redirect / random character dialogue box

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4202
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/15/2010 7:45:24 PM
mbam-log-2010-06-15 (19-45-24).txt
Scan type: Quick scan
Objects scanned: 142299
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-15 21:22:44

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Erik\LOCALS~1\Temp\kwroyuow.sys
---- System - GMER 1.0.15 ----

SSDT 8606DBE0 ZwCreateKey

SSDT 8606D0E0 ZwCreateProcess

SSDT 8606D3A0 ZwCreateProcessEx

SSDT 8606EA40 ZwCreateThread

SSDT 8606E160 ZwDeleteKey

SSDT 8606E420 ZwDeleteValueKey

SSDT 8606EBE0 ZwLoadDriver

SSDT 8606D660 ZwOpenProcess

SSDT 8606DEA0 ZwSetValueKey

SSDT 8606D920 ZwTerminateProcess

SSDT 8606E8A0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 120 804E278C 4 Bytes JMP E63D8606

.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 4 Bytes CALL 8F04B117

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6D5D340, 0x121A5F, 0xF8000020]

.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[328] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A

.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A

.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C

.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0232000A

.text C:\WINDOWS\System32\svchost.exe[1396] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E0000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 6/15/2010 10:29:37 PM - Run 3

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Erik\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 477.00 Mb Available Physical Memory | 47.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.87 Gb Total Space | 20.78 Gb Free Space | 37.18% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER-Q1YR996VI
Current User Name: Erik
Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/15 22:28:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe

PRC - [2010/01/16 13:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe

PRC - [2010/01/16 13:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe

PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

PRC - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/06/15 22:28:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe

MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/16 13:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2010/01/16 13:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)

SRV - [2010/01/16 13:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009/04/14 03:58:40 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)

SRV - [2009/04/14 03:58:04 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)

SRV - [2009/01/31 17:03:08 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)

SRV - [2008/05/28 12:32:34 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2008/02/28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2008/02/15 23:39:30 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)

SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)

DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)

DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)

DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)

DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/04/02 16:00:12 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2009/04/02 16:00:08 | 000,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2009/04/02 16:00:00 | 000,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008/05/28 12:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/03/07 13:39:50 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/02/28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2008/02/15 23:39:32 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)

DRV - [2008/02/15 23:39:32 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)

DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)

DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

DRV - [2001/08/17 06:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.SYS -- (PQNTDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.msn.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1047

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swisco.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265860563468 (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 01:19:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/28 01:18:17 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (11272609819787264)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/15 22:28:32 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe

[2010/06/15 16:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/06/15 16:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/06/15 10:24:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/06/14 07:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2010/06/14 07:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/14 07:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/06/13 22:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Desktop\Poop

[2010/06/13 18:11:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/13 18:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/06/13 16:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/06/13 16:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/06/13 09:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Hardware

[2010/06/12 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/06/12 08:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair

[2010/06/11 23:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/06/11 23:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/06/10 00:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/06/09 08:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/06/09 08:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/06/02 16:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2010/05/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Desktop\Annelise 6 Mos

[2010/04/19 20:08:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Erik\IECompatCache

[2010/04/09 21:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\Malwarebytes

[2010/04/09 21:36:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/09 21:36:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/09 21:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/04/09 21:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/04/03 10:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Tracing

[2010/04/03 09:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\SupportSoft

[2010/04/03 09:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/04/03 09:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Erik\PrivacIE

[2010/04/03 09:15:07 | 009,078,208 | ---- | C] (Qwest ) -- C:\Documents and Settings\Erik\QCSetup_2_7.exe

[2010/04/03 08:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/04/03 07:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\Qwest

[2010/04/03 07:42:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Erik\IETldCache

[2010/04/03 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/04/03 00:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2010/04/03 00:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010/04/03 00:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework

[2010/04/03 00:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/04/03 00:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/04/03 00:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2010/04/03 00:05:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/04/03 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Qwest Personal Digital Vault

[2010/04/02 23:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Qwest

[2010/04/02 23:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft

[2010/04/02 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Qwest

[2010/04/02 20:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS

[2010/04/02 20:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode

[2010/04/02 20:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\Xenocode

[2010/03/31 18:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 90 Days ==========

[2010/06/15 22:28:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe

[2010/06/15 22:23:30 | 000,027,344 | ---- | M] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/06/15 22:04:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/15 22:04:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/15 19:17:42 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Erik\NTUSER.DAT

[2010/06/15 18:16:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/15 18:16:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/15 18:16:11 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/15 18:14:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Erik\ntuser.ini

[2010/06/15 17:19:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/06/15 16:45:11 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Spybot - Search & Destroy.lnk

[2010/06/15 15:21:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2010/06/15 15:21:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2010/06/15 10:30:17 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/15 10:30:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/15 10:30:17 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/06/14 06:39:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/06/14 06:33:11 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/06/13 23:05:59 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\gmer.zip

[2010/06/13 16:24:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/13 10:55:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/13 08:24:09 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/10 17:54:55 | 000,000,147 | ---- | M] () -- C:\WINDOWS\TmProxy.ini

[2010/06/10 00:12:49 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/06/05 13:02:54 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\2010 Las Vegas Scavenger Hunt.doc

[2010/06/05 12:59:20 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Treasure Island.doc

[2010/05/31 21:00:04 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2010/05/31 20:56:24 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\peggyresumeupdate[1].doc

[2010/05/31 20:51:23 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Edward Jones Cover.doc

[2010/05/23 11:09:06 | 000,058,746 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\sb1070s.pdf

[2010/05/23 11:09:02 | 000,041,123 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\hb2162.pdf

[2010/05/15 06:08:50 | 000,023,479 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\looking three.JPG

[2010/05/15 06:08:43 | 000,025,523 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\looking two.JPG

[2010/05/15 06:08:03 | 000,021,342 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Looking one.JPG

[2010/05/15 06:07:39 | 000,026,983 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Annelise sitting.JPG

[2010/05/12 20:58:51 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Palm Springs Vacation.doc

[2010/05/06 21:17:24 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Ninja Final.doc

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/21 20:11:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/04/13 21:57:58 | 000,042,455 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Noce Resume.rtf

[2010/04/13 21:44:37 | 000,012,989 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\GCU Cover Letter.rtf

[2010/04/13 21:41:22 | 002,155,077 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\AZ Teaching License.pdf

[2010/04/13 21:40:04 | 003,502,133 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\U of M Transcript 2.pdf

[2010/04/13 21:37:37 | 003,015,099 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\U of M Transcript 1.pdf

[2010/04/13 21:35:55 | 002,357,515 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\GCU Transcript.pdf

[2010/04/13 21:32:48 | 003,091,486 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Hamline University Transcript.pdf

[2010/04/11 21:55:03 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Job Interview Points and Info.doc

[2010/04/09 21:36:47 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/03 09:20:25 | 000,002,074 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Qwest QuickCare.lnk

[2010/04/03 09:15:22 | 009,078,208 | ---- | M] (Qwest ) -- C:\Documents and Settings\Erik\QCSetup_2_7.exe

[2010/04/03 00:08:59 | 000,001,345 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Windows Live.lnk

[2010/04/03 00:03:38 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Qwest Personal Digital Vault.lnk

[2010/03/28 21:38:06 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\mcs.rma

[2010/03/28 21:38:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\F636CA

[2010/03/28 21:36:30 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk

[2010/03/24 18:38:15 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\LFBC 2010.xls

========== Files Created - No Company Name ==========

[2010/06/15 16:45:11 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Spybot - Search & Destroy.lnk

[2010/06/14 06:41:45 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys

[2010/06/13 23:05:59 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\gmer.zip

[2010/06/10 17:54:54 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TmProxy.ini

[2010/06/10 00:12:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/06/06 19:45:18 | 000,288,061 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Glendale026.JPG

[2010/06/04 18:30:08 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Treasure Island.doc

[2010/06/04 16:31:32 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\2010 Las Vegas Scavenger Hunt.doc

[2010/05/31 20:12:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Edward Jones Cover.doc

[2010/05/31 14:59:10 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\peggyresumeupdate[1].doc

[2010/05/23 11:09:06 | 000,058,746 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\sb1070s.pdf

[2010/05/23 11:09:02 | 000,041,123 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\hb2162.pdf

[2010/05/15 06:08:50 | 000,023,479 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\looking three.JPG

[2010/05/15 06:08:43 | 000,025,523 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\looking two.JPG

[2010/05/15 06:08:03 | 000,021,342 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Looking one.JPG

[2010/05/15 06:07:39 | 000,026,983 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Annelise sitting.JPG

[2010/05/10 21:47:31 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Palm Springs Vacation.doc

[2010/05/06 21:14:37 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Ninja Final.doc

[2010/04/21 20:08:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/04/13 21:45:31 | 000,042,455 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Noce Resume.rtf

[2010/04/13 21:44:37 | 000,012,989 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\GCU Cover Letter.rtf

[2010/04/13 21:41:26 | 002,155,077 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\AZ Teaching License.pdf

[2010/04/13 21:40:18 | 003,502,133 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\U of M Transcript 2.pdf

[2010/04/13 21:37:47 | 003,015,099 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\U of M Transcript 1.pdf

[2010/04/13 21:36:06 | 002,357,515 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\GCU Transcript.pdf

[2010/04/13 21:33:37 | 003,091,486 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Hamline University Transcript.pdf

[2010/04/11 21:55:03 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Job Interview Points and Info.doc

[2010/04/09 21:36:47 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/03 09:20:25 | 000,002,074 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Qwest QuickCare.lnk

[2010/04/03 00:08:59 | 000,001,345 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Windows Live.lnk

[2010/04/03 00:08:54 | 000,216,266 | R--- | C] () -- C:\WINDOWS\wl.ico

[2010/04/03 00:03:38 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Qwest Personal Digital Vault.lnk

[2010/03/28 21:36:30 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk

[2009/11/29 12:27:35 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/09/01 12:26:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008/08/28 20:56:46 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS

[2008/08/28 01:58:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2004/08/04 00:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/04 00:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/04 00:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/04 00:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/04 00:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll

========== LOP Check ==========

[2010/06/14 06:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2008/09/01 12:15:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/12/31 10:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2008/08/28 20:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2009/06/12 12:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movielink

[2010/04/02 20:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest

[2008/09/01 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/11/21 08:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2010/04/03 09:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2008/08/30 07:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/02/17 18:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008/08/28 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Aim

[2010/04/13 21:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Canon

[2008/08/28 19:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\EBookSys

[2010/02/10 20:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Facebook

[2009/11/29 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Leadertech

[2008/08/28 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\MSNInstaller

[2008/08/28 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\MyPublisher

[2009/04/19 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\OverDrive

[2008/08/28 19:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\ParetoLogic

[2008/08/28 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\PlayFirst

[2008/08/28 19:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\ScanSoft

[2008/09/08 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Skinux

[2008/08/28 19:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Snapfish

[2008/08/28 19:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Sony

[2008/08/28 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\uTorrent

[2008/08/28 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Viewpoint

[2008/08/28 19:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Walgreens

[2008/08/28 19:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\WeatherBug

[2010/05/31 21:00:04 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/08/28 20:43:52 | 000,001,024 | ---- | M] () -- C:\.rnd

[2008/08/28 01:19:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/06/15 10:30:17 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2008/08/28 01:19:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2010/06/15 10:21:18 | 000,026,514 | ---- | M] () -- C:\Facilitator.log

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2010/06/15 18:16:11 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2008/08/28 01:19:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/08/30 07:14:02 | 000,000,470 | -H-- | M] () -- C:\IPH.PH

[2010/06/10 17:58:01 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2008/08/28 01:19:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/08/28 08:01:56 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/08/30 01:19:32 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/06/15 18:16:08 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2007/04/01 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8U.DLL

[2007/04/01 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8U.DLL

[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2008/05/28 12:33:06 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/08/27 17:57:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2008/08/27 17:57:34 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2008/08/27 17:57:34 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >

[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< End of report >

Edited by PhxPhin, 16 June 2010 - 01:39 AM.

#1
PhxPhin

Posted 15 June 2010 - 11:51 PM

Advertisements

#2
PhxPhin

Posted 16 June 2010 - 12:40 AM

#3
PhxPhin

Posted 16 June 2010 - 12:44 AM

#4
PhxPhin

Posted 16 June 2010 - 12:46 AM

#5
PhxPhin

Posted 16 June 2010 - 12:49 AM

#6
PhxPhin

Posted 16 June 2010 - 12:50 AM

#7
PhxPhin

Posted 16 June 2010 - 12:52 AM

#8
PhxPhin

Posted 16 June 2010 - 12:55 AM

#9
PhxPhin

Posted 16 June 2010 - 12:59 AM

#10
PhxPhin

Posted 16 June 2010 - 01:05 AM

#11
PhxPhin

Posted 16 June 2010 - 01:05 AM

#12
PhxPhin

Posted 16 June 2010 - 08:23 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

redirect / random character dialogue box

#1 PhxPhin Posted 15 June 2010 - 11:51 PM

Advertisements

#2 PhxPhin Posted 16 June 2010 - 12:40 AM

#3 PhxPhin Posted 16 June 2010 - 12:44 AM

#4 PhxPhin Posted 16 June 2010 - 12:46 AM

#5 PhxPhin Posted 16 June 2010 - 12:49 AM

#6 PhxPhin Posted 16 June 2010 - 12:50 AM

#7 PhxPhin Posted 16 June 2010 - 12:52 AM

#8 PhxPhin Posted 16 June 2010 - 12:55 AM

#9 PhxPhin Posted 16 June 2010 - 12:59 AM

#10 PhxPhin Posted 16 June 2010 - 01:05 AM

#11 PhxPhin Posted 16 June 2010 - 01:05 AM

#12 PhxPhin Posted 16 June 2010 - 08:23 AM