[supernoober]

Hi, I have the malware antivirus soft. I ran malwarebytes already in safemode and it did not remove it. I managed to disable the malware software from starting up by quickly going to MSCONFIG > start-up as soon as I turn on my computer. What should I do? I am posting OTL log and extras. Thanks!

Attached Files

•  otl.txt   60.31KB   97 downloads
•  extras.txt   37.02KB   109 downloads

[Advertisements]

Hello user and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start cleaning your PC you must print or save to Desktop (in .txt file) this instructions so you can access it in Safe Mode with no internet connection.

NOTE:

• Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before I will be allowed to post them to you.
• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open notepad OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please make sure you include the following items:

• OTL log
• GMER log

It would be helpful if you could post each log in separate post

[maliprog]

Hello user and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start cleaning your PC you must print or save to Desktop (in .txt file) this instructions so you can access it in Safe Mode with no internet connection.

NOTE:

• Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before I will be allowed to post them to you.
• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open notepad OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please make sure you include the following items:

• OTL log
• GMER log

It would be helpful if you could post each log in separate post

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[supernoober]

I did OTL in safe mode,

and the GMER in regular mode. Here is the OTL log first:

OTL logfile created on: 6/3/2010 3:12:17 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner.Lappy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 22.61 Gb Free Space | 15.90% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.73 Gb Free Space | 69.27% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINNYC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfeeFramework)
SRV - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/09/27 23:40:20 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2009/08/17 09:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 09:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 09:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 09:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 09:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 09:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/16 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/07/16 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/02 16:14:20 | 010,180,096 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/08/24 20:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 20:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/15 15:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2004/11/05 07:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.3
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 07:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 07:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/14 02:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2008/08/26 00:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Extensions
[2010/05/27 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions
[2009/09/03 13:09:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 00:16:35 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2009/10/23 13:38:38 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2009/08/27 21:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Sunbird\Profiles\2rg47ffo.default\extensions
[2008/02/17 12:05:27 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\searchplugins\aolsearch.xml
[2010/05/27 09:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/04/06 17:28:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe (Strydent Software, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3263bde8-4363-11df-b426-0018de2f089e}\Shell\AutoRun\command - "" = F:\rcaDVM_setup.exe -- File not found
O33 - MountPoints2\{3263bde8-4363-11df-b426-0018de2f089e}\Shell\install\command - "" = F:\rcaDVM_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/17 02:40:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 14:59:05 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
[2010/05/25 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\Threat Expert
[2010/05/25 16:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/25 01:03:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/25 01:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/25 01:00:52 | 036,592,664 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner.Lappy\Desktop\sdsetup_aff.exe
[2010/05/24 23:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\tmteruuir
[2010/05/23 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\In The Money
[2010/05/23 22:26:23 | 000,000,000 | ---D | C] -- C:\HMArchive
[2010/05/23 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\IsolatedStorage
[2010/05/23 22:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2010/05/23 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\RVG Software
[2010/05/23 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2010/04/05 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\DoylesRoom
[2010/03/31 02:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Application Data\Absolute Poker
[2010/03/31 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2010/03/30 00:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Desktop\singles
[2010/03/26 01:30:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.Lappy\Recent
[2010/03/14 04:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Desktop\Kid Cudi Drake Tyga JCole - New Era Swagg Part (DatPiff.com)
[2008/12/23 02:00:58 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2008/12/23 02:00:58 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/12/23 02:00:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/12/23 02:00:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/03 15:11:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 15:10:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 15:09:58 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Owner.Lappy\NTUSER.DAT
[2010/06/03 15:09:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Lappy\ntuser.ini
[2010/06/03 15:02:30 | 000,293,376 | ---- | M] () -- C:\wwfy5p80.exe
[2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
[2010/06/03 07:33:07 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 17:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/25 02:46:08 | 000,000,857 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 02:46:08 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/25 02:46:08 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/05/25 01:01:21 | 036,592,664 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner.Lappy\Desktop\sdsetup_aff.exe
[2010/05/23 22:29:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HMHud.INI
[2010/05/17 16:22:09 | 001,654,909 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\proteinDebate-1.pdf
[2010/05/12 03:00:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 12:02:52 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FinalReflectionSoc101.doc
[2010/05/06 18:54:24 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 02:58:26 | 005,038,989 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Race Matters Cornel West.pdf
[2010/04/29 04:31:51 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FINAL Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/29 04:17:58 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/28 22:07:18 | 003,383,914 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Find Your Love.mp3
[2010/04/27 19:23:54 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWN LAB REPORT1.doc
[2010/04/27 12:57:44 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Unknown Lab Report 2.doc
[2010/04/26 23:54:48 | 000,114,218 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\jfungiswhack.jpg
[2010/04/20 15:45:53 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\14-20 vince.doc
[2010/04/20 00:03:42 | 010,209,693 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Executives Club - Sound Of High.mp3
[2010/04/16 06:00:19 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\resume.doc
[2010/04/13 12:03:08 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Micro lab objectives quiz 4.doc
[2010/04/12 21:41:56 | 009,666,754 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\02 Super High feat. Ne-Yo (Dirty).mp3
[2010/04/12 16:40:22 | 000,010,879 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\References for resume spt 07.docx
[2010/04/12 12:28:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection3.doc
[2010/04/11 17:59:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 20:02:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\DVM.INI
[2010/03/31 13:48:43 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Adam Berke's Resume.doc
[2010/03/20 22:39:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWNLABREPORT1.DOC
[2010/03/20 22:39:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\~$KNOWNLABREPORT1.DOC
[2010/03/17 03:43:51 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 03:43:51 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 03:43:51 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 04:44:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\MicroOralPresentationBriefOutline.doc
[2010/03/16 00:29:52 | 000,466,578 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22, & 24.pdf
[2010/03/16 00:29:52 | 000,017,722 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22 & 24.docx
[2010/03/15 18:13:34 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Microquiz3objectives.doc
[2010/03/08 02:42:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection2Soc101.doc
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 15:02:29 | 000,293,376 | ---- | C] () -- C:\wwfy5p80.exe
[2010/05/23 22:29:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010/05/23 22:25:51 | 000,067,549 | ---- | C] () -- C:\Program Files\hminstalllog.txt
[2010/05/17 16:22:09 | 001,654,909 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\proteinDebate-1.pdf
[2010/05/10 05:16:51 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FinalReflectionSoc101.doc
[2010/05/03 02:58:26 | 005,038,989 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Race Matters Cornel West.pdf
[2010/04/29 04:18:11 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FINAL Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/28 22:50:24 | 003,383,914 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Find Your Love.mp3
[2010/04/28 15:36:25 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/26 23:54:48 | 000,114,218 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\jfungiswhack.jpg
[2010/04/25 19:36:06 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Unknown Lab Report 2.doc
[2010/04/20 03:35:27 | 009,666,754 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\02 Super High feat. Ne-Yo (Dirty).mp3
[2010/04/20 03:32:51 | 009,482,634 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\01 Over (Dirty).mp3
[2010/04/20 03:27:45 | 010,209,693 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Executives Club - Sound Of High.mp3
[2010/04/20 02:36:44 | 002,493,440 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\housingPresentation1.pps
[2010/04/17 03:01:41 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\14-20 vince.doc
[2010/04/16 06:00:19 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\resume.doc
[2010/04/15 02:58:52 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Adam Berke's Resume.doc
[2010/04/12 16:48:30 | 000,010,879 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\References for resume spt 07.docx
[2010/04/12 12:27:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection3.doc
[2010/04/12 00:53:15 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Micro lab objectives quiz 4.doc
[2010/04/08 20:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/03/31 03:00:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/22 02:51:03 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWN LAB REPORT1.doc
[2010/03/20 22:39:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\~$KNOWNLABREPORT1.DOC
[2010/03/20 22:39:28 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWNLABREPORT1.DOC
[2010/03/16 04:44:24 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\MicroOralPresentationBriefOutline.doc
[2010/03/16 00:30:11 | 000,017,722 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22 & 24.docx
[2010/03/16 00:30:10 | 000,466,578 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22, & 24.pdf
[2010/03/11 02:15:28 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Microquiz3objectives.doc
[2010/03/08 02:42:05 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection2Soc101.doc
[2009/11/03 01:04:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/12/23 02:01:03 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/09/02 22:24:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/08/29 13:54:59 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/06/17 14:10:25 | 000,000,771 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2007/01/19 02:55:41 | 000,000,814 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/31 21:47:04 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/12/31 06:08:00 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/31 06:08:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/31 06:07:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/31 06:07:58 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/31 06:07:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/31 00:12:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/27 23:44:54 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/09/27 23:33:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 02:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 09:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/11/27 17:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/08/29 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/12/31 19:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/06/03 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/06 23:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/31 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/14 02:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/15 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Absolute Poker
[2006/12/31 00:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\acccore
[2008/08/29 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\AVG7
[2009/08/21 00:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Azureus
[2009/08/07 00:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Canneverbe_Limited
[2008/09/16 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\HorizonWimba
[2009/05/31 01:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\LimeWire
[2006/12/31 00:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\NJStar
[2010/02/05 03:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\ooVoo Details
[2006/09/27 23:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\SampleView
[2008/08/09 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\TeamViewer
[2009/04/23 16:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Template
[2010/06/03 08:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\uTorrent
[2007/01/11 17:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Viewpoint
[2007/04/07 16:19:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1167558482.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/06/03 15:02:30 | 000,293,376 | ---- | M] () -- C:\wwfy5p80.exe


< MD5 for: AGP440.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\DRV\SCS\iastor.sys
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/16 21:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/16 21:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/16 21:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/06/16 19:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/16 19:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/16 19:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

[supernoober]

Here are the results for GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 22:46:12
Windows 5.1.2600 Service Pack 3
Running: wwfy5p80.exe; Driver: C:\DOCUME~1\OWNER~1.LAP\LOCALS~1\Temp\fwtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9C6AA6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9C6AA574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9C6AAA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9C6AA14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9C6AA64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9C6AA08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9C6AA0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9C6AA76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9C6AA72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9C6AA8AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{156E5059-1974-1C21-234A49AFACAB4059}\{B90FCDFF-5527-F999-5BDD8AB8903FEB58}\{85FE2661-9FF6-1F38-3936C76FCE54F605}
Reg HKLM\SOFTWARE\Classes\CLSID\{156E5059-1974-1C21-234A49AFACAB4059}\{B90FCDFF-5527-F999-5BDD8AB8903FEB58}\{85FE2661-9FF6-1F38-3936C76FCE54F605}@XOGCPEUPGZA3BTOUPKIJ6FJXTE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FE362BA5-0629-D23B-C3FB8C239E33F8FC}\{C1CE7122-E981-B6FB-55D5EB357453DE2E}\{F24091A5-7F5D-E904-126AD7451BC3CC57}
Reg HKLM\SOFTWARE\Classes\CLSID\{FE362BA5-0629-D23B-C3FB8C239E33F8FC}\{C1CE7122-E981-B6FB-55D5EB357453DE2E}\{F24091A5-7F5D-E904-126AD7451BC3CC57}@XOGCPEUPGZA3BTOUPKIJ6FJXTE1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

[maliprog]

Hi supernoober,

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
  [2010/05/24 23:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\tmteruuir
  [2006/09/27 23:44:54 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
  
  :Commands
  [purity]
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 2

Malwarebytes' Anti-Malware a.k.a. MBAM - Download Free Version (freeware) - Homepage
Why? Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, confirm a check mark is placed next to the following:
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. The rogue application should now be gone.

When completed, a log will open in Notepad. If you need to create a new topic, please paste this log with it.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

Extra Note: Do not run a full scan with MBAM. It is not required or needed, and in fact makes our job tougher.

Step 3

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please make sure you include the following items:

• OTL Fix log from Step 1
• Malwarebytes log
• OTL Scan log from Step 3

It would be helpful if you could post each log in separate post

[supernoober]

Here is the OTL fix log:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\tmteruuir folder moved successfully.
C:\WINDOWS\system32\jesterss.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 634545 bytes

User: Owner.Lappy
->Temp folder emptied: 798385533 bytes
->Temporary Internet Files folder emptied: 76190619 bytes
->Java cache emptied: 36103651 bytes
->FireFox cache emptied: 92713200 bytes
->Flash cache emptied: 40663 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 346641 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 993940 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10953774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 82624 bytes

Total Files Cleaned = 970.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06062010_012653

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat moved successfully.

Registry entries deleted on Reboot...

[supernoober]

Here is the MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 1:41:48 AM
mbam-log-2010-06-06 (01-41-48).txt

Scan type: Quick scan
Objects scanned: 133047
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[maliprog]

Hi supernoober

Please can you post OTL Scan log from Step 3.

[supernoober]

Here is OTL quick scan log

OTL logfile created on: 6/6/2010 4:22:36 AM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner.Lappy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 20.26 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.73 Gb Free Space | 69.27% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINNYC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
PRC - [2009/08/17 09:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/10/31 12:22:38 | 000,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/03/13 07:41:02 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\anotify.exe
PRC - [2006/11/29 17:28:54 | 000,262,144 | ---- | M] (SONIX) -- C:\WINDOWS\tsnpstd3.exe
PRC - [2006/11/21 10:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/09/27 23:40:20 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/09/18 15:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2005/12/28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/27 10:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/11/05 07:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/10/20 18:47:20 | 000,458,752 | ---- | M] (Strydent Software, Inc.) -- C:\Program Files\InkSaver\InkSaver.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/05 07:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfeeFramework)
SRV - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/09/27 23:40:20 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2009/08/17 09:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 09:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 09:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 09:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 09:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 09:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/16 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/07/16 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/02 16:14:20 | 010,180,096 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/08/24 20:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 20:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/15 15:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2004/11/05 07:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.3
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 07:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 07:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/14 02:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2008/08/26 00:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Extensions
[2010/06/06 02:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions
[2009/09/03 13:09:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 00:16:35 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2009/10/23 13:38:38 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2009/08/27 21:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Sunbird\Profiles\2rg47ffo.default\extensions
[2008/02/17 12:05:27 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\searchplugins\aolsearch.xml
[2010/06/06 01:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/04/06 17:28:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe (Strydent Software, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3263bde8-4363-11df-b426-0018de2f089e}\Shell\AutoRun\command - "" = F:\rcaDVM_setup.exe -- File not found
O33 - MountPoints2\{3263bde8-4363-11df-b426-0018de2f089e}\Shell\install\command - "" = F:\rcaDVM_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 01:26:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/03 14:59:05 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
[2010/05/25 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\Threat Expert
[2010/05/25 16:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/25 01:03:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/25 01:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/25 01:00:52 | 036,592,664 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner.Lappy\Desktop\sdsetup_aff.exe
[2010/05/23 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\In The Money
[2010/05/23 22:26:23 | 000,000,000 | ---D | C] -- C:\HMArchive
[2010/05/23 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\IsolatedStorage
[2010/05/23 22:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2010/05/23 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\RVG Software
[2010/05/23 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2010/04/05 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\DoylesRoom
[2010/03/31 02:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Application Data\Absolute Poker
[2010/03/31 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2010/03/30 00:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Desktop\singles
[2010/03/26 01:30:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.Lappy\Recent
[2010/03/14 04:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Desktop\Kid Cudi Drake Tyga JCole - New Era Swagg Part (DatPiff.com)
[2008/12/23 02:00:58 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2008/12/23 02:00:58 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/12/23 02:00:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/12/23 02:00:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/06 01:29:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 01:29:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 01:29:39 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 01:28:33 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Owner.Lappy\NTUSER.DAT
[2010/06/06 01:28:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Lappy\ntuser.ini
[2010/06/05 20:28:48 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 15:02:30 | 000,293,376 | ---- | M] () -- C:\wwfy5p80.exe
[2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
[2010/06/01 17:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/25 02:46:08 | 000,000,857 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 02:46:08 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/25 02:46:08 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/05/25 01:01:21 | 036,592,664 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner.Lappy\Desktop\sdsetup_aff.exe
[2010/05/23 22:29:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HMHud.INI
[2010/05/17 16:22:09 | 001,654,909 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\proteinDebate-1.pdf
[2010/05/12 03:00:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 12:02:52 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FinalReflectionSoc101.doc
[2010/05/06 18:54:24 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 02:58:26 | 005,038,989 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Race Matters Cornel West.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 04:31:51 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FINAL Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/29 04:17:58 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/28 22:07:18 | 003,383,914 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Find Your Love.mp3
[2010/04/27 19:23:54 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWN LAB REPORT1.doc
[2010/04/27 12:57:44 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Unknown Lab Report 2.doc
[2010/04/26 23:54:48 | 000,114,218 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\jfungiswhack.jpg
[2010/04/20 15:45:53 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\14-20 vince.doc
[2010/04/20 00:03:42 | 010,209,693 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Executives Club - Sound Of High.mp3
[2010/04/16 06:00:19 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\resume.doc
[2010/04/13 12:03:08 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Micro lab objectives quiz 4.doc
[2010/04/12 21:41:56 | 009,666,754 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\02 Super High feat. Ne-Yo (Dirty).mp3
[2010/04/12 16:40:22 | 000,010,879 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\References for resume spt 07.docx
[2010/04/12 12:28:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection3.doc
[2010/04/11 17:59:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 20:02:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\DVM.INI
[2010/03/31 13:48:43 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Adam Berke's Resume.doc
[2010/03/20 22:39:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWNLABREPORT1.DOC
[2010/03/20 22:39:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\~$KNOWNLABREPORT1.DOC
[2010/03/17 03:43:51 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 03:43:51 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 03:43:51 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 04:44:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\MicroOralPresentationBriefOutline.doc
[2010/03/16 00:29:52 | 000,466,578 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22, & 24.pdf
[2010/03/16 00:29:52 | 000,017,722 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22 & 24.docx
[2010/03/15 18:13:34 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Microquiz3objectives.doc
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 19:50:07 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/03 15:02:29 | 000,293,376 | ---- | C] () -- C:\wwfy5p80.exe
[2010/05/23 22:29:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010/05/23 22:25:51 | 000,067,549 | ---- | C] () -- C:\Program Files\hminstalllog.txt
[2010/05/17 16:22:09 | 001,654,909 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\proteinDebate-1.pdf
[2010/05/10 05:16:51 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FinalReflectionSoc101.doc
[2010/05/03 02:58:26 | 005,038,989 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Race Matters Cornel West.pdf
[2010/04/29 04:18:11 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FINAL Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/28 22:50:24 | 003,383,914 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Find Your Love.mp3
[2010/04/28 15:36:25 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/26 23:54:48 | 000,114,218 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\jfungiswhack.jpg
[2010/04/25 19:36:06 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Unknown Lab Report 2.doc
[2010/04/20 03:35:27 | 009,666,754 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\02 Super High feat. Ne-Yo (Dirty).mp3
[2010/04/20 03:32:51 | 009,482,634 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\01 Over (Dirty).mp3
[2010/04/20 03:27:45 | 010,209,693 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Executives Club - Sound Of High.mp3
[2010/04/20 02:36:44 | 002,493,440 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\housingPresentation1.pps
[2010/04/17 03:01:41 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\14-20 vince.doc
[2010/04/16 06:00:19 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\resume.doc
[2010/04/15 02:58:52 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Adam Berke's Resume.doc
[2010/04/12 16:48:30 | 000,010,879 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\References for resume spt 07.docx
[2010/04/12 12:27:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection3.doc
[2010/04/12 00:53:15 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Micro lab objectives quiz 4.doc
[2010/04/08 20:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/03/31 03:00:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/22 02:51:03 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWN LAB REPORT1.doc
[2010/03/20 22:39:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\~$KNOWNLABREPORT1.DOC
[2010/03/20 22:39:28 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWNLABREPORT1.DOC
[2010/03/16 04:44:24 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\MicroOralPresentationBriefOutline.doc
[2010/03/16 00:30:11 | 000,017,722 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22 & 24.docx
[2010/03/16 00:30:10 | 000,466,578 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22, & 24.pdf
[2010/03/11 02:15:28 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Microquiz3objectives.doc
[2009/11/03 01:04:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/12/23 02:01:03 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/09/02 22:24:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/08/29 13:54:59 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/06/17 14:10:25 | 000,000,771 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2007/01/19 02:55:41 | 000,000,814 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/31 21:47:04 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/12/31 06:08:00 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/31 06:08:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/31 06:07:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/31 06:07:58 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/31 06:07:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/31 00:12:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/27 23:33:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 02:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 09:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/11/27 17:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/08/29 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/12/31 19:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/06/03 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/06 23:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/31 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/14 02:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/15 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Absolute Poker
[2006/12/31 00:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\acccore
[2008/08/29 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\AVG7
[2009/08/21 00:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Azureus
[2009/08/07 00:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Canneverbe_Limited
[2008/09/16 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\HorizonWimba
[2009/05/31 01:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\LimeWire
[2006/12/31 00:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\NJStar
[2010/02/05 03:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\ooVoo Details
[2006/09/27 23:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\SampleView
[2008/08/09 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\TeamViewer
[2009/04/23 16:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Template
[2010/06/05 19:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\uTorrent
[2007/01/11 17:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Viewpoint
[2007/04/07 16:19:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1167558482.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

[maliprog]

Hi supernoober,

Step 1

Download Dr.Web CureIt to the desktop.

• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, chose the Complete Scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.Download Dr.Web CureIt to the desktop.

Step 2

How is your system now?

[supernoober]

Here is the dr web log:


63960376.FIL;C:\$VAULT$.AVG;Probably Trojan.Packed.Based;Deleted.;
indpnhhtssd.exe;C:\_OTL\MovedFiles\06062010_012653\C_Documents and Settings\Owner.Lappy\Local Settings\Application Data\tmteruuir;Trojan.Fakealert.15909;Incurable.Moved.;

I restarted my computer, but the indpnhhtssd.exe still shows up under the startup tab of my msconfig... it is still unchecked so it cannot start up

[maliprog]

Hi supernoober,

Run OTL

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig /s

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open notepad OTL.Txt. This OTL.txt is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them.

[supernoober]

Here is the OTL log

OTL logfile created on: 6/10/2010 12:24:27 AM - Run 4
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner.Lappy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 20.06 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.73 Gb Free Space | 69.27% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINNYC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
PRC - [2009/08/17 09:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/10/31 12:22:38 | 000,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/03/13 07:41:02 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\anotify.exe
PRC - [2006/11/29 17:28:54 | 000,262,144 | ---- | M] (SONIX) -- C:\WINDOWS\tsnpstd3.exe
PRC - [2006/11/21 10:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/09/27 23:40:20 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/09/18 15:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2005/12/28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/27 10:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/11/05 07:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/05 07:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfeeFramework)
SRV - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/09/27 23:40:20 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2009/08/17 09:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 09:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 09:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 09:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 09:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 09:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/16 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/07/16 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/02 16:14:20 | 010,180,096 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/08/24 20:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 20:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/15 15:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2004/11/05 07:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.3
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 07:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 07:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/14 02:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2008/08/26 00:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Extensions
[2010/06/09 12:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions
[2009/09/03 13:09:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 00:16:35 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2009/10/23 13:38:38 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2009/08/27 21:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Sunbird\Profiles\2rg47ffo.default\extensions
[2008/02/17 12:05:27 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Application Data\Mozilla\Firefox\Profiles\482qk6m9.default\searchplugins\aolsearch.xml
[2010/06/09 11:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/04/06 17:28:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe (Strydent Software, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3263bde8-4363-11df-b426-0018de2f089e}\Shell\AutoRun\command - "" = F:\rcaDVM_setup.exe -- File not found
O33 - MountPoints2\{3263bde8-4363-11df-b426-0018de2f089e}\Shell\install\command - "" = F:\rcaDVM_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/09 23:08:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/07 23:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Application Data\oovooinstaller
[2010/06/06 01:26:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/03 14:59:05 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
[2010/05/25 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\Threat Expert
[2010/05/25 16:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/25 01:03:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/25 01:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/25 01:00:52 | 036,592,664 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner.Lappy\Desktop\sdsetup_aff.exe
[2010/05/23 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\In The Money
[2010/05/23 22:26:23 | 000,000,000 | ---D | C] -- C:\HMArchive
[2010/05/23 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\IsolatedStorage
[2010/05/23 22:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2010/05/23 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\RVG Software
[2010/05/23 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2010/04/05 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\DoylesRoom
[2010/03/31 02:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Application Data\Absolute Poker
[2010/03/31 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2010/03/30 00:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Desktop\singles
[2010/03/26 01:30:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.Lappy\Recent
[2010/03/14 04:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Lappy\Desktop\Kid Cudi Drake Tyga JCole - New Era Swagg Part (DatPiff.com)
[2008/12/23 02:00:58 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2008/12/23 02:00:58 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/12/23 02:00:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/12/23 02:00:58 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/09 11:53:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/09 11:53:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/09 11:52:59 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/09 01:52:52 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Owner.Lappy\NTUSER.DAT
[2010/06/09 01:52:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Lappy\ntuser.ini
[2010/06/08 17:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/07 23:47:42 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/06/07 14:19:06 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\DrWeb.csv
[2010/06/06 21:58:49 | 043,233,896 | ---- | M] () -- C:\p3mn34u6.exe
[2010/06/05 20:28:48 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 15:02:30 | 000,293,376 | ---- | M] () -- C:\wwfy5p80.exe
[2010/06/03 14:59:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lappy\Desktop\OTL.exe
[2010/05/25 02:46:08 | 000,000,857 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 02:46:08 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/25 02:46:08 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/05/25 01:01:21 | 036,592,664 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner.Lappy\Desktop\sdsetup_aff.exe
[2010/05/23 22:29:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HMHud.INI
[2010/05/17 16:22:09 | 001,654,909 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\proteinDebate-1.pdf
[2010/05/12 03:00:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 12:02:52 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FinalReflectionSoc101.doc
[2010/05/06 18:54:24 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 02:58:26 | 005,038,989 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Race Matters Cornel West.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 04:31:51 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FINAL Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/29 04:17:58 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/28 22:07:18 | 003,383,914 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Find Your Love.mp3
[2010/04/27 19:23:54 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWN LAB REPORT1.doc
[2010/04/27 12:57:44 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Unknown Lab Report 2.doc
[2010/04/26 23:54:48 | 000,114,218 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\jfungiswhack.jpg
[2010/04/20 15:45:53 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\14-20 vince.doc
[2010/04/20 00:03:42 | 010,209,693 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Executives Club - Sound Of High.mp3
[2010/04/16 06:00:19 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\resume.doc
[2010/04/13 12:03:08 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Micro lab objectives quiz 4.doc
[2010/04/12 21:41:56 | 009,666,754 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\02 Super High feat. Ne-Yo (Dirty).mp3
[2010/04/12 16:40:22 | 000,010,879 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\References for resume spt 07.docx
[2010/04/12 12:28:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection3.doc
[2010/04/11 17:59:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 20:02:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\DVM.INI
[2010/03/31 13:48:43 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Adam Berke's Resume.doc
[2010/03/20 22:39:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWNLABREPORT1.DOC
[2010/03/20 22:39:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\~$KNOWNLABREPORT1.DOC
[2010/03/17 03:43:51 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 03:43:51 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 03:43:51 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 04:44:24 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\MicroOralPresentationBriefOutline.doc
[2010/03/16 00:29:52 | 000,466,578 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22, & 24.pdf
[2010/03/16 00:29:52 | 000,017,722 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22 & 24.docx
[2010/03/15 18:13:34 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Microquiz3objectives.doc
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp files -> C:\Documents and Settings\Owner.Lappy\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/07 14:19:06 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\DrWeb.csv
[2010/06/06 21:49:16 | 043,233,896 | ---- | C] () -- C:\p3mn34u6.exe
[2010/06/03 19:50:07 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/03 15:02:29 | 000,293,376 | ---- | C] () -- C:\wwfy5p80.exe
[2010/05/23 22:29:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010/05/23 22:25:51 | 000,067,549 | ---- | C] () -- C:\Program Files\hminstalllog.txt
[2010/05/17 16:22:09 | 001,654,909 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\proteinDebate-1.pdf
[2010/05/10 05:16:51 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FinalReflectionSoc101.doc
[2010/05/03 02:58:26 | 005,038,989 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Race Matters Cornel West.pdf
[2010/04/29 04:18:11 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\FINAL Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/28 22:50:24 | 003,383,914 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Find Your Love.mp3
[2010/04/28 15:36:25 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Vincent Chen Human Intestinal Microorganisms.ppt
[2010/04/26 23:54:48 | 000,114,218 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\jfungiswhack.jpg
[2010/04/25 19:36:06 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Unknown Lab Report 2.doc
[2010/04/20 03:35:27 | 009,666,754 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\02 Super High feat. Ne-Yo (Dirty).mp3
[2010/04/20 03:32:51 | 009,482,634 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\01 Over (Dirty).mp3
[2010/04/20 03:27:45 | 010,209,693 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Executives Club - Sound Of High.mp3
[2010/04/20 02:36:44 | 002,493,440 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\housingPresentation1.pps
[2010/04/17 03:01:41 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\14-20 vince.doc
[2010/04/16 06:00:19 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\resume.doc
[2010/04/15 02:58:52 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\Adam Berke's Resume.doc
[2010/04/12 16:48:30 | 000,010,879 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\Desktop\References for resume spt 07.docx
[2010/04/12 12:27:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Reflection3.doc
[2010/04/12 00:53:15 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Micro lab objectives quiz 4.doc
[2010/04/08 20:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/03/31 03:00:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/22 02:51:03 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWN LAB REPORT1.doc
[2010/03/20 22:39:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\~$KNOWNLABREPORT1.DOC
[2010/03/20 22:39:28 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\UNKNOWNLABREPORT1.DOC
[2010/03/16 04:44:24 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\MicroOralPresentationBriefOutline.doc
[2010/03/16 00:30:11 | 000,017,722 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22 & 24.docx
[2010/03/16 00:30:10 | 000,466,578 | ---- | C] () -- C:\Documents and Settings\Owner.Lappy\My Documents\Quiz 3 - Ex. 21, 22, & 24.pdf
[2009/11/03 01:04:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/12/23 02:01:03 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/09/02 22:24:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/08/29 13:54:59 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/06/17 14:10:25 | 000,000,771 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2007/01/19 02:55:41 | 000,000,814 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/31 21:47:04 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/12/31 06:08:00 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/31 06:08:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/31 06:07:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/31 06:07:58 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/31 06:07:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/31 00:12:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/27 23:33:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 02:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 09:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/11/27 17:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/08/29 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/12/31 19:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/06/03 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/06 23:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/31 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/14 02:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/15 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Absolute Poker
[2006/12/31 00:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\acccore
[2008/08/29 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\AVG7
[2009/08/21 00:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Azureus
[2009/08/07 00:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Canneverbe_Limited
[2008/09/16 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\HorizonWimba
[2009/05/31 01:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\LimeWire
[2006/12/31 00:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\NJStar
[2010/02/05 03:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\ooVoo Details
[2010/06/07 23:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\oovooinstaller
[2006/09/27 23:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\SampleView
[2008/08/09 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\TeamViewer
[2009/04/23 16:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Template
[2010/06/05 19:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\uTorrent
[2007/01/11 17:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lappy\Application Data\Viewpoint
[2007/04/07 16:19:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1167558482.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLHostManager
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\1159425450\EE\AOLHostManager.exe -- [2004/11/03 14:03:00 | 000,125,528 | ---- | M] (America Online, Inc.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSERIAL]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = sm56hlpr
"hkey" = HKLM
"command" = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe -- File not found
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uklcgblc]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = indpnhhtssd
"hkey" = HKCU
"command" = C:\Documents and Settings\Owner.Lappy\Local Settings\Application Data\tmteruuir\indpnhhtssd.exe -- File not found
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

[maliprog]

Hi supernoober,

We are going to remove it from Mscongif list.

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uklcgblc]
  
  :Commands
  [purity]
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Step 2

Your system is clean now and We need to clean up your PC from programs we used.. Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

Step 3 (Just recomendations)

Here are some recomendations you should follow to minimize infection risk in the future:

1. Your system need one antivirus software. Chose one that suits your needs best. Here are some FREEWARE recomendations:

Avira AntiVir Personal - Free
AVG Free

2. Your system need one firewall software. Chose one that suits your needs best. Here are some FREEWARE recomendations.

ZoneAlarm Pro
Ashampoo Firewall

3. Intall AntiSpyware. You need to have only one realtime antispyware solution running on your system.

• Super AntiSpyware - an amazing tool that can often clean up a system very efficiently.
  
• MalwareBytes Anti-Malware - another great program for keeping your system free of malware and running smooth.
  
• SpywareBlaster - helps prevent spyware from being installed on your system.

4. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

5. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

6. Make Backups of Important Files

Please read this article Home Computer Data Backup.


7. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.