manager | ID = 7000
Description = The lxdfCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 5/9/2010 9:10:27 PM | Computer Name = CATHYHOME | Source = DCOM | ID = 10020
Description = The machine wide Limits Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 5/9/2010 9:10:27 PM | Computer Name = CATHYHOME | Source = DCOM | ID = 10020
Description = The machine wide Limits Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 5/9/2010 9:10:45 PM | Computer Name = CATHYHOME | Source = DCOM | ID = 10010
Description = The server {B8F1105F-728D-474A-BABD-333A96271F7F} did not register
with DCOM within the required timeout.

Error - 5/9/2010 9:11:10 PM | Computer Name = CATHYHOME | Source = DCOM | ID = 10020
Description = The machine wide Limits Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 5/9/2010 9:11:10 PM | Computer Name = CATHYHOME | Source = DCOM | ID = 10020
Description = The machine wide Limits Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.


< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
I found one more infection folder and a bunch of dead entries:


Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Files
C:\Documents and Settings\All Users\Application Data\ybatwhyh

:Commands
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I think we had better run combofix:


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


You have a bunch of old Java versions on your PC that you do not need. These waste space and can be used by malware to get on your PC. These should be uninstalled using Start, (Settings,) Control Palen, Add/Remove Programs.
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

Your anti-virus is out of date. You have AVG8 which is obsolete. AVG9 is the current version. You need to update.
http://free.avg.com/...ownload.prd-afg

You do not have XP SP3 yet. You need to update. In IE, Tools, Windows Update or use IE and go to windowsupdate.microsoft.com

They will give you a chance to turn on autoupdates. Do so.

Your computer is vulnerable to about 100 threats without all of the security patches. You also need to update to IE 8. 6 is very weak.

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and close My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

Ron

Edited by RKinner, 09 May 2010 - 09:18 PM.

  • 0

#7
CathyT

CathyT

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron-

Thanks again for all the detailed help.

Ran OTL again per instructions. Then downloaded and ran ComboFix.
Removed old Java versions.
Updated to AVG 9
Cannot update to SP3 or turn on auto updates because my copy of XP was deemed "non-genuine" by microsoft.

That is as far as I have gotten. Will try to complete the rest tomorrow or the next day.

Thanks again

Cathy


Here are the logfiles.

OTL logfile created on: 5/11/2010 8:13:35 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.03 Gb Free Space | 44.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 28.89 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 4.38 Gb Total Space | 4.38 Gb Free Space | 100.00% Space Free | Partition Type: CDUDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 38.87 Gb Total Space | 30.41 Gb Free Space | 78.24% Space Free | Partition Type: NTFS
Drive O: | 240.58 Gb Total Space | 228.71 Gb Free Space | 95.07% Space Free | Partition Type: NTFS

Computer Name: CATHYHOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/11 19:40:42 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/11 19:40:40 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/09 18:37:47 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/03/19 23:13:46 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/23 01:36:37 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/12/23 01:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/12/23 01:13:58 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/12/23 01:13:57 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/12/23 01:13:51 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/21 15:11:28 | 000,394,752 | ---- | M] () -- C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe
PRC - [2008/11/21 15:09:44 | 000,178,176 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVSchedulerService.exe
PRC - [2008/11/21 15:09:12 | 000,088,576 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
PRC - [2008/11/21 15:09:12 | 000,062,464 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
PRC - [2008/11/21 15:08:42 | 000,400,384 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
PRC - [2008/11/21 15:06:10 | 000,087,040 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
PRC - [2007/06/11 18:53:44 | 000,455,600 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
PRC - [2007/06/01 13:06:09 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
PRC - [2007/05/29 11:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe
PRC - [2007/01/18 13:20:26 | 000,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
PRC - [2007/01/12 13:27:02 | 000,135,168 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe
PRC - [2006/10/31 21:24:18 | 000,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/01/19 11:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/08/18 12:07:35 | 000,184,320 | ---- | M] (SnapStream Media) -- C:\Program Files\SnapStream Media\Firefly\Firefly.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/13 15:36:44 | 001,470,464 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2003/12/21 16:30:54 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\SnapStream\Common\X10nets.exe
PRC - [2003/12/17 15:51:58 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2003/12/17 15:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/06/11 01:52:26 | 000,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
PRC - [2003/06/11 01:52:24 | 000,380,928 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
PRC - [2003/05/29 16:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/10/16 21:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 18:37:47 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/07 04:41:56 | 000,081,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll
MOD - [2003/06/11 01:52:24 | 000,098,304 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (OpcEnum)
SRV - [2010/05/11 19:40:40 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/23 01:34:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/12/23 01:13:51 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/29 11:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/29 11:06:20 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2007/02/08 17:38:52 | 000,056,344 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/01/19 11:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/19 11:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/07/25 12:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)
SRV - [2003/12/21 16:30:54 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\Program Files\Common Files\SnapStream\Common\X10nets.exe -- (x10nets)
SRV - [2003/12/17 15:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/23 01:13:58 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/23 01:13:57 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/23 01:13:53 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/05/14 17:03:46 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/25 22:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/06 20:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/10/17 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/10/17 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/06 14:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/26 18:21:07 | 000,012,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidacxx.sys -- (ATIDACXX)
DRV - [2005/09/26 18:21:04 | 000,044,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidtuxx.sys -- (ATIDTUXX)
DRV - [2005/09/26 18:20:59 | 000,009,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidxbxx.sys -- (ATIDXBXX)
DRV - [2005/09/26 18:20:57 | 000,201,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atidvcxx.sys -- (ATIDVCXX)
DRV - [2005/09/26 18:20:38 | 000,010,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atiddcxx.sys -- (ATIDDCXX)
DRV - [2004/08/04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation)
DRV - [2004/08/03 22:29:32 | 000,073,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation)
DRV - [2004/08/03 22:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio) ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation)
DRV - [2004/08/03 22:29:30 | 000,052,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx) ATI WDM Rage Theater Audio (Microsoft Corporation)
DRV - [2004/08/03 22:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/04/13 15:37:56 | 000,285,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/04/13 15:37:30 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/04/13 15:32:50 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/04/13 15:29:44 | 000,198,528 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/04/13 15:29:22 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/04/13 15:23:58 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/01/22 17:31:54 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2003/12/17 15:41:38 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/10/23 06:28:00 | 000,174,336 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/24 11:55:40 | 000,005,337 | ---- | M] (ALi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2003/06/24 11:47:06 | 000,104,088 | ---- | M] (ALi Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/09/19 19:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/06/27 22:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/10 03:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 01:37:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG8\Toolbar\Firefox\[email protected] [2009/12/23 01:36:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/01 13:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 15:37:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/09 15:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.8\Extensions\\Components: C:\PROGRA~1\MOZILL~2\components\ [2009/12/18 01:11:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.8\Extensions\\Plugins: C:\PROGRA~1\MOZILL~2\plugins\ [2010/05/09 15:30:02 | 000,000,000 | ---D | M]

[2008/08/25 21:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/09 22:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions
[2010/02/20 12:09:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/12/02 13:44:21 | 000,000,000 | ---D | M] (Yahoo! Photos Easy Upload Tool) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\{DD99D76F-5129-4fd3-A2DC-AB41D6FBCF98}
[2010/03/14 16:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]
[2008/10/09 20:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]
[2009/04/21 22:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected](2).com
[2009/04/22 23:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]
[2010/05/10 20:07:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 15:49:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/07/20 21:57:37 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/01/19 19:14:22 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/05/19 14:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/02/28 14:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 14:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/05/03 23:57:54 | 000,228,598 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8018 more lines...
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Firefly] C:\Program Files\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [FireflyMini] C:\Program Files\SnapStream Media\Firefly Mini\FireflyMini.exe (SnapStream Media)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk = C:\Program Files\SnapStream Media\Beyond TV\BTVAgent2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/16 15:07:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/11 20:20:33 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_9_114_cnet(2).exe
[2010/05/11 20:01:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/09 21:46:01 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/09 18:37:46 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/09 17:37:39 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/05/09 15:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/09 11:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/07 23:26:21 | 000,989,970 | ---- | C] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard(2).exe
[2010/05/07 23:25:11 | 000,989,970 | ---- | C] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard.exe
[2010/05/07 23:20:16 | 036,946,400 | ---- | C] (MooSoft Development LLC ) -- C:\Documents and Settings\Administrator\Desktop\cleaner7_setup.exe
[2010/05/07 21:52:01 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/05/07 21:38:35 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Administrator\Desktop\cwshredder.exe
[2010/05/04 19:40:44 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/04 19:40:31 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/04 19:32:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/04 19:06:28 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/05/02 17:23:42 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr930_en_US.exe
[2010/04/26 20:59:56 | 005,918,768 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/04/20 18:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVD_4
[2010/04/18 10:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HandBrake
[2010/04/18 10:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2010/04/18 10:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/04/10 20:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/04/10 20:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVStoDVD
[2010/04/10 20:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/04/10 20:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
[2010/04/10 20:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/04/10 20:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/22 22:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/22 22:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/20 14:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2008/01/27 23:01:20 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll
[2008/01/27 23:01:19 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll
[2008/01/27 23:01:19 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll
[2008/01/27 23:01:19 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll
[2008/01/27 23:01:18 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll
[2008/01/27 23:01:18 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll
[2008/01/27 23:01:18 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll
[2008/01/27 23:01:18 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll
[2008/01/27 23:01:15 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll
[2008/01/27 23:01:14 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll
[2008/01/27 23:01:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll
[2006/11/26 22:27:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2006/11/26 22:27:51 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2006/11/26 22:27:51 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2006/11/26 22:27:51 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2006/11/26 22:27:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2006/11/26 22:27:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2006/11/26 22:27:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/11 20:21:27 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_9_114_cnet(2).exe
[2010/05/11 20:18:30 | 003,686,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/05/11 20:11:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/11 20:03:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/11 20:02:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 20:02:50 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 20:01:48 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/11 20:01:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/11 19:50:02 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-682003330-500UA.job
[2010/05/11 18:17:51 | 059,847,767 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/10 20:50:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-682003330-500Core.job
[2010/05/09 21:46:48 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/09 18:37:47 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/09 17:37:40 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/05/09 15:30:04 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/09 11:38:37 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/05/09 11:37:05 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/05/09 10:33:00 | 000,000,929 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 10:33:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/09 10:33:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/07 23:26:21 | 000,989,970 | ---- | M] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard(2).exe
[2010/05/07 23:25:14 | 000,989,970 | ---- | M] (Security Stronghold ) -- C:\Documents and Settings\Administrator\Desktop\RundllErrorsFixWizard.exe
[2010/05/07 23:24:37 | 036,946,400 | ---- | M] (MooSoft Development LLC ) -- C:\Documents and Settings\Administrator\Desktop\cleaner7_setup.exe
[2010/05/07 21:53:09 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/07 21:52:32 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/05/07 21:38:35 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Administrator\Desktop\cwshredder.exe
[2010/05/07 18:09:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 19:40:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/04 19:40:16 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/04 19:31:41 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/04 19:17:38 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstaller.exe
[2010/05/03 23:57:54 | 000,228,598 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/03 20:33:06 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/05/02 19:47:12 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 17:26:45 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr930_en_US.exe
[2010/04/29 21:52:12 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/04/26 21:00:28 | 005,918,768 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/04/20 21:39:44 | 000,010,681 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\life.a2d
[2010/04/20 18:31:36 | 100,779,840 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.mp2
[2010/04/20 18:30:54 | 1439,554,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.m2v
[2010/04/20 18:29:33 | 100,793,952 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:28:49 | 1440,195,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:22:33 | 005,148,864 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:22:26 | 050,197,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:16:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_2_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:36:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_1_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:34:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_0_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/15 00:04:31 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DVD copy software free.URL
[2010/04/11 10:31:10 | 000,337,021 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Joaquín.jpg
[2010/04/11 10:24:45 | 000,084,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/11 10:22:21 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/10 20:43:44 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/04/10 20:42:34 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD.lnk
[2010/04/10 20:34:38 | 024,160,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD_226_Install.exe
[2010/04/10 20:27:40 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVS4YOU Software Navigator.lnk
[2010/04/02 20:06:22 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/03/31 22:14:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/27 13:34:25 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error.doc
[2010/03/14 15:56:38 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 15:56:38 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 15:56:36 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/11 08:14:18 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/25 03:51:40 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2010/02/25 03:51:39 | 000,000,102 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/25 03:51:38 | 000,078,386 | ---- | M] () -- C:\WINDOWS\msacm32.drv
[2010/02/25 03:51:24 | 000,000,004 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010/02/22 22:51:16 | 000,060,432 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 22:37:50 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/11 20:17:13 | 003,686,521 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/05/09 11:38:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/05/09 11:35:52 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/05/07 21:53:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/05/05 00:57:32 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/04 19:56:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/04 19:31:41 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/02 17:32:57 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/20 18:30:56 | 100,779,840 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.mp2
[2010/04/20 18:29:34 | 1439,554,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_02_Life-Reptiles and Amphibians-2010-04-18-0.m2v
[2010/04/20 18:28:53 | 100,793,952 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:25:37 | 1440,195,784 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_4_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:22:31 | 005,148,864 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.mp2
[2010/04/20 18:22:20 | 050,197,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_3_Title_01_Life-Challenges of Life-2010-04-18-0.m2v
[2010/04/20 18:16:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_2_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:36:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_1_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/19 22:34:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_0_Title_01_Life-(Challenges of Life)-2010-04-18-1.m2v
[2010/04/15 00:04:31 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DVD copy software free.URL
[2010/04/11 10:31:09 | 000,337,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Joaquín.jpg
[2010/04/10 20:56:55 | 000,010,681 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\life.a2d
[2010/04/10 20:42:34 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD.lnk
[2010/04/10 20:32:16 | 024,160,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVStoDVD_226_Install.exe
[2010/04/10 20:27:40 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVS4YOU Software Navigator.lnk
[2010/04/02 20:06:22 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/03/27 13:34:25 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error.doc
[2010/02/22 22:51:16 | 000,060,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/22 22:37:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/08 07:10:31 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/02/08 07:10:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/02/08 07:10:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/02/07 23:31:45 | 000,078,386 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/02/07 23:31:45 | 000,000,102 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/07 13:28:10 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/02/07 13:16:10 | 000,000,133 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/01/01 23:04:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/01 23:04:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/28 05:08:32 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/11/30 00:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/06/13 15:47:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2008/03/20 18:06:36 | 001,480,232 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008/01/27 23:24:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll
[2008/01/27 23:24:12 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll
[2008/01/27 23:23:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll
[2008/01/27 23:23:02 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll
[2008/01/27 23:23:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll
[2008/01/27 23:21:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL
[2008/01/27 23:21:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL
[2008/01/27 23:21:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll
[2008/01/27 23:01:35 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini
[2008/01/27 23:01:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll
[2008/01/27 23:01:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll
[2007/11/27 22:39:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/03 14:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/26 22:27:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2006/11/02 13:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/07/17 06:15:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/07/17 06:15:50 | 000,000,160 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/16 22:45:12 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/07/16 21:57:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/07/16 20:40:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/07/16 18:16:59 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006/07/16 17:54:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/07/16 17:54:24 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSONC86.ini
[2006/07/16 16:47:49 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/07/16 15:56:29 | 000,000,091 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/16 15:34:16 | 000,003,455 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/07/16 15:34:15 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/19 16:20:42 | 000,702,768 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2004/12/19 06:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 06:17:10 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/28 11:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2002/10/06 11:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 16:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 07:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 06:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000050.DLL
[2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/09/02 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/09/02 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/09/02 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/09/02 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/02 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/11/28 00:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\6500 Series
[2008/06/29 23:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
[2008/03/28 19:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2008/11/10 01:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GyroTools GO
[2008/11/10 01:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GyroTools PC
[2010/04/18 10:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2010/01/01 23:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2006/07/23 08:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/01/27 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lexmark Productivity Studio
[2009/02/13 13:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2009/10/11 23:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009/01/15 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009/05/14 17:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2006/11/26 23:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoStudio Expressions
[2006/07/29 13:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/06/22 23:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2006/09/20 22:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VideoReDoPlus
[2006/09/20 00:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2008/01/27 23:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6500 Series
[2006/11/28 23:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/01/02 11:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/10 19:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/09/21 21:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/02/13 13:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2008/12/28 13:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/10/09 19:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/02/24 00:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2008/03/30 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2009/06/22 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/07/16 15:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/03/25 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/04 19:32:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/18 01:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/16 23:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/11 20:11:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >





ComboFix 10-05-10.05 - Administrator 05/11/2010 20:37:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1170 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\george.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\{6217EBE8-6E87-4987-B89B-B709B7F9F38F}
c:\documents and settings\Administrator\Local Settings\Application Data\{6217EBE8-6E87-4987-B89B-B709B7F9F38F}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{6217EBE8-6E87-4987-B89B-B709B7F9F38F}\chrome\content\c.js
c:\documents and settings\Administrator\Local Settings\Application Data\{6217EBE8-6E87-4987-B89B-B709B7F9F38F}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{6217EBE8-6E87-4987-B89B-B709B7F9F38F}\install.rdf
c:\windows\eSellerateEngine.dll
c:\windows\msacm32.drv
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\system32\setup.ini
c:\windows\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 03:01 . 2010-05-12 03:01 -------- d-----w- C:\_OTL
2010-05-09 22:50 . 2010-05-09 22:50 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a09a0ee-n\msvcp71.dll
2010-05-09 22:50 . 2010-05-09 22:50 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a09a0ee-n\jmc.dll
2010-05-09 22:50 . 2010-05-09 22:50 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a09a0ee-n\msvcr71.dll
2010-05-09 22:49 . 2010-05-09 22:49 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a4ffb9e-n\decora-sse.dll
2010-05-09 22:49 . 2010-05-09 22:49 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3a4ffb9e-n\decora-d3d.dll
2010-05-09 22:49 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-09 18:38 . 2010-05-09 18:38 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-09 18:38 . 2010-05-09 18:38 -------- d-----w- c:\program files\Trend Micro
2010-05-05 07:57 . 2010-05-05 02:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-05 02:40 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-05 02:40 . 2010-05-05 02:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-05 02:32 . 2010-05-05 02:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-05 02:32 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-18 17:28 . 2010-04-18 17:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HandBrake
2010-04-18 17:28 . 2010-04-18 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HandBrake
2010-04-18 17:28 . 2010-05-05 02:00 -------- d-----w- c:\program files\Handbrake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 01:59 . 2008-03-29 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC
2010-05-12 01:59 . 2008-03-29 06:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI MMC
2010-05-10 04:37 . 2006-07-29 17:50 -------- d-----w- c:\program files\Java
2010-05-10 04:37 . 2006-07-29 17:49 -------- d-----w- c:\program files\Common Files\Java
2010-05-09 17:24 . 2006-11-27 05:29 -------- d-----w- c:\program files\Lx_cats
2010-05-05 02:32 . 2008-05-03 04:03 -------- d-----w- c:\program files\Lavasoft
2010-05-04 07:15 . 2006-07-17 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 07:04 . 2006-07-17 02:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 00:31 . 2006-07-17 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 17:24 . 2006-07-17 04:18 84184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 03:44 . 2010-04-11 03:42 -------- d-----w- c:\program files\AVStoDVD
2010-04-11 03:44 . 2010-04-11 03:44 -------- d-----w- c:\program files\Haali
2010-04-11 03:42 . 2010-01-02 06:04 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-11 03:37 . 2010-04-11 03:25 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-11 03:37 . 2010-04-11 03:25 -------- d-----w- c:\program files\AVS4YOU
2010-04-11 03:28 . 2010-04-11 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-04-11 03:28 . 2010-04-11 03:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU
2010-04-03 03:07 . 2006-11-17 06:32 -------- d-----w- c:\program files\Picasa2
2010-03-22 18:38 . 2010-03-22 18:38 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-16 23:18 . 2008-05-17 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-11 15:09 . 2010-03-11 15:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-07 20:49 . 2010-03-14 23:26 3862528 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]\plugins\npRACtrl.dll
2010-02-23 05:51 . 2010-02-23 05:51 60432 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-23 05:17 . 2010-02-23 05:17 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2003-08-27 21:19 . 2006-09-22 04:38 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2008-02-28 21:30 . 2007-04-01 20:46 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-28 21:33 . 2007-04-01 20:46 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FireflyMini"="c:\program files\SnapStream Media\Firefly Mini\FireflyMini.exe" [2007-01-12 135168]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-11-01 57344]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-12-17 94208]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-12 308144]
"Firefly"="c:\program files\SnapStream Media\Firefly\Firefly.exe" [2004-08-18 184320]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-20 2046816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Beyond TV.lnk - c:\program files\SnapStream Media\Beyond TV\BTVAgent2.exe [2008-11-21 394752]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2010-2-7 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-23 08:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdfcoms.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe"=
"c:\\WINDOWS\\system32\\lxdfcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVPlaybackEngine.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/4/2010 7:40 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/17/2008 2:21 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/17/2008 2:21 PM 108552]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/23/2009 1:13 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/23/2009 1:13 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1291544]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;c:\windows\system32\drivers\atidacxx.sys [7/16/2006 10:00 PM 12800]
R3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;c:\windows\system32\drivers\atiddcxx.sys [7/16/2006 10:00 PM 10112]
R3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;c:\windows\system32\drivers\atidtuxx.sys [7/16/2006 10:00 PM 44544]
R3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;c:\windows\system32\drivers\atidvcxx.sys [7/16/2006 10:00 PM 201472]
R3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;c:\windows\system32\drivers\atidxbxx.sys [7/16/2006 10:00 PM 9728]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [7/16/2006 6:17 PM 104088]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [1/27/2008 11:24 PM 99248]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [7/16/2006 6:17 PM 5337]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:40]

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 06:16]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 06:16]

2009-04-27 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-07-17 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yym5z0b7.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 20:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDL[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\docume~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_36a4.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1336601894-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-11 20:47:11
ComboFix-quarantined-files.txt 2010-05-12 03:47

Pre-Run: 70,828,044,288 bytes free
Post-Run: 72,041,480,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 517E55822EFE5B98C3DEC571CD351B86
  • 0

#8
CathyT

CathyT

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron-

Any more advice since my last response on Monday 5/10?

Thank you again I really appreciate your help and expertise.

Cathy
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
I think you are about done. Your logs look clean. There's not much I can do for you if MS thinks you are not genuine. You will probably have to talk to them directly. You might try:
http://support.microsoft.com/kb/938720

I can tell you that your anti-virus is out of date. You can either update to AVG9 or uninstall AVG 8 and install the free Avast.
http://www.avast.com...avast-home.html

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP