Removed AV Security Suite but still having problems [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Removed AV Security Suite but still having problems [Closed]

#16 chickadoo

Group: Member
Posts: 13
Joined: 26-June 10

Posted 04 July 2010 - 06:16 AM

I uninstalled Trend and installed Avast. Ran another scan on OTL...Here it is:

OTL logfile created on: 7/4/2010 5:22:23 AM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Candace B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.32 Gb Free Space | 33.08% Space Free | Partition Type: NTFS
Drive D: | 12.45 Gb Total Space | 12.38 Gb Free Space | 99.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHICKADOO
Current User Name: Candace B
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/30 14:40:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/16 17:31:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/06/04 19:18:54 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1159540192\ee\aolsoftware.exe
PRC - [2006/04/06 15:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005/11/28 17:42:42 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/11/28 17:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/28 17:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/11/28 17:25:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/09/30 10:51:24 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/10 10:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2005/05/03 23:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 16:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/12/13 16:30:00 | 000,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/06/18 22:04:06 | 000,913,408 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/06/30 14:40:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/04/06 15:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 19:16:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$CSSQL05) SQL Server (CSSQL05)
SRV - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/08 18:21:02 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/07 17:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/11/28 17:38:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/28 17:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/28 17:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/13 16:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/13 16:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/08 18:21:02 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/08 18:17:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/05/23 08:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/07 17:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 17:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561) ICatch (VI)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{98F140FD-0475-444F-94E8-5EBEFF847159}: C:\Documents and Settings\Billy\Local Settings\Application Data\{98F140FD-0475-444F-94E8-5EBEFF847159} [2010/06/26 03:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0EA7D4C1-5772-40BA-98B4-AF00B9E954EC}: C:\Documents and Settings\Candace B\Local Settings\Application Data\{0EA7D4C1-5772-40BA-98B4-AF00B9E954EC} [2010/06/26 08:01:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 00:15:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 00:15:18 | 000,000,000 | ---D | M]

[2009/10/07 12:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Extensions
[2009/10/07 12:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/04 04:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Firefox\Profiles\xmgw2k86.default\extensions
[2009/09/20 11:18:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Firefox\Profiles\xmgw2k86.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/21 16:14:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Firefox\Profiles\xmgw2k86.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/02 13:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/25 17:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/03/12 05:01:33 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/03/12 05:01:34 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/03/12 05:01:36 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/03/12 05:01:38 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/03/12 05:01:40 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/04/10 08:58:25 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/07/01 20:47:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [gtjgmsbr] C:\Documents and Settings\NetworkService\Local Settings\Application Data\auxuueise\pnijerrtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [gtjgmsbr] C:\Documents and Settings\NetworkService\Local Settings\Application Data\auxuueise\pnijerrtssd.exe File not found
O4 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Billy\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1953012019-3216986603-2356806964-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/downloads/gamemanager...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Candace B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Candace B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/04 04:56:12 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/04 04:56:11 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/04 04:56:03 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/04 04:55:55 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/04 04:55:44 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/04 04:55:44 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/04 04:55:42 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/04 04:55:18 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/04 04:55:18 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/04 04:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/04 04:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/04 04:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/07/01 23:49:16 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/01 14:52:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 00:54:10 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(3).exe
[2010/07/01 00:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Local Settings\Application Data\Opera
[2010/07/01 00:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Application Data\Opera
[2010/07/01 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/01 00:17:17 | 010,398,392 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Candace B\Desktop\Opera_1054_en_Setup.exe
[2010/07/01 00:14:42 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(2).exe
[2010/07/01 00:14:05 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/07/01 00:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/06/30 14:42:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
[2010/06/30 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/30 01:05:33 | 032,532,792 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Candace B\Desktop\SafariSetup.exe
[2010/06/30 00:51:00 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(4).exe
[2010/06/29 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/29 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/27 12:01:57 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter.exe
[2010/06/26 12:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Application Data\Malwarebytes
[2010/06/26 12:32:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/26 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/26 12:32:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/26 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/26 12:19:59 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Candace B\Desktop\mbam-setup.exe
[2010/06/26 11:59:19 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\TFC.exe
[2010/06/26 09:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/26 09:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/26 08:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Local Settings\Application Data\{0EA7D4C1-5772-40BA-98B4-AF00B9E954EC}
[2010/06/26 03:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/26 03:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[26 C:\Documents and Settings\Candace B\My Documents\*.tmp files -> C:\Documents and Settings\Candace B\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/04 04:56:14 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/04 04:55:47 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/04 04:53:57 | 053,785,488 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\setup_av_free.exe
[2010/07/04 04:47:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 04:47:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 04:47:29 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 04:46:39 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Candace B\NTUSER.DAT
[2010/07/04 04:46:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Candace B\ntuser.ini
[2010/07/04 04:44:33 | 003,847,400 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\32bit(3).exe
[2010/07/04 04:38:40 | 003,847,400 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\32bit(2).exe
[2010/07/04 04:35:55 | 003,847,400 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\32bit.exe
[2010/07/04 04:05:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 20:47:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/01 12:39:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 00:54:08 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(3).exe
[2010/07/01 00:18:47 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Candace B\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 00:18:46 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/01 00:17:35 | 010,398,392 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Candace B\Desktop\Opera_1054_en_Setup.exe
[2010/07/01 00:14:40 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(2).exe
[2010/07/01 00:14:05 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/06/30 14:40:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
[2010/06/30 01:09:09 | 000,095,872 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 01:05:42 | 032,532,792 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Candace B\Desktop\SafariSetup.exe
[2010/06/30 00:50:56 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(4).exe
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/27 12:01:54 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter.exe
[2010/06/26 12:32:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 12:19:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Candace B\Desktop\mbam-setup.exe
[2010/06/26 11:59:13 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\TFC.exe
[2010/06/23 20:13:03 | 000,599,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 20:13:03 | 000,509,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 20:13:03 | 000,098,384 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 18:50:17 | 000,446,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 13:38:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[26 C:\Documents and Settings\Candace B\My Documents\*.tmp files -> C:\Documents and Settings\Candace B\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/04 04:56:14 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/04 04:53:31 | 053,785,488 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\setup_av_free.exe
[2010/07/04 04:44:37 | 003,847,400 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\32bit(3).exe
[2010/07/04 04:38:53 | 003,847,400 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\32bit(2).exe
[2010/07/04 04:35:31 | 003,847,400 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\32bit.exe
[2010/07/01 00:18:46 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Candace B\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 00:18:46 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/30 01:09:09 | 000,095,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/29 23:19:49 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\gmer.exe
[2010/06/26 12:32:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/05/18 00:36:52 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2008/05/18 00:36:51 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2008/05/18 00:34:51 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2008/05/18 00:34:50 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2008/05/18 00:34:50 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008/05/18 00:34:50 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2008/05/18 00:34:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/04/21 17:19:11 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/04/21 17:19:11 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/04/15 10:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2008/03/23 18:04:33 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/03/23 18:04:33 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/07/28 01:00:07 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/07/28 01:00:07 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/07/28 00:59:41 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/07/28 00:59:11 | 000,000,574 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/31 10:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/29 10:27:55 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/26 21:52:42 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/09/18 01:39:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/13 22:24:12 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/13 22:24:12 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\019382FA16.sys
[2006/09/08 18:39:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 18:31:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 18:21:15 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/08 18:18:18 | 000,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/08 17:44:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/08 17:44:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/08 17:44:11 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/08 17:42:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/01 16:05:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/10 15:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 15:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/11/10 15:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 15:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/09/01 09:18:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2005/09/01 09:18:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2005/09/01 09:18:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2005/09/01 09:17:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2005/09/01 09:17:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2005/09/01 09:17:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2005/09/01 09:17:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2005/09/01 09:15:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/08/16 05:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 17:37:04 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2005/07/12 17:36:12 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2005/07/12 17:34:22 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2005/07/12 17:34:06 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2005/07/12 17:33:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2005/07/12 17:32:40 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2005/07/12 17:32:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2005/07/12 17:29:46 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2005/07/12 17:28:22 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll.iprint
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/09/13 19:19:34 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/08 17:50:42 | 000,006,696 | RH-- | M] () -- C:\dell.sdr
[2010/07/04 04:08:33 | 000,051,066 | ---- | M] () -- C:\dlcj.log
[2010/04/10 15:34:23 | 000,000,409 | ---- | M] () -- C:\dlcjpswx.log
[2010/07/02 18:23:23 | 000,794,293 | ---- | M] () -- C:\dlcjscan.log
[2010/07/04 04:47:29 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/21 10:27:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/09/06 08:52:14 | 000,003,835 | -H-- | M] () -- C:\IPH.PH
[2009/03/20 19:26:17 | 000,006,935 | ---- | M] () -- C:\logfile
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/26 19:26:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/04 04:47:27 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2006/09/26 21:56:51 | 000,000,172 | ---- | M] () -- C:\setupfax.log
[2008/03/23 21:03:51 | 058,102,272 | ---- | M] () -- C:\Snap.avi
[2008/03/23 21:05:25 | 000,304,182 | ---- | M] () -- C:\Snap.bmp
[2006/09/08 18:18:15 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2007/11/06 13:33:59 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/08/05 01:35:02 | 000,115,200 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcjPP5C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/01/16 20:37:14 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxPrint2000.dll
[2004/03/22 16:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 00:14:56

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Tax Returns:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Lawyer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\gardening:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\GAMESS Interface:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\DOG Food Recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Chemistry Classes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\CHARTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\AIMLogger:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Activities For My Kids:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\Desktop\photo%7BC06FF903-6AB8-410C-BB91-82CCEA03A93F%7D_3[1].jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\Desktop\cable modem:Roxio EMC Stream
< End of report >

Attached File(s)

OTL.Txt (117.35K)
Number of downloads: 19
Extras.Txt (50.29K)
Number of downloads: 14

#17 chickadoo

Group: Member
Posts: 13
Joined: 26-June 10

Posted 04 July 2010 - 06:18 AM

For some reason I can't paste the logs here so I uploaded them as attachments. Is that ok? Also, it looked like the extras log was ran on 6/30. Is that a current log. If not maybe I did something wrong. Thanks!

#18 Essexboy

Group: GeekU Moderator
Posts: 55,490
Joined: 31-May 06

Posted 04 July 2010 - 06:31 AM

Ok we are making good progress

On completion of this run can you let me know what problems remain

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [gtjgmsbr] C:\Documents and Settings\NetworkService\Local Settings\Application Data\auxuueise\pnijerrtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [gtjgmsbr] C:\Documents and Settings\NetworkService\Local Settings\Application Data\auxuueise\pnijerrtssd.exe File not found

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#19 chickadoo

Group: Member
Posts: 13
Joined: 26-June 10

Posted 05 July 2010 - 10:47 PM

I feel so stupid. I kept replying and every time I checked back I didn't see my post so I thought it was due to the virus. Then I happened to see that there were two pages and I realized that all my "missing" posts were on the second stage. Sorry about that!

I am going to post the log for the last OTL scan. I installed Combofix but it gave me a warning that it had detected an active real time scanner from my AV trend pc cillin. I used the link you gave me to remove trend and I looked in add/remove programs for it but I don't see it. So not sure what to do from here. Thanks so much!!

OTL logfile created on: 7/6/2010 11:04:57 AM - Run 6
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Candace B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 499.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.31 Gb Free Space | 33.05% Space Free | Partition Type: NTFS
Drive D: | 12.45 Gb Total Space | 12.36 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHICKADOO
Current User Name: Candace B
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/30 14:40:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/16 17:31:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/19 04:52:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/12 05:01:02 | 007,633,008 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/06/04 19:18:54 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1159540192\ee\aolsoftware.exe
PRC - [2006/04/06 15:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005/11/28 17:42:42 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/11/28 17:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/28 17:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/11/28 17:25:30 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/09/30 10:51:24 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/10 10:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2005/05/03 23:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 16:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/12/13 16:30:00 | 000,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/06/18 22:04:06 | 000,913,408 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (SafeList) ==========

MOD - [2010/06/30 14:40:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 19:16:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$CSSQL05) SQL Server (CSSQL05)
SRV - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/08 18:21:02 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/07 17:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/11/28 17:38:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/28 17:37:40 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/28 17:35:16 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/13 16:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/13 16:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/08 18:21:02 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/09/08 18:17:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/05/23 08:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/07 17:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 17:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561) ICatch (VI)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{98F140FD-0475-444F-94E8-5EBEFF847159}: C:\Documents and Settings\Billy\Local Settings\Application Data\{98F140FD-0475-444F-94E8-5EBEFF847159} [2010/06/26 03:21:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0EA7D4C1-5772-40BA-98B4-AF00B9E954EC}: C:\Documents and Settings\Candace B\Local Settings\Application Data\{0EA7D4C1-5772-40BA-98B4-AF00B9E954EC} [2010/06/26 08:01:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 00:15:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 00:15:18 | 000,000,000 | ---D | M]

[2009/10/07 12:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Extensions
[2009/10/07 12:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/06 00:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Firefox\Profiles\xmgw2k86.default\extensions
[2009/09/20 11:18:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Firefox\Profiles\xmgw2k86.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/21 16:14:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Candace B\Application Data\Mozilla\Firefox\Profiles\xmgw2k86.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/06 00:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/25 17:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/03/12 05:01:33 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/03/12 05:01:34 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/03/12 05:01:36 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/03/12 05:01:38 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/03/12 05:01:40 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/04/10 08:58:25 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/07/06 10:49:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PnIEBrowserHelperObj Class) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Candace B\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/downloads/gamemanager...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Candace B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Candace B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 04:56:12 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/04 04:56:11 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/04 04:56:03 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/04 04:55:55 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/04 04:55:44 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/04 04:55:44 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/04 04:55:42 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/04 04:55:18 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/04 04:55:18 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/04 04:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/04 04:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/04 04:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/07/01 23:49:16 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/01 14:52:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 00:54:10 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(3).exe
[2010/07/01 00:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Local Settings\Application Data\Opera
[2010/07/01 00:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Application Data\Opera
[2010/07/01 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/01 00:17:17 | 010,398,392 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Candace B\Desktop\Opera_1054_en_Setup.exe
[2010/07/01 00:14:42 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(2).exe
[2010/07/01 00:14:05 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/07/01 00:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/06/30 14:42:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
[2010/06/30 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/30 00:51:00 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(4).exe
[2010/06/29 09:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/29 09:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/27 12:01:57 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter.exe
[2010/06/26 12:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Application Data\Malwarebytes
[2010/06/26 12:32:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/26 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/26 12:32:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/26 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/26 12:19:59 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Candace B\Desktop\mbam-setup.exe
[2010/06/26 11:59:19 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\TFC.exe
[2010/06/26 09:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/26 09:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/26 08:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Local Settings\Application Data\{0EA7D4C1-5772-40BA-98B4-AF00B9E954EC}
[2010/06/26 03:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/26 03:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/10 08:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Candace B\Application Data\E-centives
[26 C:\Documents and Settings\Candace B\My Documents\*.tmp files -> C:\Documents and Settings\Candace B\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/06 10:52:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 10:51:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 10:51:46 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/06 10:50:56 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Candace B\NTUSER.DAT
[2010/07/06 10:50:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Candace B\ntuser.ini
[2010/07/06 10:49:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/06 00:32:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 04:56:14 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/04 04:55:47 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/04 04:53:57 | 053,785,488 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\setup_av_free.exe
[2010/07/04 04:44:33 | 003,847,400 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\32bit(3).exe
[2010/07/04 04:38:40 | 003,847,400 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\32bit(2).exe
[2010/07/04 04:35:55 | 003,847,400 | ---- | M] () -- C:\Documents and Settings\Candace B\Desktop\32bit.exe
[2010/07/01 12:39:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 00:54:08 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(3).exe
[2010/07/01 00:18:47 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Candace B\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 00:18:46 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/01 00:17:35 | 010,398,392 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Candace B\Desktop\Opera_1054_en_Setup.exe
[2010/07/01 00:14:40 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(2).exe
[2010/07/01 00:14:05 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/06/30 14:40:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\OTL.exe
[2010/06/30 01:09:09 | 000,095,872 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 00:50:56 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter(4).exe
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/27 12:01:54 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Candace B\Desktop\CouponPrinter.exe
[2010/06/26 12:32:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 12:19:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Candace B\Desktop\mbam-setup.exe
[2010/06/26 11:59:13 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Candace B\Desktop\TFC.exe
[2010/06/23 20:13:03 | 000,599,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 20:13:03 | 000,509,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 20:13:03 | 000,098,384 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 18:50:17 | 000,446,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 13:38:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/24 15:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/18 19:45:48 | 000,003,766 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/18 19:45:44 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\019382FA16.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 06:24:32 | 000,013,230 | ---- | M] () -- C:\Documents and Settings\Candace B\Application Data\wklnhst.dat
[2010/04/08 06:24:31 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Candace B\My Documents\terrific kid.wps
[26 C:\Documents and Settings\Candace B\My Documents\*.tmp files -> C:\Documents and Settings\Candace B\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/04 04:56:14 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/04 04:53:31 | 053,785,488 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\setup_av_free.exe
[2010/07/04 04:44:37 | 003,847,400 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\32bit(3).exe
[2010/07/04 04:38:53 | 003,847,400 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\32bit(2).exe
[2010/07/04 04:35:31 | 003,847,400 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\32bit.exe
[2010/07/01 00:18:46 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Candace B\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/01 00:18:46 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/06/30 01:09:09 | 000,095,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/29 23:19:49 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Candace B\Desktop\gmer.exe
[2010/06/26 12:32:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 06:24:28 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Candace B\My Documents\terrific kid.wps
[2008/05/18 00:36:52 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2008/05/18 00:36:51 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2008/05/18 00:34:51 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2008/05/18 00:34:50 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2008/05/18 00:34:50 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2008/05/18 00:34:50 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2008/05/18 00:34:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/04/21 17:19:11 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/04/21 17:19:11 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/04/15 10:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
[2008/03/23 18:04:33 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/03/23 18:04:33 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/07/28 01:00:07 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/07/28 01:00:07 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/07/28 00:59:41 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/07/28 00:59:11 | 000,000,574 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/31 10:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/29 10:27:55 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/26 21:52:42 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/09/18 01:39:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/13 22:24:12 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/13 22:24:12 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\019382FA16.sys
[2006/09/08 18:39:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 18:31:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 18:21:15 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/08 18:18:18 | 000,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/08 17:44:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/08 17:44:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/08 17:44:11 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/08 17:42:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/01 16:05:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/10 15:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 15:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/11/10 15:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/10 15:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/09/01 09:18:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2005/09/01 09:18:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2005/09/01 09:18:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2005/09/01 09:17:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2005/09/01 09:17:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2005/09/01 09:17:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2005/09/01 09:17:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2005/09/01 09:15:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2005/08/16 05:18:33 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 17:37:04 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2005/07/12 17:36:12 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2005/07/12 17:34:22 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2005/07/12 17:34:06 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2005/07/12 17:33:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2005/07/12 17:32:40 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2005/07/12 17:32:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2005/07/12 17:29:46 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2005/07/12 17:28:22 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll.iprint
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2008/12/03 10:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/07/04 04:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/09/26 21:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/04/21 17:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/10/03 15:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2006/12/31 15:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/09/27 14:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/09/20 15:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/09/04 13:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/09/06 08:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/09 23:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/03/17 09:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\acccore
[2010/07/06 11:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\DNA
[2010/04/10 08:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\E-centives
[2008/01/30 10:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Earthlink
[2008/01/22 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\EarthLink Toolbar
[2006/11/15 12:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Leadertech
[2010/07/06 10:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\LimeWire
[2010/07/01 00:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Opera
[2006/12/31 15:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Otto
[2010/04/10 17:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\PlayFirst
[2008/05/16 23:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Printer Info Cache
[2009/02/26 22:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Snapfish
[2006/09/14 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Template
[2007/01/22 14:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Viewpoint
[2008/05/16 23:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\Wal-Mart Digital Photo Viewer
[2009/08/09 23:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Candace B\Application Data\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Tax Returns:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Lawyer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\gardening:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\GAMESS Interface:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\DOG Food Recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Chemistry Classes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\CHARTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\AIMLogger:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\My Documents\Activities For My Kids:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\Desktop\photo%7BC06FF903-6AB8-410C-BB91-82CCEA03A93F%7D_3[1].jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Candace B\Desktop\cable modem:Roxio EMC Stream
< End of report >

Attached File(s)

OTL.Txt (105.56K)
Number of downloads: 16

#20 Essexboy

Group: GeekU Moderator
Posts: 55,490
Joined: 31-May 06

Posted 06 July 2010 - 12:29 PM

Actually that does not look to bad now

What problems are you experiencing ?

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#21 chickadoo

Group: Member
Posts: 13
Joined: 26-June 10

Posted 07 July 2010 - 04:22 AM

Ran another MBAM scan, and will post report. I am still having problems. When I do a web search and click on a site, many times it redirects me to another site. Also, a new tab keeps opening up automatically but it is a blank page. I did not run Combofix because it said that my old AV was still running even though I uninstalled it. Do you want me to still run it?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4244

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/7/2010 6:14:57 AM
mbam-log-2010-07-07 (06-14-57).txt

Scan type: Quick scan
Objects scanned: 152279
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#22 Essexboy

Group: GeekU Moderator
Posts: 55,490
Joined: 31-May 06

Posted 07 July 2010 - 12:45 PM

Yes run combofix and ignore the AV warnings

#23 Essexboy

Group: GeekU Moderator
Posts: 55,490
Joined: 31-May 06

Posted 11 July 2010 - 05:56 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
←
1
2

Please log in to reply

Removed AV Security Suite but still having problems [Closed] - Geeks to Go Forums