Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox quitting/running extremely slowly

Started by AThe , Jul 05 2010 05:24 PM

  • This topic is locked This topic is locked

#1
AThe
Posted 05 July 2010 - 05:24 PM

AThe

    Member

  • Member
  • PipPip
  • 21 posts
Lately I've been noticing Firefox running extremely slowly. Task Manager shows CPU usage at 100%, typically while Firefox is running. Periodically, the computer will freeze for a few seconds, before I can do anything. It's become difficult to even browse, much less get any actual work done on my computer.

I've run scans MBAM, Erunt, and OTL scans as well as trying to run a scheduled McAfee scan. McAfee seems to freeze at 4% all the time, and even a quick scan under MBAM took almost an hour (where it usually takes less than 10 mins).

I've attached scan logs. Any help/suggestions would be greatly appreciated.

Attached Files


  • 0

Advertisements

#2
Essexboy
Posted 09 July 2010 - 03:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - could you let me know your current problems please

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.dat
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
AThe
Posted 10 July 2010 - 10:35 AM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy,

Thanks for the instructions! Unfortunately, I had some problems following them completely - which I outline below. As for computer problems: generally speaking, the computer seems to periodically begin to run constantly at 100% CPU usage. Once that happens, it becomes difficult/fairly impossible to do anything on the computer. At first, I thought it would only happen at certain times when I was browsing with Firefox, but it also started happening when I tried switching to IE. As well, at one point McAfee turned off all its protections by itself. The computer also sometimes will take an extremely long time to turn off. One time, I didn't realize it hadn't actually shut down until the next morning (the screen was still "Saving your settings...")

As to your instructions: First, when I ran the GMER scan it seemed to run fine for a while, until I got a Blue Screen with the following message:

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Run a system diagnostic utility supplied by your hardware manufacturer. In particular, run a memory check, and check for faulty or mismatched memory. Try changing video adapters.

Disable or remove any newly installed hardware and drivers. Disable or remove and newly installed software. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Start Up Options, and then select Safe Mode.

Technical Information:
*** STOP: 0x0000007F (0x0000000D, 0x00000000, 0x00000000, 0x00000000)"

As such, the scan did not produce a log.

Next, when I ran OTL as instructed, it did not produce two logs. I'm sure I pasted the Custom text into the appropriate box, and I only checked the "Scan All Users" box and hit the "Quick Scan" button, as you directed. The only log that *was* produced I paste here:

OTL logfile created on: 7/10/2010 11:55:05 AM - Run 3
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Amelio The\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 56.10 Gb Total Space | 24.57 Gb Free Space | 43.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 44.55 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMACHINE
Current User Name: Amelio The
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
PRC - [2010/07/06 16:29:14 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/16 16:09:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 15:39:42 | 000,045,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2008/01/17 15:39:30 | 000,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/08/03 19:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2010/05/28 15:35:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 01:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 01:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 06:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/17 15:45:08 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/25 01:24:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 16:29:23 | 000,000,000 | ---D | M]

[2008/11/11 00:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Extensions
[2010/07/07 16:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions
[2010/05/12 07:25:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/15 17:03:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/18 15:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/05/07 18:27:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/07 16:46:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 20:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/01 20:31:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/26 21:22:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/01/17 15:57:30 | 000,165,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll

O1 HOSTS File: ([2010/05/27 19:21:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1482476501-884357618-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-884357618-839522115-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1226373470062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.163.32.51 207.179.71.27 216.163.32.52 207.179.70.27
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/10 18:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1996/11/07 13:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 14:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/02 22:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 10:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{fb9c97d4-a466-11de-be4d-001b77882e64}\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 18:07:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/06/22 16:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/01 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/01 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/01 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/27 20:53:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/22 09:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/22 09:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/22 09:34:43 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/22 07:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\GooredFix Backups
[2010/05/21 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/21 19:57:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/21 18:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:15:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Amelio The\PrivacIE
[2010/05/21 07:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/20 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/10 21:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\DNRE Stuff
[2010/04/27 13:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\Deployment

========== Files - Modified Within 90 Days ==========

[2010/07/10 11:30:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
[2010/07/10 09:58:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/10 09:58:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/10 09:57:50 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/10 09:57:50 | 000,028,314 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/10 09:57:32 | 000,021,549 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/10 09:57:18 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/07/10 09:57:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 09:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 09:57:05 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 09:21:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/10 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/10 04:09:21 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Amelio The\NTUSER.DAT
[2010/07/10 04:09:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Amelio The\ntuser.ini
[2010/07/10 03:51:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/10 03:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/07/09 17:26:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/07/09 16:06:22 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 15:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/09 15:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/09 14:49:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/09 14:49:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/09 14:46:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/09 14:46:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/08 19:32:19 | 000,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2010/07/08 17:36:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/08 17:36:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/08 17:14:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/08 17:14:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/07 21:22:58 | 000,284,377 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:12 | 000,304,857 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/07 16:36:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/07 16:36:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/07 16:20:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/07 16:20:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/06 23:32:00 | 000,285,737 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:38 | 000,008,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:41:43 | 000,056,144 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/06 16:51:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/06 16:51:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/06 16:25:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/06 16:25:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/05 22:07:44 | 000,185,046 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 20:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/05 20:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/05 20:09:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/05 20:09:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/05 15:10:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/05 15:10:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/05 14:58:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 15:30:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/01 15:30:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/01 08:01:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/01 08:01:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/06/30 17:28:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/30 17:28:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/30 16:34:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/30 16:34:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/30 10:10:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/30 10:10:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/29 21:56:36 | 000,106,060 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/26 13:30:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
[2010/06/22 17:36:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 17:36:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 17:36:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 16:53:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/08 18:58:43 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 18:04:06 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 18:03:07 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 21:25:48 | 011,029,920 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:25:41 | 005,334,731 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:31 | 000,047,050 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/29 18:38:27 | 004,449,036 | -H-- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\IconCache.db
[2010/05/27 19:21:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/27 19:21:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/22 09:51:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/22 08:04:58 | 000,287,218 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:42:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/21 20:34:32 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Amelio The\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 20:02:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:13 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:23 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:19:20 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/15 20:36:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 22:45:48 | 013,971,197 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:15 | 000,028,132 | ---- | M] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/06 13:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 16:10:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/05/04 13:49:20 | 008,560,128 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:21:32 | 000,167,753 | ---- | M] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:49 | 000,029,619 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 13:22:17 | 000,035,352 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/27 08:13:09 | 002,128,923 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 21:35:18 | 000,039,245 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:42 | 001,171,033 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF
[2010/04/15 14:53:13 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Exam4.lnk
[2010/04/15 09:51:42 | 000,386,422 | ---- | M] () -- E:\My Documents\The ecstasy of influence_ A plaigerism.pdf
[2010/04/14 07:10:59 | 000,308,962 | ---- | M] () -- E:\My Documents\20100414.gif
[2010/04/14 01:27:53 | 000,028,160 | ---- | M] () -- E:\My Documents\State Administrative Law Practice.doc
[2010/04/14 01:27:22 | 000,032,256 | ---- | M] () -- E:\My Documents\State Administrative Law practice some more.doc
[2010/04/13 21:14:02 | 000,132,233 | ---- | M] () -- E:\My Documents\American Thinker Photo Comparison.jpg
[2010/04/13 21:13:21 | 000,207,916 | ---- | M] () -- E:\My Documents\Same view American Thinker Article zoomed out slightly.pdf
[2010/04/13 21:11:55 | 000,386,422 | ---- | M] () -- E:\My Documents\American Thinker_ Obama Attends NonExistent Soccer Game.pdf
[2010/04/12 12:55:12 | 000,051,780 | ---- | M] () -- E:\My Documents\The Pope and the press.pdf
[2010/04/12 09:15:30 | 000,021,024 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Exam Schedule.pdf
[2010/04/11 21:31:01 | 000,055,808 | ---- | M] () -- E:\My Documents\Major Energy Law Cases.doc

========== Files Created - No Company Name ==========

[2010/07/07 21:22:58 | 000,284,377 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:11 | 000,304,857 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/06 23:32:00 | 000,285,737 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:37 | 000,008,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:42:45 | 000,056,144 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/05 22:07:44 | 000,185,046 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 18:21:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.exe
[2010/07/05 15:41:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/06/29 21:56:36 | 000,106,060 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 16:52:32 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/06 21:27:29 | 011,029,920 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:27:29 | 005,334,731 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:30 | 000,047,050 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/27 19:16:08 | 2145,869,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/22 09:51:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/22 09:51:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/22 09:48:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/22 09:48:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/22 08:04:55 | 000,287,218 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:34:32 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 18:36:13 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:12 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:18:11 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/14 17:04:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2010/05/11 22:46:15 | 013,971,197 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:14 | 000,028,132 | ---- | C] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/04 13:59:03 | 008,560,128 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/28 12:21:32 | 000,167,753 | ---- | C] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:47 | 000,029,619 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:47:14 | 002,128,923 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/21 21:35:15 | 000,039,245 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:57 | 001,171,033 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF
[2010/04/15 09:51:32 | 000,386,422 | ---- | C] () -- E:\My Documents\The ecstasy of influence_ A plaigerism.pdf
[2010/04/14 07:10:56 | 000,308,962 | ---- | C] () -- E:\My Documents\20100414.gif
[2010/04/14 01:14:04 | 000,032,256 | ---- | C] () -- E:\My Documents\State Administrative Law practice some more.doc
[2010/04/13 23:28:05 | 000,028,160 | ---- | C] () -- E:\My Documents\State Administrative Law Practice.doc
[2010/04/13 21:13:59 | 000,132,233 | ---- | C] () -- E:\My Documents\American Thinker Photo Comparison.jpg
[2010/04/13 21:13:20 | 000,207,916 | ---- | C] () -- E:\My Documents\Same view American Thinker Article zoomed out slightly.pdf
[2010/04/13 21:11:53 | 000,386,422 | ---- | C] () -- E:\My Documents\American Thinker_ Obama Attends NonExistent Soccer Game.pdf
[2010/04/12 12:55:10 | 000,051,780 | ---- | C] () -- E:\My Documents\The Pope and the press.pdf
[2010/04/12 09:15:28 | 000,021,024 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Exam Schedule.pdf
[2009/08/03 16:56:05 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/13 18:50:48 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/25 17:28:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/17 08:46:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/13 15:29:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/13 15:29:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/13 15:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/13 15:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/13 15:29:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/13 15:29:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/11 13:35:17 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/11 11:55:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/10 23:56:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/10 23:56:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/10 23:56:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/10 23:56:47 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/10 19:00:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/11/10 19:00:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/28 20:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/01 11:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/09/18 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/01 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/18 21:57:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
[2010/01/08 18:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\CiscoCAA
[2010/02/26 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit
[2010/03/04 22:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit Software
[2008/11/17 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Leadertech
[2008/11/11 12:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OfficeUpdate12
[2010/04/04 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OpenOffice.org
[2009/02/04 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Softland
[2009/09/18 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Stardock
[2009/02/04 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/10/15 01:15:24 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 01:01:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/11/10 18:35:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/10 18:29:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/22 09:51:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/11/10 18:35:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/10 09:57:05 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/10 18:35:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/21 16:16:16 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/11/10 18:35:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/11 01:06:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 09:57:02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/09 14:49:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/09 15:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/10 03:51:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/10 09:21:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/10 09:58:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/30 10:10:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/30 16:34:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/30 17:28:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/01 08:01:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/01 15:30:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/05 15:10:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/05 20:09:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/05 20:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/06 16:25:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/06 16:51:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/07 16:20:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/07 16:36:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/08 17:14:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/08 17:36:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/09 14:46:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/09 14:49:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/09 15:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/10 03:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/07/10 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/10 09:58:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/30 10:10:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/30 16:34:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/30 17:28:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/01 08:01:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/01 15:30:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/05 15:10:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/05 20:09:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/05 20:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/06 16:25:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/06 16:51:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/07 16:20:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/07 16:36:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/08 17:14:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/08 17:36:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/09 14:46:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/10 18:35:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/12/29 10:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.dat >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/10 13:22:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/10 13:22:15 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/10 13:22:15 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-22 21:37:14
< End of report >
  • 0

#4
Essexboy
Posted 10 July 2010 - 12:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm there is nothing showing that I can see

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
AThe
Posted 11 July 2010 - 11:17 AM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy,

Here's the Combofix log. If the problem isn't malware or such, do you think I should be looking at a different forum? (i.e. - Windows XP forum?

ComboFix 10-07-10.02 - Amelio The 07/11/2010 12:14:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1427 [GMT -4:00]
Running from: c:\documents and settings\Amelio The\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-06-22 20:51 . 2010-06-22 20:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 03:11 . 2008-11-11 17:49 -------- d-----w- c:\documents and settings\Amelio The\Application Data\Skype
2010-07-09 00:04 . 2008-11-11 17:50 -------- d-----w- c:\documents and settings\Amelio The\Application Data\skypePM
2010-07-08 23:32 . 2009-09-08 15:35 -------- d-----w- c:\program files\DOSBox-0.73
2010-07-06 20:29 . 2010-05-21 22:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-26 21:22 . 2010-02-26 17:15 -------- d-----w- c:\documents and settings\Amelio The\Application Data\vlc
2010-06-15 11:32 . 2008-11-11 00:22 -------- d-----w- c:\program files\McAfee
2010-06-04 03:05 . 2010-02-28 21:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 00:41 . 2010-06-02 00:34 -------- d-----w- c:\program files\SpywareBlaster
2010-06-02 00:36 . 2010-06-02 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-02 00:33 . 2008-11-10 22:46 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 00:31 . 2010-06-02 00:31 -------- d-----w- c:\program files\Sun
2010-06-02 00:31 . 2010-06-02 00:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 00:29 . 2008-11-10 22:46 -------- d-----w- c:\program files\Java
2010-05-29 22:17 . 2010-05-29 22:17 348160 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\msvcr71.dll
2010-05-29 22:17 . 2010-05-29 22:17 61440 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67fd3a94-n\decora-sse.dll
2010-05-29 22:17 . 2010-05-29 22:17 503808 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\msvcp71.dll
2010-05-29 22:17 . 2010-05-29 22:17 499712 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a098a0d-n\jmc.dll
2010-05-29 22:17 . 2010-05-29 22:17 12800 ----a-w- c:\documents and settings\Amelio The\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67fd3a94-n\decora-d3d.dll
2010-05-22 00:34 . 2010-05-22 00:34 388096 ----a-r- c:\documents and settings\Amelio The\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-22 00:34 . 2010-05-22 00:34 -------- d-----w- c:\program files\Trend Micro
2010-05-22 00:09 . 2008-11-11 05:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 00:06 . 2008-11-11 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 22:36 . 2010-05-21 22:36 63488 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 22:36 . 2010-05-21 22:36 52224 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 22:36 . 2010-05-21 22:36 117760 ----a-w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 22:36 . 2010-05-21 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 22:36 . 2010-05-21 22:36 -------- d-----w- c:\documents and settings\Amelio The\Application Data\SUPERAntiSpyware.com
2010-05-21 22:35 . 2008-12-26 04:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 20:16 . 2008-11-11 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 11:31 . 2010-04-04 19:08 1 ----a-w- c:\documents and settings\Amelio The\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 00:36 . 2010-02-24 02:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-11-11 04:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-11 04:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 17:22 . 2008-11-10 22:42 35352 ----a-w- c:\documents and settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-14 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-06 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2006-08-03 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-01-17 40960]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-01-17 45056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Amelio The\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-9 576000]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Documents and Settings\\Amelio The\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Amelio The\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Games\\FreeSpace2\\FS2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2/13/2009 6:50 PM 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2/5/2010 6:28 PM 742144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
- c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 16:19]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
- c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-14 16:19]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-11-11 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-11-11 16:22]

2010-07-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\
FF - plugin: c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Amelio The\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Amelio The\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnipp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(8392)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-07-11 13:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 17:09

Pre-Run: 26,859,630,592 bytes free
Post-Run: 26,838,319,104 bytes free

- - End Of File - - E965EB2A786EEAE72D2585D5E14CAE39
  • 0

#6
Essexboy
Posted 11 July 2010 - 11:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once malware has been ruled out, then it would suggest hardware and I would tend to think of either RAM or HDD
Could you give me a breakdown of the problems, then if I cannot see a simple solution I will pass you on to the Techs
  • 0

#7
AThe
Posted 11 July 2010 - 09:52 PM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Basically, CPU usage will jump to 100% periodically and remain constant until I shut off the computer - if I *can* get it shut off.

I had thought it was while I was using Firefox or IE, but that might just be because I'm usually on the Internet whenever I'm working on the computer. Sometimes it seems like it happens randomly: I'll literally just be watching the Task Manager, running nothing or having some things open but not doing anything, but the CPU usage will jump up to 100%.

McAfee also seemed to be doing some funky things (it shut its protections off once) but that hasn't seemed to happen in the past few days.
  • 0

#8
Essexboy
Posted 12 July 2010 - 12:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets just confirm that it is not malware and do a deep virus scan

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#9
AThe
Posted 13 July 2010 - 08:02 AM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The scan hasn't yet completed, but I wanted to post so the topic wouldn't close. Last I saw before I left for work it was up to 14+ hours. Is that normal? So far, it's only notified me that it's found one rootkit infection: I think it was called "TDSS".
  • 0

#10
Essexboy
Posted 13 July 2010 - 12:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm no TDSS showing in the other logs - I wonder if it was in system restore
  • 0

Advertisements

#11
AThe
Posted 13 July 2010 - 02:36 PM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Okay, I got home, and the scan had progressed all of 5% the whole nine hours I was at work (45% complete scan @ over 21 hours total! Is this expected??). I had to cancel the scan in order to post. The only entries in the scan log related to this:

7/12/2010 9:36:41 PM Detected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{B1E94C77-899E-48E5-96A4-849B6F84FE74}\RP420\A0058520.sys

Should I try to run the complete scan again?
  • 0

#12
Essexboy
Posted 13 July 2010 - 03:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No as system restore is one of the latter scans

As suspected the TDSS was in system restore

So lets clear the restore points - do you still have the high usage ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS] 
[Reboot]

  • 0

#13
AThe
Posted 14 July 2010 - 02:43 PM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy,

Today, the usage seems okay. It hasn't hit 100% yet. Here's the OTL log from the run with the Custom fix. It didn't create two txt files (no "Extra" one). Is that normal? And, what do you think: is the computer clean now?

OTL logfile created on: 7/14/2010 4:21:32 PM - Run 4
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Amelio The\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 56.10 Gb Total Space | 24.68 Gb Free Space | 43.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 87.89 Gb Total Space | 40.50 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive F: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMACHINE
Current User Name: Amelio The
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
PRC - [2010/07/06 16:29:14 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/16 16:09:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 15:39:42 | 000,045,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2008/01/17 15:39:30 | 000,040,960 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/08/03 19:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AMELIO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/28 15:35:49 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\27218902.sys -- (27218902)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2721890.sys -- (setup_9.0.0.722_13.07.2010_00-03drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\27218901.sys -- (27218901)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 01:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/17 01:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 06:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/17 15:45:08 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/25 01:24:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 18:38:41 | 000,000,000 | ---D | M]

[2008/11/11 00:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Extensions
[2010/07/13 16:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions
[2010/05/12 07:25:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/13 16:33:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/18 15:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/07/11 11:33:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Amelio The\Application Data\Mozilla\Firefox\Profiles\6ok98rcd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/12 17:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 20:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/01 20:31:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/26 21:22:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/01/17 15:57:30 | 000,165,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll

O1 HOSTS File: ([2010/07/11 13:06:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1482476501-884357618-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-884357618-839522115-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\setup_9.0.0.722_13.07.2010_00-03.lnk = C:\Documents and Settings\Amelio The\Desktop\Virus Removal Tool\setup_9.0.0.722_13.07.2010_00-03\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1226373470062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.163.32.51 207.179.71.27 216.163.32.52 207.179.70.27
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amelio The\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/10 18:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1996/11/07 13:19:30 | 000,450,560 | R--- | M] () - F:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 14:11:58 | 000,011,902 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/02 22:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 10:40:06 | 000,000,029 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CLEARALLRESTOREPOINTS]
Restore points cleared and new OTL Restore Point set!

========== Files/Folders - Created Within 90 Days ==========

[2010/07/12 18:54:35 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2721890.sys
[2010/07/12 18:54:35 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\27218901.sys
[2010/07/12 18:54:35 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\27218902.sys
[2010/07/12 18:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\Virus Removal Tool
[2010/07/12 18:51:45 | 074,017,264 | ---- | C] ( ) -- C:\Documents and Settings\Amelio The\Desktop\setup_9.0.0.722_13.07.2010_00-03.exe
[2010/07/11 13:10:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/11 12:11:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/11 12:11:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/11 12:11:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/11 12:11:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/11 12:10:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/11 12:10:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/10 16:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\Governmental Immunity and Airports
[2010/07/05 18:07:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/06/22 16:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/01 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/01 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/01 20:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/22 09:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/22 09:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/22 09:34:43 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/22 07:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\GooredFix Backups
[2010/05/21 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/21 19:57:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/21 18:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Application Data\SUPERAntiSpyware.com
[2010/05/21 18:15:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Amelio The\PrivacIE
[2010/05/21 07:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/20 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/10 21:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Desktop\DNRE Stuff
[2010/04/27 13:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\Deployment

========== Files - Modified Within 90 Days ==========

[2010/07/14 16:18:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/14 16:18:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/14 16:18:13 | 000,021,899 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/14 16:17:31 | 000,028,314 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/14 16:17:30 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/14 16:17:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/07/14 16:17:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/14 16:17:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/14 16:17:01 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 22:32:11 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Amelio The\NTUSER.DAT
[2010/07/13 22:31:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Amelio The\ntuser.ini
[2010/07/13 22:30:50 | 000,238,080 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 22:30:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004UA.job
[2010/07/13 16:27:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/13 16:27:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/12 18:56:36 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\setup_9.0.0.722_13.07.2010_00-03.lnk
[2010/07/12 18:42:24 | 074,017,264 | ---- | M] ( ) -- C:\Documents and Settings\Amelio The\Desktop\setup_9.0.0.722_13.07.2010_00-03.exe
[2010/07/12 18:38:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/12 17:15:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/12 17:15:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/11 13:30:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-884357618-839522115-1004Core.job
[2010/07/11 13:11:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/11 13:11:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/11 13:10:02 | 000,035,352 | ---- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/11 13:06:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/11 13:06:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/11 11:32:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/07/11 11:32:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/07/10 12:42:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/07/10 12:42:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/07/10 09:58:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/10 09:58:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/10 09:21:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/10 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/10 03:51:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/10 03:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/07/09 17:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\OTL.exe
[2010/07/09 17:26:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/07/09 15:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/09 15:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/09 14:49:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/09 14:49:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/09 14:46:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/09 14:46:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/08 19:32:19 | 000,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2010/07/08 17:36:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/08 17:36:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/08 17:14:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/08 17:14:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/07 21:22:58 | 000,284,377 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:12 | 000,304,857 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/07 16:36:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/07 16:36:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/07 16:20:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/07 16:20:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/06 23:32:00 | 000,285,737 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:38 | 000,008,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:41:43 | 000,056,144 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/06 16:51:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/06 16:51:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/06 16:25:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/06 16:25:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/05 22:07:44 | 000,185,046 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 20:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/05 20:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/05 20:09:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/05 20:09:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/05 14:58:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 21:56:36 | 000,106,060 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 17:36:12 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 17:36:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 17:36:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 18:58:43 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 18:04:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 18:04:06 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 21:25:48 | 011,029,920 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:25:41 | 005,334,731 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:31 | 000,047,050 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/29 18:38:27 | 004,449,036 | -H-- | M] () -- C:\Documents and Settings\Amelio The\Local Settings\Application Data\IconCache.db
[2010/05/22 09:51:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/22 08:04:58 | 000,287,218 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:42:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amelio The\Desktop\TFC.exe
[2010/05/21 20:34:32 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Amelio The\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 20:02:38 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Amelio The\Desktop\setup-spybotsd162.exe
[2010/05/21 18:36:13 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:23 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:19:20 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/15 20:36:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 22:45:48 | 013,971,197 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:15 | 000,028,132 | ---- | M] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/06 13:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 16:10:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-884357618-839522115-1004.job
[2010/05/04 13:49:20 | 008,560,128 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:21:32 | 000,167,753 | ---- | M] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:49 | 000,029,619 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:13:09 | 002,128,923 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 21:35:18 | 000,039,245 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:42 | 001,171,033 | ---- | M] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF

========== Files Created - No Company Name ==========

[2010/07/13 16:25:41 | 2145,869,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/12 18:56:36 | 000,002,253 | ---- | C] () -- C:\Documents and Settings\Amelio The\Start Menu\Programs\Startup\setup_9.0.0.722_13.07.2010_00-03.lnk
[2010/07/11 12:11:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 12:11:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 12:11:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/07 21:22:58 | 000,284,377 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\National-Guide-English-Final.pdf
[2010/07/07 21:02:11 | 000,304,857 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Unfortunately we do not rent to minorities.JPG
[2010/07/06 23:32:00 | 000,285,737 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen2
[2010/07/06 23:31:53 | 000,307,875 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard2
[2010/07/06 23:31:45 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody2
[2010/07/06 23:31:37 | 000,008,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon2
[2010/07/06 23:27:08 | 000,287,274 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_widescreen.jpg
[2010/07/06 23:26:58 | 000,309,384 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_standard.jpg
[2010/07/06 23:26:47 | 000,043,839 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_fullbody.jpg
[2010/07/06 23:26:39 | 000,009,145 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\madmen_icon.jpg
[2010/07/06 20:42:45 | 000,056,144 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\heatwavecurve.jpg
[2010/07/06 17:22:24 | 000,021,989 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\testimony_sullivan.pdf
[2010/07/05 22:07:44 | 000,185,046 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Jones_Gardener's_Tale.pdf
[2010/07/05 18:21:10 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.exe
[2010/07/05 15:41:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\gmer.zip
[2010/06/29 21:56:36 | 000,106,060 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DiversityObjectivity.pdf
[2010/06/28 22:30:00 | 000,365,520 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Primary Surpluses and Sustainable Debt LEvels in Emerging Market Countries.pdf
[2010/06/22 16:52:32 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/06 21:27:29 | 011,029,920 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00030.wmv
[2010/06/06 21:27:29 | 005,334,731 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\VID00033.MP4
[2010/06/03 22:12:30 | 000,047,050 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\il_fullxfull.148942979.jpg
[2010/06/01 20:34:04 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SpywareBlaster.lnk
[2010/05/22 09:51:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/22 09:51:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/22 09:48:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/22 09:48:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/22 08:04:55 | 000,287,218 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Geeks to Go! [Powered by In...pdf
[2010/05/22 07:54:55 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\OTL Guide.doc
[2010/05/21 20:34:32 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\HiJackThis.lnk
[2010/05/21 20:04:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 18:36:13 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/21 18:35:12 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\SUPERAntiSpyware.exe
[2010/05/16 16:18:11 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2 starting comments.doc
[2010/05/14 17:04:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2010/05/11 22:46:15 | 013,971,197 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Climate Change Indicators in the US.PDF
[2010/05/07 16:35:14 | 000,028,132 | ---- | C] () -- E:\My Documents\tchaikovsky10-hp.gif
[2010/05/04 13:59:03 | 008,560,128 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\DV - Sanguinicola sp. - Paper 2.doc
[2010/04/28 12:21:32 | 000,167,753 | ---- | C] () -- E:\My Documents\HarmonyValleyPark.jpg
[2010/04/28 10:34:47 | 000,029,619 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Directions to John & Cassidys.pdf
[2010/04/27 08:47:14 | 002,128,923 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Weaver Statement of Claim.PDF
[2010/04/21 21:35:15 | 000,039,245 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\cute pic.jpg
[2010/04/21 14:39:57 | 001,171,033 | ---- | C] () -- C:\Documents and Settings\Amelio The\Desktop\Civilization Manual.PDF
[2009/08/03 16:56:05 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/13 18:50:48 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/25 17:28:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/17 08:46:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/13 15:29:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/13 15:29:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/13 15:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/13 15:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/13 15:29:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/13 15:29:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/11 13:35:17 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/11 11:55:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/10 23:56:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/10 23:56:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/10 23:56:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/10 23:56:47 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/10 19:00:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/11/10 19:00:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/28 20:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/01 11:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/09/18 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/01 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/18 21:57:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
[2010/01/08 18:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\CiscoCAA
[2010/02/26 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit
[2010/03/04 22:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Foxit Software
[2008/11/17 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Leadertech
[2008/11/11 12:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OfficeUpdate12
[2010/04/04 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\OpenOffice.org
[2009/02/04 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Softland
[2009/09/18 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amelio The\Application Data\Stardock
[2009/02/04 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/10/15 01:15:24 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 01:01:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< :Commands >

< [resethosts] >

< [purity] >

< [emptytemp] >

< [EMPTYFLASH] >

< [Reboot] >
< End of report >
  • 0

#14
Essexboy
Posted 14 July 2010 - 02:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What I would like you to do is run for 24 hours or so and then come back and let me know how it is running - If all is OK I will remove my tools and tidy you up. Otherwise I will have a rethink :)
  • 0

#15
AThe
Posted 15 July 2010 - 07:42 PM

AThe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Essexboy,

Okay, so, I think, both good news and bad: At first, yesterday, everything seemed to run smoothly. Then, I *think* after I opened a detachable USB drive, things started to slow down again. CPU usage doesn't seem to constantly hit 100% like before, but still fluctuates above 50%.

- Firefox takes almost an entire minute to load.
- Trying to open explorer items from the Start menu like "My Computer" or "My Documents" takes a while and starts with a flashlight searching before the folder will actually open.

What do you think?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP