Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Anti-malwarebytes, ERUNT, and Softonic questions

Started by traveler818 , Jun 25 2010 03:22 AM

Please log in to reply

#1
traveler818

Posted 25 June 2010 - 03:22 AM

Member

Member
140 posts

Some background: I have a serious problem which I beleive is caused by a progam called Softonic, which I did not download. It seems connected with another program callled conduit.com. At first, it disabled my antivirus program and downgraded me from Vista to XP. and from IE8 to IE6. It made access to antimalware programs nearly impossible. It would not let me run your malware cleaning guide, and right now is making it extremely difficult to type this. I used Microsoft Fix It Center and many things improved, but most Microsoft antimalware progams still think I'm running XP. and Firefox won't let me download version 8. Softonic did a LOT more, but I hope this is all the info you need now. If not, please let me know. Right now, typing this is ridiculously hard. After running Fix It, I was able to run the first part of the malware cleaning guide, and want to do it again NOW. This time, I want to run the whole thing. I also want to buy the paid version of Malwarebytes, but have questions before I do so. So for the cleaning, I want to use the free version. This is just some background for the following questions, so I hope I posted in the right place. I gave you only what info I thought you mght need to answer my questions below.

I read several posts that malwarebytes was broken. Is that still the case? The last time I had it, it went into endless loops that ran all night long. I also read that ERUNT is not for Vista in one place, but that it was in another. The first time I ran ERUNT, my system was still Vista only. But after I installed it, my computer ran like molasses. Still Vista, it seemed OK the second time.

So before I run the cleaning guide, I have 4 questions:

1) I need to know if not knowing whether I am Vista or XP here matters when I run the guide. If so, what do I do about it?

2) Is ERUNT OK for my machine, especially not knowing which os it thinks it's running.

3) Is Malwarebytes broken?

4) Should I try to remove Softonic before I run the cleaning guide? I finally found it hiding in my registry, and it always loads before my chosen programs load. It seems connected with another program called conduit.com.

This has been a mind-boggling nightmare.

For the record, I ran scans eveyday. I had Avast, Spywareblaster, Superantispyware, and Anti-malwarbytes. I bought the home version of CA PC Tune-UP, and Anti-virus plus Anti-Spyware. I was misled by the salesman and have 4-5 weeks to return it if you have a better idea. Their CS is useless. I don't know if either program runs comprehensive scans. I only have the option to run quick scans. But again, no sign of Softonic. I also think that I am now running two firewalls. Will that create problems?

Thank you. I really need help ASAP.

Sincerely,

Traveler818

#2
RKinner

Posted 25 June 2010 - 11:45 AM

Malware Expert

Expert
24,452 posts

Go ahead and return the CA stuff.

I've never heard of a virus that could change the operating system from Vista to XP. This should be interesting.

MBAM has been fixed and is working quit nicely.

Just run OTL (Step 5 in the guide) for now and copy and paste the log. It doesn't care what you have and it will tell us what it thinks is installed.

Ron

#3
traveler818

Posted 04 July 2010 - 06:19 AM

Member

Topic Starter
Member
140 posts

This program is as nasty as they get. I only said a small part of what it did in my post, as malware cleaning seems like a good idea. I just posted my reply to you and before I could add it, I got jumped to another page. I tried to minimize this page so I can get back to it, but Softonic won't let me. I don't dare tell you where I hid it. It did much more than I said in my post, but it's over my head, so here I am.

First, I tried to close all programs. Softonic apparently added one to the list that I couldn't get rid of until after it crashed IE 2 or 3 times. When Softonic became my browser again, the program disappeared. I wanted to send you a copy. I suspect if I try again, it may reappear. I now have my browser back but I always see Softonic load before my browser does, and it gets really nasty when I go near a site like this.

I tried to download the OTL log. I used every link. Each time, I got the same message: this program cannot be run from a temporary folder. But nowhere is there any other option. I'm used to being asked if I want to load a program to my desktop, but there is nothing I can change at all when I try to download the OTL program. What do I do now?

And thanks for being there. Those CA programs suck and were sold to me under false pretenses, so when I get my money back, I'll get malwarebytes. I had better post this before I get jumped again.

#4
traveler818

Posted 04 July 2010 - 06:27 AM

Member

Topic Starter
Member
140 posts

I had to add a new post. Just wanted to tell you that the program that appeared when I tried to close everything had the word redirect in it. The rest was quite long.

#5
RKinner

Posted 04 July 2010 - 08:17 AM

Malware Expert

Expert
24,452 posts

You need to SAVE OTL to your Desktop before you run it. Do not try to run it without Saving.

Ron

#6
traveler818

Posted 04 July 2010 - 11:37 AM

Member

Topic Starter
Member
140 posts

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

#7
traveler818

Posted 04 July 2010 - 12:32 PM

Member

Topic Starter
Member
140 posts

OTL logfile created on: 7/4/2010 11:25:17 AM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Metta\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 126.96 Gb Free Space | 85.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: METTA-PC
Current User Name: Metta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 09:19:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 18:10:31 | 001,721,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/06/09 18:10:30 | 001,103,184 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2010/06/09 18:10:30 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/06/09 18:10:30 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/13 16:39:10 | 002,407,224 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/20 14:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2009/09/09 16:31:34 | 000,090,296 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\CA\PCPitstopScheduleService.exe
PRC - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/07/04 09:19:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/09 18:10:30 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/06/09 18:10:30 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/20 14:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/09 16:31:34 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\CA\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2010/03/31 06:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/23 11:29:36 | 000,132,088 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/12/23 11:29:36 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/09/30 17:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/03/27 16:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/29 15:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/03 01:54:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/07/02 09:50:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/07/02 09:53:54 | 000,000,000 | ---D | M]

[2009/12/02 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\Mozilla\Extensions
[2010/06/04 10:03:35 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions
[2010/05/16 10:57:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 10:57:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/16 10:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2009/12/03 01:05:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/16 10:57:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/05 12:30:26 | 000,002,171 | ---- | M] () -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\searchplugins\bing.xml
[2009/12/21 22:09:59 | 000,002,139 | ---- | M] () -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\searchplugins\MyStart Search.xml
[2010/06/04 23:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/27 10:20:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/27 10:20:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcp...ls/pctuneup.cab (VersionControl Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (Ɋ�Ɋ㕏哯耀ÚɊ덨Ɋ䌠ɂ쁨Ƀ㕊哯蠀͞) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 09:19:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
[2010/07/02 09:47:49 | 000,072,192 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System32\ArcSoft Photo Book Screen Saver.scr
[2010/07/02 09:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/06/30 05:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/06/30 05:03:12 | 000,000,000 | ---D | C] -- C:\Users\Metta\Desktop\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/06/29 09:52:08 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Roaming\ArcSoft
[2010/06/29 09:51:43 | 000,000,000 | R--D | C] -- C:\Users\Metta\Downloads
[2010/06/28 20:08:35 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\ArcSoft
[2010/06/28 20:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010/06/28 20:06:32 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2010/06/28 20:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/06/28 20:04:32 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/28 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/28 14:45:36 | 000,000,000 | ---D | C] -- C:\662f7c83c4c9dad72e713e39c4daad
[2010/06/28 13:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 13:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/28 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/28 09:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/25 23:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010/06/25 22:42:06 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\OpenCandy
[2010/06/25 22:42:03 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Roaming\OpenCandy
[2010/06/25 22:42:02 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Roaming\CBS Interactive
[2010/06/25 05:21:59 | 000,000,000 | ---D | C] -- C:\cab545dbfd18c0866ba42b
[2010/06/20 19:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2010/06/20 07:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/18 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/14 14:14:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/06/14 14:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/06/14 14:09:24 | 001,202,560 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2010/06/14 14:09:24 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2010/06/14 14:09:24 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2010/06/14 14:09:24 | 000,012,800 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2010/06/10 21:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/10 17:19:01 | 000,000,000 | ---D | C] -- C:\iyogi
[2010/06/09 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/06/09 18:00:56 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2010/06/09 18:00:56 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2010/06/09 18:00:56 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2010/06/09 18:00:55 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2010/06/09 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/06/09 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2010/06/05 02:57:01 | 000,000,000 | ---D | C] -- C:\bc325da538dbb352c1fab5031d
[2010/06/04 22:33:37 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Adobe
[2010/05/27 18:18:08 | 000,000,000 | ---D | C] -- C:\Users\Metta\Documents\gmer[1]
[2010/05/27 10:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/26 17:41:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/26 17:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/26 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/26 03:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/05/26 03:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/05/25 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Apple Computer
[2010/05/25 23:30:24 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Apple
[2010/05/16 14:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/04 08:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/04/27 03:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Care2 Toolbar
[2010/04/25 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Microsoft Corporation
[2010/04/25 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/04/25 13:22:50 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\FixItCenter
[2010/04/25 12:22:39 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010/04/25 12:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/04/25 12:21:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/04/23 21:17:07 | 000,610,304 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_pdf.dll
[2010/04/23 21:17:07 | 000,552,960 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_rtf.dll
[2010/04/23 21:17:07 | 000,385,024 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_xml.dll
[2010/04/23 21:17:07 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx4ole14.ocx
[2010/04/23 21:17:07 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_obj.dll
[2010/04/23 21:17:07 | 000,253,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_png.flt
[2010/04/23 21:17:07 | 000,249,856 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_htm.dll
[2010/04/23 21:17:07 | 000,217,088 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_tls.dll
[2010/04/23 21:17:07 | 000,200,704 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_jpg.flt
[2010/04/23 21:17:07 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_ic.dll
[2010/04/23 21:17:07 | 000,073,728 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_tif.flt
[2010/04/23 21:17:07 | 000,065,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_wnd.dll
[2010/04/23 21:17:07 | 000,057,344 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_gif.flt
[2010/04/23 21:17:07 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_wmf.flt
[2010/04/23 21:17:06 | 001,056,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_dox.dll
[2010/04/23 21:17:06 | 000,765,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14.dll
[2010/04/23 21:17:06 | 000,667,648 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_doc.dll
[2010/04/23 21:17:06 | 000,331,776 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_css.dll
[2010/04/23 21:17:06 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_bmp.flt
[2010/04/23 21:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Abdio
[2010/04/08 18:15:21 | 000,000,000 | R--D | C] -- C:\Users\Metta\Desktop\Desktop\PRINT

========== Files - Modified Within 90 Days ==========

[2010/07/04 11:25:02 | 003,932,160 | -HS- | M] () -- C:\Users\Metta\NTUSER.DAT
[2010/07/04 11:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 11:01:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/04 11:01:30 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 11:01:30 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 11:01:20 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/04 11:01:20 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/07/04 11:01:20 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/07/04 11:00:49 | 000,524,288 | -HS- | M] () -- C:\Users\Metta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 11:00:49 | 000,065,536 | -HS- | M] () -- C:\Users\Metta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/04 11:00:44 | 003,681,499 | -H-- | M] () -- C:\Users\Metta\AppData\Local\IconCache.db
[2010/07/04 10:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000UA.job
[2010/07/04 09:19:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
[2010/07/04 09:01:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/03 18:35:12 | 000,001,954 | ---- | M] () -- C:\Windows\mozy.blk
[2010/07/03 18:35:12 | 000,001,680 | ---- | M] () -- C:\Windows\mozy.flt
[2010/07/03 12:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000Core.job
[2010/07/02 10:11:42 | 000,000,212 | ---- | M] () -- C:\Users\Public\Desktop\ArcSoft Products and Bonus Offers.url
[2010/07/02 10:09:43 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\PhotoStudio Darkroom 2.lnk
[2010/07/02 10:01:16 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
[2010/07/02 09:57:33 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2010/07/02 09:54:00 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Video Downloader.lnk
[2010/07/02 09:50:46 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\RAW Thumbnail Viewer.lnk
[2010/07/02 09:48:07 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Photo Book Screen Saver.lnk
[2010/07/02 09:23:52 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2010/07/02 09:14:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/02 09:13:25 | 000,004,791 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/07/02 09:13:25 | 000,000,209 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/07/02 09:12:39 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/01 17:04:23 | 000,002,048 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\Google Chrome.lnk
[2010/07/01 17:04:23 | 000,002,004 | ---- | M] () -- C:\Users\Metta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/01 17:03:58 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{140AEFF5-F0E5-46DF-851B-0DC2762CABA2}.job
[2010/06/30 05:34:49 | 000,054,552 | ---- | M] () -- C:\Users\Metta\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/30 05:34:10 | 000,253,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/30 05:09:52 | 000,001,011 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\OpenOffice.org 3.2.lnk
[2010/06/28 13:56:45 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/28 09:44:20 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/27 22:41:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/06/25 00:43:58 | 000,001,356 | ---- | M] () -- C:\Users\Metta\AppData\Local\d3d9caps.dat
[2010/06/20 19:32:35 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/06/14 21:03:00 | 000,105,020 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/14 21:03:00 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/14 21:03:00 | 000,013,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/13 10:34:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/13 10:34:31 | 000,001,854 | ---- | M] () -- C:\Users\Metta\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/09 18:11:01 | 000,001,773 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\CA PC Tune-Up.lnk
[2010/06/09 18:00:53 | 000,009,248 | ---- | M] () -- C:\Windows\System32\entitlement.xml
[2010/06/09 05:31:59 | 000,000,606 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\ERUNT - Shortcut.lnk
[2010/05/30 04:58:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/27 01:03:36 | 000,011,586 | ---- | M] () -- C:\Users\Metta\Documents\Untitled.skp Tom evil warning.skp
[2010/05/24 03:41:51 | 000,019,968 | ---- | M] () -- C:\Users\Metta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 12:48:45 | 036,895,907 | ---- | M] () -- C:\Users\Metta\Documents\hay.louise_audio_YCHYL-OnlineCourse_lesson06.mp3
[2010/05/23 12:41:49 | 003,140,215 | ---- | M] () -- C:\Users\Metta\Documents\hay.louise_print_ICDI_minicards.zip
[2010/05/23 09:34:48 | 090,181,657 | ---- | M] () -- C:\Users\Metta\Documents\hay.louise_audio_experience-your-good-now_all.mp3
[2010/05/23 09:21:15 | 010,722,184 | ---- | M] () -- C:\Users\Metta\Documents\brickman.jim_audio_YCYHL-soundtrack.zip
[2010/05/13 11:38:43 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 23:54:11 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp Viewer.lnk
[2010/04/25 16:03:11 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/04/25 12:22:40 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/04/25 12:19:16 | 003,080,192 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/04/25 12:19:16 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/04/25 12:19:16 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/04/25 12:19:10 | 003,080,192 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/04/25 12:19:10 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/04/25 12:19:09 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/04/23 08:18:55 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

========== Files Created - No Company Name ==========

[2010/07/02 10:11:42 | 000,000,212 | ---- | C] () -- C:\Users\Public\Desktop\ArcSoft Products and Bonus Offers.url
[2010/07/02 10:09:43 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\PhotoStudio Darkroom 2.lnk
[2010/07/02 10:01:16 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
[2010/07/02 09:57:33 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2010/07/02 09:54:00 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Video Downloader.lnk
[2010/07/02 09:50:46 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\RAW Thumbnail Viewer.lnk
[2010/07/02 09:48:07 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Photo Book Screen Saver.lnk
[2010/06/30 05:09:52 | 000,001,011 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\OpenOffice.org 3.2.lnk
[2010/06/28 20:06:24 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2010/06/28 13:56:45 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/28 09:44:20 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/20 19:32:35 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/06/18 16:42:03 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/18 16:42:03 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010/06/14 14:13:22 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2010/06/14 14:13:22 | 000,039,872 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010/06/14 14:13:22 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2010/06/09 18:15:01 | 000,004,791 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/06/09 18:15:01 | 000,000,209 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/06/09 18:11:01 | 000,001,773 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\CA PC Tune-Up.lnk
[2010/06/09 18:00:53 | 000,009,248 | ---- | C] () -- C:\Windows\System32\entitlement.xml
[2010/06/09 05:31:59 | 000,000,606 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\ERUNT - Shortcut.lnk
[2010/05/27 01:03:36 | 000,011,586 | ---- | C] () -- C:\Users\Metta\Documents\Untitled.skp Tom evil warning.skp
[2010/05/23 12:46:27 | 036,895,907 | ---- | C] () -- C:\Users\Metta\Documents\hay.louise_audio_YCHYL-OnlineCourse_lesson06.mp3
[2010/05/23 09:22:22 | 003,140,215 | ---- | C] () -- C:\Users\Metta\Documents\hay.louise_print_ICDI_minicards.zip
[2010/05/23 09:21:08 | 010,722,184 | ---- | C] () -- C:\Users\Metta\Documents\brickman.jim_audio_YCYHL-soundtrack.zip
[2010/05/21 15:35:51 | 090,181,657 | ---- | C] () -- C:\Users\Metta\Documents\hay.louise_audio_experience-your-good-now_all.mp3
[2010/05/13 16:39:14 | 000,001,954 | ---- | C] () -- C:\Windows\mozy.blk
[2010/05/13 16:39:14 | 000,001,680 | ---- | C] () -- C:\Windows\mozy.flt
[2010/05/13 11:38:43 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 08:26:31 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/25 15:00:03 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/04/25 12:22:40 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/04/25 12:19:10 | 003,080,192 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/04/25 12:19:10 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/04/25 12:19:10 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/04/25 12:18:46 | 003,080,192 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/04/25 12:18:46 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/04/25 12:18:46 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/04/25 09:01:22 | 000,002,048 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\Google Chrome.lnk
[2010/04/25 09:01:22 | 000,002,004 | ---- | C] () -- C:\Users\Metta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/04/23 21:17:07 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2010/04/23 08:02:52 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010/04/23 07:58:40 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp Viewer.lnk
[2010/04/09 16:42:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000UA.job
[2010/04/09 16:42:53 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000Core.job
[2010/02/07 19:43:07 | 000,000,185 | ---- | C] () -- C:\Windows\System32\msblcd32.dll
[2010/02/07 19:42:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/27 12:43:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/12 14:25:34 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.8.65951.477_XP_Vista_x32.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/06/28 06:00:12 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\CBS Interactive
[2010/01/11 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\enchant
[2010/01/11 21:54:46 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\GrassGames
[2009/04/27 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\IObit
[2010/06/28 06:22:19 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\OpenCandy
[2009/11/29 04:59:10 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\OpenOffice.org
[2009/04/24 21:52:17 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\PeerNetworking
[2010/01/23 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\Windows Live Writer
[2010/07/04 11:01:20 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2010/07/04 11:01:20 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010/07/02 09:13:12 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/27 22:41:01 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010/07/01 17:03:58 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{140AEFF5-F0E5-46DF-851B-0DC2762CABA2}.job

========== Purity Check ==========

========== Custom Scans ==========

< extras.txt >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6D38BF2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

#8
traveler818

Posted 04 July 2010 - 12:33 PM

Member

Topic Starter
Member
140 posts

OTL logfile created on: 7/4/2010 11:25:17 AM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Metta\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 126.96 Gb Free Space | 85.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: METTA-PC
Current User Name: Metta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 09:19:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 18:10:31 | 001,721,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/06/09 18:10:30 | 001,103,184 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2010/06/09 18:10:30 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/06/09 18:10:30 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/13 16:39:10 | 002,407,224 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/20 14:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2009/09/09 16:31:34 | 000,090,296 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\CA\PCPitstopScheduleService.exe
PRC - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/07/04 09:19:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/09 18:10:30 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/06/09 18:10:30 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/20 14:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/09 16:31:34 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\CA\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2010/03/31 06:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/23 11:29:36 | 000,132,088 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2009/12/23 11:29:36 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/09/30 17:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/03/27 16:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/29 15:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/03 01:54:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer[email protected]: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/07/02 09:50:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/07/02 09:53:54 | 000,000,000 | ---D | M]

[2009/12/02 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\Mozilla\Extensions
[2010/06/04 10:03:35 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions
[2010/05/16 10:57:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 10:57:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/16 10:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2009/12/03 01:05:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/16 10:57:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/05 12:30:26 | 000,002,171 | ---- | M] () -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\searchplugins\bing.xml
[2009/12/21 22:09:59 | 000,002,139 | ---- | M] () -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\searchplugins\MyStart Search.xml
[2010/06/04 23:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/27 10:20:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/27 10:20:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcp...ls/pctuneup.cab (VersionControl Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (Ɋ�Ɋ㕏哯耀ÚɊ덨Ɋ䌠ɂ쁨Ƀ㕊哯蠀͞) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 09:19:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
[2010/07/02 09:47:49 | 000,072,192 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System32\ArcSoft Photo Book Screen Saver.scr
[2010/07/02 09:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/06/30 05:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/06/30 05:03:12 | 000,000,000 | ---D | C] -- C:\Users\Metta\Desktop\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/06/29 09:52:08 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Roaming\ArcSoft
[2010/06/29 09:51:43 | 000,000,000 | R--D | C] -- C:\Users\Metta\Downloads
[2010/06/28 20:08:35 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\ArcSoft
[2010/06/28 20:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010/06/28 20:06:32 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2010/06/28 20:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/06/28 20:04:32 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/28 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/28 14:45:36 | 000,000,000 | ---D | C] -- C:\662f7c83c4c9dad72e713e39c4daad
[2010/06/28 13:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 13:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/28 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/28 09:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/25 23:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010/06/25 22:42:06 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\OpenCandy
[2010/06/25 22:42:03 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Roaming\OpenCandy
[2010/06/25 22:42:02 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Roaming\CBS Interactive
[2010/06/25 05:21:59 | 000,000,000 | ---D | C] -- C:\cab545dbfd18c0866ba42b
[2010/06/20 19:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2010/06/20 07:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/18 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/14 14:14:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/06/14 14:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/06/14 14:09:24 | 001,202,560 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2010/06/14 14:09:24 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2010/06/14 14:09:24 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2010/06/14 14:09:24 | 000,012,800 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2010/06/10 21:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/10 17:19:01 | 000,000,000 | ---D | C] -- C:\iyogi
[2010/06/09 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/06/09 18:00:56 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\System32\Isafprod.dll
[2010/06/09 18:00:56 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Isafeif.dll
[2010/06/09 18:00:56 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\Vetredir.dll
[2010/06/09 18:00:55 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2010/06/09 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/06/09 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2010/06/05 02:57:01 | 000,000,000 | ---D | C] -- C:\bc325da538dbb352c1fab5031d
[2010/06/04 22:33:37 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Adobe
[2010/05/27 18:18:08 | 000,000,000 | ---D | C] -- C:\Users\Metta\Documents\gmer[1]
[2010/05/27 10:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/26 17:41:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/26 17:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/26 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/26 03:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/05/26 03:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/05/25 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Apple Computer
[2010/05/25 23:30:24 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Apple
[2010/05/16 14:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/04 08:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/04/27 03:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Care2 Toolbar
[2010/04/25 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\Microsoft Corporation
[2010/04/25 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/04/25 13:22:50 | 000,000,000 | ---D | C] -- C:\Users\Metta\AppData\Local\FixItCenter
[2010/04/25 12:22:39 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010/04/25 12:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/04/25 12:21:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/04/23 21:17:07 | 000,610,304 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_pdf.dll
[2010/04/23 21:17:07 | 000,552,960 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_rtf.dll
[2010/04/23 21:17:07 | 000,385,024 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_xml.dll
[2010/04/23 21:17:07 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx4ole14.ocx
[2010/04/23 21:17:07 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_obj.dll
[2010/04/23 21:17:07 | 000,253,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_png.flt
[2010/04/23 21:17:07 | 000,249,856 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_htm.dll
[2010/04/23 21:17:07 | 000,217,088 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_tls.dll
[2010/04/23 21:17:07 | 000,200,704 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_jpg.flt
[2010/04/23 21:17:07 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_ic.dll
[2010/04/23 21:17:07 | 000,073,728 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_tif.flt
[2010/04/23 21:17:07 | 000,065,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_wnd.dll
[2010/04/23 21:17:07 | 000,057,344 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_gif.flt
[2010/04/23 21:17:07 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_wmf.flt
[2010/04/23 21:17:06 | 001,056,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_dox.dll
[2010/04/23 21:17:06 | 000,765,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14.dll
[2010/04/23 21:17:06 | 000,667,648 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_doc.dll
[2010/04/23 21:17:06 | 000,331,776 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_css.dll
[2010/04/23 21:17:06 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx14_bmp.flt
[2010/04/23 21:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Abdio
[2010/04/08 18:15:21 | 000,000,000 | R--D | C] -- C:\Users\Metta\Desktop\Desktop\PRINT

========== Files - Modified Within 90 Days ==========

[2010/07/04 11:25:02 | 003,932,160 | -HS- | M] () -- C:\Users\Metta\NTUSER.DAT
[2010/07/04 11:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 11:01:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/04 11:01:30 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 11:01:30 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 11:01:20 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/04 11:01:20 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/07/04 11:01:20 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/07/04 11:00:49 | 000,524,288 | -HS- | M] () -- C:\Users\Metta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 11:00:49 | 000,065,536 | -HS- | M] () -- C:\Users\Metta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/04 11:00:44 | 003,681,499 | -H-- | M] () -- C:\Users\Metta\AppData\Local\IconCache.db
[2010/07/04 10:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000UA.job
[2010/07/04 09:19:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Metta\Desktop\Desktop\OTL.exe
[2010/07/04 09:01:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/03 18:35:12 | 000,001,954 | ---- | M] () -- C:\Windows\mozy.blk
[2010/07/03 18:35:12 | 000,001,680 | ---- | M] () -- C:\Windows\mozy.flt
[2010/07/03 12:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000Core.job
[2010/07/02 10:11:42 | 000,000,212 | ---- | M] () -- C:\Users\Public\Desktop\ArcSoft Products and Bonus Offers.url
[2010/07/02 10:09:43 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\PhotoStudio Darkroom 2.lnk
[2010/07/02 10:01:16 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
[2010/07/02 09:57:33 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2010/07/02 09:54:00 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Video Downloader.lnk
[2010/07/02 09:50:46 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\RAW Thumbnail Viewer.lnk
[2010/07/02 09:48:07 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Photo Book Screen Saver.lnk
[2010/07/02 09:23:52 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2010/07/02 09:14:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/02 09:13:25 | 000,004,791 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/07/02 09:13:25 | 000,000,209 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/07/02 09:13:25 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/07/02 09:13:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/07/02 09:12:39 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/01 17:04:23 | 000,002,048 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\Google Chrome.lnk
[2010/07/01 17:04:23 | 000,002,004 | ---- | M] () -- C:\Users\Metta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/01 17:03:58 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{140AEFF5-F0E5-46DF-851B-0DC2762CABA2}.job
[2010/06/30 05:34:49 | 000,054,552 | ---- | M] () -- C:\Users\Metta\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/30 05:34:10 | 000,253,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/30 05:09:52 | 000,001,011 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\OpenOffice.org 3.2.lnk
[2010/06/28 13:56:45 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/28 09:44:20 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/27 22:41:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/06/25 00:43:58 | 000,001,356 | ---- | M] () -- C:\Users\Metta\AppData\Local\d3d9caps.dat
[2010/06/20 19:32:35 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/06/14 21:03:00 | 000,105,020 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/14 21:03:00 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/14 21:03:00 | 000,013,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/13 10:34:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/13 10:34:31 | 000,001,854 | ---- | M] () -- C:\Users\Metta\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/09 18:11:01 | 000,001,773 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\CA PC Tune-Up.lnk
[2010/06/09 18:00:53 | 000,009,248 | ---- | M] () -- C:\Windows\System32\entitlement.xml
[2010/06/09 05:31:59 | 000,000,606 | ---- | M] () -- C:\Users\Metta\Desktop\Desktop\ERUNT - Shortcut.lnk
[2010/05/30 04:58:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/27 01:03:36 | 000,011,586 | ---- | M] () -- C:\Users\Metta\Documents\Untitled.skp Tom evil warning.skp
[2010/05/24 03:41:51 | 000,019,968 | ---- | M] () -- C:\Users\Metta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 12:48:45 | 036,895,907 | ---- | M] () -- C:\Users\Metta\Documents\hay.louise_audio_YCHYL-OnlineCourse_lesson06.mp3
[2010/05/23 12:41:49 | 003,140,215 | ---- | M] () -- C:\Users\Metta\Documents\hay.louise_print_ICDI_minicards.zip
[2010/05/23 09:34:48 | 090,181,657 | ---- | M] () -- C:\Users\Metta\Documents\hay.louise_audio_experience-your-good-now_all.mp3
[2010/05/23 09:21:15 | 010,722,184 | ---- | M] () -- C:\Users\Metta\Documents\brickman.jim_audio_YCYHL-soundtrack.zip
[2010/05/13 11:38:43 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/09 23:54:11 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp Viewer.lnk
[2010/04/25 16:03:11 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/04/25 12:22:40 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/04/25 12:19:16 | 003,080,192 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/04/25 12:19:16 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/04/25 12:19:16 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/04/25 12:19:10 | 003,080,192 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/04/25 12:19:10 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/04/25 12:19:09 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/04/23 08:18:55 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

========== Files Created - No Company Name ==========

[2010/07/02 10:11:42 | 000,000,212 | ---- | C] () -- C:\Users\Public\Desktop\ArcSoft Products and Bonus Offers.url
[2010/07/02 10:09:43 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\PhotoStudio Darkroom 2.lnk
[2010/07/02 10:01:16 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
[2010/07/02 09:57:33 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 4.lnk
[2010/07/02 09:54:00 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Video Downloader.lnk
[2010/07/02 09:50:46 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\RAW Thumbnail Viewer.lnk
[2010/07/02 09:48:07 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Photo Book Screen Saver.lnk
[2010/06/30 05:09:52 | 000,001,011 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\OpenOffice.org 3.2.lnk
[2010/06/28 20:06:24 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2010/06/28 13:56:45 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/28 09:44:20 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/20 19:32:35 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/06/18 16:42:03 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/18 16:42:03 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010/06/14 14:13:22 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2010/06/14 14:13:22 | 000,039,872 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010/06/14 14:13:22 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2010/06/09 18:15:01 | 000,004,791 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2010/06/09 18:15:01 | 000,000,209 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2010/06/09 18:15:01 | 000,000,081 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2010/06/09 18:15:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2010/06/09 18:11:01 | 000,001,773 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\CA PC Tune-Up.lnk
[2010/06/09 18:00:53 | 000,009,248 | ---- | C] () -- C:\Windows\System32\entitlement.xml
[2010/06/09 05:31:59 | 000,000,606 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\ERUNT - Shortcut.lnk
[2010/05/27 01:03:36 | 000,011,586 | ---- | C] () -- C:\Users\Metta\Documents\Untitled.skp Tom evil warning.skp
[2010/05/23 12:46:27 | 036,895,907 | ---- | C] () -- C:\Users\Metta\Documents\hay.louise_audio_YCHYL-OnlineCourse_lesson06.mp3
[2010/05/23 09:22:22 | 003,140,215 | ---- | C] () -- C:\Users\Metta\Documents\hay.louise_print_ICDI_minicards.zip
[2010/05/23 09:21:08 | 010,722,184 | ---- | C] () -- C:\Users\Metta\Documents\brickman.jim_audio_YCYHL-soundtrack.zip
[2010/05/21 15:35:51 | 090,181,657 | ---- | C] () -- C:\Users\Metta\Documents\hay.louise_audio_experience-your-good-now_all.mp3
[2010/05/13 16:39:14 | 000,001,954 | ---- | C] () -- C:\Windows\mozy.blk
[2010/05/13 16:39:14 | 000,001,680 | ---- | C] () -- C:\Windows\mozy.flt
[2010/05/13 11:38:43 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 08:26:31 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/25 15:00:03 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/04/25 12:22:40 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2010/04/25 12:19:10 | 003,080,192 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/04/25 12:19:10 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/04/25 12:19:10 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/04/25 12:18:46 | 003,080,192 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/04/25 12:18:46 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/04/25 12:18:46 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/04/25 09:01:22 | 000,002,048 | ---- | C] () -- C:\Users\Metta\Desktop\Desktop\Google Chrome.lnk
[2010/04/25 09:01:22 | 000,002,004 | ---- | C] () -- C:\Users\Metta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/04/23 21:17:07 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2010/04/23 08:02:52 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010/04/23 07:58:40 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp Viewer.lnk
[2010/04/09 16:42:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000UA.job
[2010/04/09 16:42:53 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832130236-225903299-3338771015-1000Core.job
[2010/02/07 19:43:07 | 000,000,185 | ---- | C] () -- C:\Windows\System32\msblcd32.dll
[2010/02/07 19:42:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/27 12:43:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/12 14:25:34 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.8.65951.477_XP_Vista_x32.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/06/28 06:00:12 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\CBS Interactive
[2010/01/11 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\enchant
[2010/01/11 21:54:46 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\GrassGames
[2009/04/27 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\IObit
[2010/06/28 06:22:19 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\OpenCandy
[2009/11/29 04:59:10 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\OpenOffice.org
[2009/04/24 21:52:17 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\PeerNetworking
[2010/01/23 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\Metta\AppData\Roaming\Windows Live Writer
[2010/07/04 11:01:20 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2010/07/04 11:01:20 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010/07/02 09:13:12 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/27 22:41:01 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010/07/01 17:03:58 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{140AEFF5-F0E5-46DF-851B-0DC2762CABA2}.job

========== Purity Check ==========

========== Custom Scans ==========

< extras.txt >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6D38BF2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

#9
traveler818

Posted 04 July 2010 - 01:10 PM

Member

Topic Starter
Member
140 posts

Hi Ron,

I sincerely hope these are the files you wanted. I didn't get two windows after I ran OTL. I ran it several times and followed your instructions to the letter, but never got the two windows. I honestly (having now been at this for 3-4 hours), don't know how I found the second one or if it's the right one. My system crashed 3 times during this process. Usually I can use ctl>alt>del, then click cancel, but this time had to long out. That's a lot more crashes than normal now.

I also got a message saying too many 16-bit programs were running. It disappeared before I could read the second line. Then I got here and was told something about flood control. I REALLY hope I got this right.

During the process, I learned that when seaching in the control panel or through my list of programs (not the one in the control panel) that Softonic is now in charge of all searches. (I recognize the icon).

If I got this wrong, please help. I did the best I could. And thanks again for your help.

Sincerely,

Traveler818

PS Am I the only one who doesn't get to see what I have typed until I've typed at least a half a line, or is that Softonic too? And BTW, I know there are a lot of programs in my registry that I didn't download, or that left remnants. Bitdefender for example. All I did was click on their website and now they're in the registry. Also since Softonic took over, I have far too many programs running at start-up, so many that at one point I couldn't log in. It seems that Softonic came in when I tried a couple of MacaFee programs. They didn't uninstall either.

Normally I preview my posts and try to shorten them, but the last time I tried that, it disappared. So please forgive me if this is too long.

#10
RKinner

Posted 04 July 2010 - 02:23 PM

Malware Expert

Expert
24,452 posts

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2405280&SearchSource=13"
2009/12/21 22:09:59 | 000,002,139 | ---- | M] () -- C:\Users\Metta\AppData\Roaming\Mozilla\Firefox\Profiles\2gnt0730.default\searchplugins\MyStart Search.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab (Reg Error: Key error.)O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (Ɋ�Ɋ㕏哯耀ÚɊ덨Ɋ䌠ɂ쁨Ƀ㕊哯蠀͞) - File not found

:Files

	  
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save this log and copy and paste it into a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

#11
traveler818

Posted 04 July 2010 - 11:11 PM

Member

Topic Starter
Member
140 posts

I added a reply but I think I forgot to post it got. I know you are really busy. I just want to be really sure I do this right.

1) Since I sometmes accdentally access my neighbor's network, should i remove my wifi battery?

2) I just intalled software for a digital camera. One of the programs on the taskbar is ArcSoft Connect. Is it safe to leave there?

3) Since CA came with no instructions, the only way I know of to disable those programs is to delete them. When the process is done, I can install freeware and buy the full version of Malwarebytes when i get my refund for ca. Does that sound reasonable, and would the paid version of malwarebytes have prevented this?

I haven't even told you half of what Softonic did. It seems to have entered along with McAfee. That's when the trouble started.

Edited by traveler818, 04 July 2010 - 11:20 PM.

#12
RKinner

Posted 05 July 2010 - 07:10 PM

Malware Expert

Expert
24,452 posts

Can you repost your logs then? Combofix is located at C:\combofix.txt TDSSKiller at C:\TDSSKiller.txt

1) Since I sometmes accdentally access my neighbor's network, should i remove my wifi battery?

No idea what battery you are talking about but if you setup your wireless correctly with a non default name and use encryption that won't happen. Remember if you can see and use your neighbor's WIFI he can see and use yours.

2) I just intalled software for a digital camera. One of the programs on the taskbar is ArcSoft Connect. Is it safe to leave there?

Yes.

3) Since CA came with no instructions, the only way I know of to disable those programs is to delete them. When the process is done, I can install freeware and buy the full version of Malwarebytes when i get my refund for ca. Does that sound reasonable, and would the paid version of malwarebytes have prevented this?

Start, (settings,) Control Panel, Classic View, Programs, then find and select the CA software and Uninstall.

IF there is no entry then go to Start, Programs, CA and see if there is an uninstall option there.

I'm not sure I know enough about the paid version of MBAM to tell you. I use the free Avast anti-virus myself.
http://www.avast.com...avast-home.html

Ron

#13
traveler818

Posted 28 July 2010 - 03:58 PM

Member

Topic Starter
Member
140 posts

Hi Ron,

It looks like it will be a couple of weeks more before I can do much. If that changes, I'll follow your most recent instructions. CA is going back. I used Avast (I like it), but that is the one that was destroyed. I won't be online except to check on aging relatives and reload protection: antivirus/spyware. Should I use Avast again? Before, I also used SuperAntiSpyware, and the one that goes with it. (Spybusters?/SpywareBlasters?) I'll use malwarebytes too.

I have two new hints. Softonic may be connected either with Bing, or with Burnaware. I can find neither in my control panel.

Meanwhile, injuries not healing: and government wants my next 2-3 weeks. I will let you know when I can get going on this. Currently Bing is my default search engine. I started using Google or Google Chrome when I saw the connection (don't recall where). I won't be online for more than quick checks, but would be more comfortable if I could change my default browser (get it off my system?). How do I do that? Google is fine with me (not crazy about Google Chrome).

Thanks for the patience: injuries were pretty bad and the government wants a LOT. Will respond to your questions when I get free. All of this was unexpected.

#14
traveler818

Posted 15 November 2012 - 01:52 PM

Member

Topic Starter
Member
140 posts

I was just going over an old post. It is not my way to disappear, so that may be when my hard disk crashed. A warning screen said something like your hard drive is about to crash, back up your data and shut the computer down now. It was to be several months before I could replace the computer, as Gateway refused to sell me a hard drive. I had to buy a whole system, and Gateway isn't something i ever want to see again. So subject closed. I had no transportation or strength to get to the library (I also couldn't get to the grocery store). So a much overdue thank you. I was extremely ill/still am.