Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

am i infected or missing stuff after running the OTL thingy

Started by rupertdigby , Jan 29 2011 11:19 AM

This topic is locked

#151
SweetTech

Posted 03 February 2011 - 08:13 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello ruperdigby,

We've come along way together. How are things running?

C:\Qoobox\Quarantine\C\Documents and Settings\Rnady Barron\Application Data\net.bat.vir MSIL/Autorun.N worm
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Patched.GO trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ms.dll.vir Win32/Bamital.DV trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000004.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000005.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000016.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000017.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001017.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001035.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001036.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002030.exe Win32/Dursg.E trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002040.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002041.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002060.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002096.exe Win32/Dursg.E trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002292.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002293.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002310.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002311.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002325.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP15\A0004660.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP15\A0004673.exe Win32/Patched.GO trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP15\A0004835.dll Win32/Bamital.DV trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0002351.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002386.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003385.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003400.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003401.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003408.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0003445.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0003514.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0003516.bat MSIL/Autorun.N worm

These items are currenty in quarantine and in System Restore, and will be dealt with once we clean up our tools.

I should also point the following out to you as well:

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\temp\8a702136-2fcf-42b5-a671-c7b38facb426\OfferApp-2492.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#152
rupertdigby

Posted 03 February 2011 - 08:24 PM

Member

Topic Starter
Member
113 posts

i want to clean everything but i don't know if i have a truly clean machine to change out pw. i downloaded keyscrambler last night from. i hope i's work. i'll continue he instructions

#153
SweetTech

Posted 03 February 2011 - 08:33 PM

Sir SpamAlot

Retired Staff
7,671 posts

You could wait until I declare your P.C. clean to change your passwords.

#154
rupertdigby

Posted 03 February 2011 - 09:02 PM

Member

Topic Starter
Member
113 posts

do i need to get rid of any plug ins or add on in fire fox.

#155
rupertdigby

Posted 03 February 2011 - 11:18 PM

Member

Topic Starter
Member
113 posts

how does this look now. i started all this when i could not get into my acc at a dept store website with fire fox. still can't. it woks with explorer.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\temp\8a702136-2fcf-42b5-a671-c7b38facb426\OfferApp-2492.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Rnady Barron\Desktop\repairs\cmd.bat deleted successfully.
C:\Documents and Settings\Rnady Barron\Desktop\repairs\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: drivers

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3584 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Temp folder emptied: 2937918 bytes
->Temporary Internet Files folder emptied: 107928 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79659344 bytes
->Flash cache emptied: 982 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112976 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 883488 bytes

Total Files Cleaned = 80.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: drivers

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02032011_235545

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#156
SweetTech

Posted 04 February 2011 - 04:22 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

How are things running?

how does this look now. i started all this when i could not get into my acc at a dept store website with fire fox. still can't. it woks with explorer.

It's possible that NoScript is interferring with your attempt to log into your account at the Department store website.

Your logs are looking pretty clean, but I'd like to have you run a new scan with OTL, to ensure that nothing else is hiding.

Re-Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

#157
rupertdigby

Posted 04 February 2011 - 07:59 PM

Member

Topic Starter
Member
113 posts

things are running good and ok. the adobe flashed a pop up once and would not open a doc. but i closed it couple of a times and then it worked. i ran malearebytes before i left for lunch and when i booted up now there was a black screen about not starting needed a wyn32system root replaced or something like that.
the dell disc showed up today so have the recovery disc and 2 driver disc. here the logs

OTL logfile created on: 2/4/2011 8:49:01 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Rnady Barron\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 45.12 Gb Free Space | 65.93% Space Free | Partition Type: NTFS

Computer Name: D35W7X91 | User Name: Rnady Barron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (HidServ) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
IE - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.charter.net/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 22:20:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/03 22:48:06 | 000,000,000 | ---D | M]

[2008/12/16 13:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Extensions
[2011/02/04 00:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions
[2010/06/30 14:05:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 23:50:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/02/04 20:20:00 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\[email protected]
[2011/02/02 23:50:37 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\[email protected]
[2011/02/04 00:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 22:14:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/03 23:11:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/28 08:51:50 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/03 23:10:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/01/20 20:07:12 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/02/03 23:55:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194310281453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 20:37:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe
[2011/02/03 23:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/03 23:11:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/03 23:11:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/03 23:11:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/03 23:11:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/03 22:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/03 22:48:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/03 22:24:21 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rnady Barron\Desktop\jre-6u23-windows-i586.exe
[2011/02/03 22:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Temp
[2011/02/03 22:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/03 19:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/03 19:10:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/03 15:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LeapFrog Connect
[2011/02/03 15:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/02/03 15:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/03 15:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2011/02/03 15:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\log
[2011/02/02 22:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/02/02 22:59:15 | 000,114,952 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/02/02 22:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/02/02 21:51:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/02 21:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/02 20:55:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/02 17:59:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/02 17:59:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/02 17:59:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/02 17:59:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/02 17:48:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/02 17:04:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/02/02 17:04:34 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/02/02 17:04:33 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/02/02 17:04:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/02/02 17:04:32 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/02/02 17:04:31 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/02/02 17:04:30 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/02/02 17:04:29 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/02/02 17:04:28 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/02/02 17:04:23 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/02/02 17:04:22 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/02/02 17:04:21 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/02/02 17:04:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/02/02 17:04:20 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/02/02 17:04:19 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/02/02 17:04:18 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/02/02 17:04:18 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/02/02 17:04:17 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/02/02 17:04:16 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/02/02 17:04:16 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/02/02 17:04:10 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/02/02 17:04:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/02/02 17:04:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/02/02 17:03:59 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/02/02 17:03:58 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/02/02 17:03:58 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/02/02 17:03:57 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/02/02 17:03:55 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/02/02 17:03:55 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/02/02 17:03:54 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/02/02 17:03:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/02/02 17:03:53 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/02/02 17:03:52 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/02/02 17:03:51 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/02/02 17:03:51 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/02/02 17:03:49 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/02/02 17:03:49 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/02/02 17:03:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/02/02 17:02:27 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/02/02 17:02:27 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/02/02 17:02:25 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/02/02 17:02:24 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/02/02 17:02:24 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/02/02 17:02:23 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/02/02 17:02:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/02/02 17:02:22 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/02/02 17:02:22 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/02/02 17:02:18 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/02/02 17:02:17 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/02/02 17:01:02 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/02/02 17:00:55 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/02/02 17:00:55 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/02/02 17:00:54 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/02/02 17:00:53 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/02/02 17:00:53 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/02/02 17:00:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/02/02 17:00:38 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/02/02 17:00:33 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/02/02 17:00:32 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/02/02 17:00:32 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/02/02 17:00:31 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/02/02 17:00:31 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/02/02 17:00:30 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/02/02 17:00:29 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/02/02 17:00:28 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/02/02 17:00:27 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/02/02 17:00:27 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/02/02 17:00:27 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/02/02 17:00:26 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/02/02 17:00:25 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/02/02 17:00:25 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/02/02 17:00:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/02/02 17:00:22 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/02/02 17:00:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/02/02 17:00:21 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/02/02 17:00:21 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/02/02 17:00:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/02/02 16:57:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/01/29 10:25:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\IECompatCache
[2011/01/28 17:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\GooredFix Backups
[2011/01/28 17:38:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/28 17:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/28 17:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\repairs
[2011/01/28 13:12:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\PrivacIE
[2011/01/28 10:19:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\IETldCache
[2011/01/28 10:11:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/01/28 10:07:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/28 10:03:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/01/28 10:03:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/01/28 10:03:42 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/01/28 10:03:40 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/01/28 10:03:38 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/01/26 13:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\DriverCure
[2011/01/26 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\ParetoLogic
[2011/01/26 13:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/26 10:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/26 10:58:29 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/26 10:58:29 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/26 10:58:27 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/26 10:58:26 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/26 10:58:26 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/26 10:58:26 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/26 10:58:25 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/26 10:58:05 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/26 10:58:04 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/25 10:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\AVG8
[2011/01/21 12:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\FixCleaner
[2011/01/21 12:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/01/20 20:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/01/20 17:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/20 17:04:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/01/20 16:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/01/20 16:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/01/20 13:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/20 13:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/01/20 13:37:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\Application Data\Desktop
[2011/01/20 12:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\My Documents\Computer Repairs
[2011/01/12 22:20:10 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPCLOCK.sys
[2011/01/12 21:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/01/12 21:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
[2011/01/12 21:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2011/01/12 21:52:08 | 000,299,923 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2011/01/12 21:52:08 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\SONYHCY.DLL
[2011/01/12 21:52:08 | 000,038,739 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2011/01/12 21:52:08 | 000,006,097 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcb.sys

========== Files - Modified Within 30 Days ==========

[2011/02/04 20:47:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe
[2011/02/04 20:35:26 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/04 20:15:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/04 20:15:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 20:15:12 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 23:55:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/03 23:10:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/03 23:10:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/03 23:10:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/03 23:10:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/03 23:10:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/03 22:24:27 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rnady Barron\Desktop\jre-6u23-windows-i586.exe
[2011/02/03 22:01:50 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/03 21:05:10 | 000,879,047 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\SecurityCheck.exe
[2011/02/03 19:34:45 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\esetsmartinstaller_enu.exe
[2011/02/03 17:29:58 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\Payment Info.doc
[2011/02/03 15:21:45 | 000,447,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/03 15:21:45 | 000,074,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/03 15:21:35 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2011/02/02 22:22:00 | 001,191,584 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\KeyScrambler_Setup.exe
[2011/02/02 20:55:25 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/02 20:50:54 | 004,263,406 | R--- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\ComboFix.exe
[2011/02/02 15:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/29 13:05:49 | 000,036,316 | ---- | M] () -- C:\WINDOWS\System32\dll
[2011/01/28 22:12:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/28 17:39:02 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Rnady Barron\NTUSER.bak
[2011/01/26 10:58:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/26 10:56:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/20 23:17:43 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/20 21:22:29 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/20 20:32:07 | 000,009,003 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9
[2011/01/20 17:47:00 | 000,609,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/20 13:37:02 | 000,000,047 | ---- | M] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | M] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | M] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\8nngEoL
[2011/01/18 09:58:06 | 000,000,000 | RH-- | M] () -- C:\2332b25bnet
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 21:55:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PIXELA ImageMixer Ver.1.0 for Sony.lnk
[2011/01/05 23:05:09 | 000,067,834 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\leonard gutters.pdf

========== Files Created - No Company Name ==========

[2011/02/03 22:01:50 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/03 22:01:49 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/03 21:05:18 | 000,879,047 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\SecurityCheck.exe
[2011/02/03 19:34:07 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\esetsmartinstaller_enu.exe
[2011/02/03 15:21:35 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2011/02/02 22:23:20 | 001,191,584 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\KeyScrambler_Setup.exe
[2011/02/02 20:55:24 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/02 20:55:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/02 20:51:18 | 004,263,406 | R--- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\ComboFix.exe
[2011/02/02 19:45:35 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\Microsoft Office Word 2003.lnk
[2011/02/02 19:45:35 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\Microsoft Office Excel 2003.lnk
[2011/02/02 19:45:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\My Computer.lnk
[2011/02/02 17:59:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/02 17:59:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/02 17:59:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/02 17:59:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/02 17:59:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/02 17:02:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/02/02 17:02:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/02/02 17:02:31 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/02/02 17:02:30 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/02/02 17:02:29 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/02/02 17:02:29 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/02/02 17:02:28 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/02/02 17:02:28 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/02/02 17:02:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/02/02 17:02:21 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/01/31 16:59:35 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/29 13:05:49 | 000,036,316 | ---- | C] () -- C:\WINDOWS\System32\dll
[2011/01/28 17:28:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Rnady Barron\NTUSER.tmp.LOG
[2011/01/20 17:46:46 | 000,609,566 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/20 13:42:23 | 000,009,003 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9
[2011/01/20 13:39:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/20 13:37:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\8nngEoL
[2011/01/18 09:58:06 | 000,000,000 | RH-- | C] () -- C:\2332b25bnet
[2011/01/12 21:55:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PIXELA ImageMixer Ver.1.0 for Sony.lnk
[2011/01/12 21:52:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/01/05 23:05:07 | 000,067,834 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\leonard gutters.pdf
[2009/12/11 10:41:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\prvlcl.dat
[2009/10/26 13:28:13 | 000,011,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/08/30 09:26:46 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 11:59:56 | 000,000,183 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2009/04/15 17:48:24 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/08 17:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/09 10:17:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/09 06:38:17 | 000,037,084 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/02/23 18:18:55 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/12 10:53:05 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/07/30 22:10:27 | 000,162,286 | ---- | C] () -- C:\Program Files\Porter Paints.QIF
[2006/07/30 13:16:20 | 000,000,880 | ---- | C] () -- C:\Program Files\cash.QIF
[2006/07/20 15:50:16 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0093CE428B.sys
[2006/06/25 22:14:04 | 000,134,464 | ---- | C] () -- C:\Program Files\Homedepot
[2006/05/30 20:20:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\PFP120JPR.{PB
[2006/05/30 20:20:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\PFP120JCM.{PB
[2006/05/15 22:23:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/05/15 22:05:23 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8B42CE9300.sys
[2006/05/15 22:05:14 | 000,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/08 22:27:49 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/05/05 15:09:47 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/05 14:35:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 13:38:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/03 15:27:38 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\fusioncache.dat
[2006/04/27 13:38:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/27 13:26:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/27 13:20:59 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/27 12:55:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/27 12:54:54 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 2/4/2011 8:49:01 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Rnady Barron\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 45.12 Gb Free Space | 65.93% Space Free | Partition Type: NTFS

Computer Name: D35W7X91 | User Name: Rnady Barron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer
"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}" = Palm Desktop
"{4E7E8E6A-15F1-4E26-9352-26AD235131E9}" = Documents To Go
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail™
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3D Home Architect" = 3D Home Architect
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InterActual Player" = InterActual Player
"KeyScrambler" = KeyScrambler
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNINST" = MSN
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{7B0ADD54-01D9-45E7-964A-B4A334F12034}" = Palm VersaMail™

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2011 11:40:58 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/20/2011 11:41:14 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/20/2011 11:41:14 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server returned an invalid or unrecognized response

Error - 1/20/2011 11:41:14 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/20/2011 11:41:14 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/20/2011 11:41:24 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/20/2011 11:41:24 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/20/2011 11:41:24 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/20/2011 11:41:24 PM | Computer Name = D35W7X91 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/21/2011 12:05:44 AM | Computer Name = D35W7X91 | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 2/4/2011 12:55:47 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/4/2011 12:55:47 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The Automatic LiveUpdate Scheduler service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/4/2011 12:55:47 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/4/2011 12:55:47 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The LeapFrog Connect Device Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/4/2011 12:55:48 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate Notice Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/4/2011 12:55:48 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/4/2011 12:55:48 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 2/4/2011 12:55:48 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/4/2011 12:55:49 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/4/2011 12:55:49 AM | Computer Name = D35W7X91 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

< End of report >

#158
SweetTech

Posted 04 February 2011 - 08:05 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

i ran malearebytes before i left for lunch and when i booted up now there was a black screen about not starting needed a wyn32system root replaced or something like that.

hmm.. Interesting.

the dell disc showed up today so have the recovery disc and 2 driver disc.

What does the Recovery disc say on it?

#159
rupertdigby

Posted 04 February 2011 - 08:11 PM

Member

Topic Starter
Member
113 posts

operating system already installed on your computer MS windows xp media center version 2005 with update rollup 2 reinstallation dvd

#160
SweetTech

Posted 04 February 2011 - 08:14 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Okay, we may need to utilize that.

Your OTL still shows me that you have some malicious files on your computer.

Lets remove them now.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
IE - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Reg Error: Key error.)
[2011/01/25 10:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\AVG8
[2011/02/03 22:24:27 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rnady Barron\Desktop\jre-6u23-windows-i586.exe
[2011/01/26 10:56:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/20 20:32:07 | 000,009,003 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9
[2011/01/20 13:37:02 | 000,000,047 | ---- | M] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | M] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | M] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\8nngEoL
[2011/01/29 13:05:49 | 000,036,316 | ---- | C] () -- C:\WINDOWS\System32\dll
[2009/12/11 10:41:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\prvlcl.dat
[2006/07/20 15:50:16 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0093CE428B.sys

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#161
rupertdigby

Posted 04 February 2011 - 08:24 PM

Member

Topic Starter
Member
113 posts

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service LiveUpdate Notice Ex stopped successfully!
Service LiveUpdate Notice Ex deleted successfully!
File File not found not found.
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File File not found not found.
Registry value HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
C:\Documents and Settings\Rnady Barron\Application Data\AVG8 folder moved successfully.
C:\Documents and Settings\Rnady Barron\Desktop\jre-6u23-windows-i586.exe moved successfully.
C:\WINDOWS\Hzivanoxozoqu.dat moved successfully.
C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9 moved successfully.
C:\WINDOWS\NxQK1 moved successfully.
C:\WINDOWS\SnAF2h moved successfully.
C:\WINDOWS\sGVbix moved successfully.
C:\WINDOWS\Hvo7kUU moved successfully.
C:\WINDOWS\TOx3x5Y moved successfully.
C:\WINDOWS\k1atV moved successfully.
C:\WINDOWS\8xuuEFl moved successfully.
C:\WINDOWS\1cUWTTc4e moved successfully.
C:\WINDOWS\WXtYjgGvWB moved successfully.
C:\WINDOWS\tNbbFn moved successfully.
C:\WINDOWS\hkwRCVmf3P moved successfully.
C:\WINDOWS\GcCSso moved successfully.
C:\WINDOWS\gUu2n5 moved successfully.
C:\WINDOWS\r7WdPkmtN moved successfully.
C:\WINDOWS\7TtKhaDt2e moved successfully.
C:\WINDOWS\1euCH41Y2 moved successfully.
C:\WINDOWS\XJ5lf4C moved successfully.
C:\WINDOWS\pyxFWS2S moved successfully.
C:\WINDOWS\VQJPHi moved successfully.
C:\WINDOWS\qRgYu374 moved successfully.
C:\WINDOWS\oHjigD3tfi moved successfully.
C:\WINDOWS\Gniqh2 moved successfully.
C:\WINDOWS\eDFchX7Gu moved successfully.
C:\WINDOWS\dTU6n3qcO moved successfully.
C:\WINDOWS\7msMUWiACu moved successfully.
C:\WINDOWS\FtuUKI7tLO moved successfully.
C:\WINDOWS\8UHe2P moved successfully.
C:\WINDOWS\74eKv moved successfully.
C:\WINDOWS\1fQKO moved successfully.
C:\WINDOWS\VfboROYGFY moved successfully.
C:\WINDOWS\oemKQGlTS moved successfully.
C:\WINDOWS\eVOOvF moved successfully.
C:\WINDOWS\wkxxch3S moved successfully.
C:\WINDOWS\tfHvVM moved successfully.
C:\WINDOWS\l2X358N moved successfully.
C:\WINDOWS\2Qvsv moved successfully.
C:\WINDOWS\RCLHfsoVKo moved successfully.
C:\WINDOWS\DGweBm moved successfully.
C:\WINDOWS\CVkCg6GGje moved successfully.
C:\WINDOWS\5hJOk1N moved successfully.
C:\WINDOWS\3tvJyeq moved successfully.
C:\WINDOWS\Y4uGYpB moved successfully.
C:\WINDOWS\nJtf64j moved successfully.
C:\WINDOWS\dWmqNQboc moved successfully.
C:\WINDOWS\ABrHyOQF moved successfully.
C:\WINDOWS\1Vi1Y22E moved successfully.
C:\WINDOWS\SL4Gxd moved successfully.
C:\WINDOWS\dVgu63 moved successfully.
C:\WINDOWS\bnGVMejdQS moved successfully.
C:\WINDOWS\5pmmsMdNFo moved successfully.
C:\WINDOWS\WtQPnivy6 moved successfully.
C:\WINDOWS\sXQAwehfl moved successfully.
C:\WINDOWS\csaYl7Vra4 moved successfully.
C:\WINDOWS\Sg8JQhcb moved successfully.
C:\WINDOWS\hwvfAj moved successfully.
C:\WINDOWS\GJX5lU7 moved successfully.
C:\WINDOWS\uhbYm moved successfully.
C:\WINDOWS\pA8P1O moved successfully.
C:\WINDOWS\VQjKpNoC moved successfully.
C:\WINDOWS\Mv8FNpV2hK moved successfully.
C:\WINDOWS\Iul4M moved successfully.
C:\WINDOWS\GDfBH3qm moved successfully.
C:\WINDOWS\aPGWPE moved successfully.
C:\WINDOWS\mrq5K4P moved successfully.
C:\WINDOWS\4IWYB moved successfully.
C:\WINDOWS\mYDaRfcd moved successfully.
C:\WINDOWS\lnE1ok7SVo moved successfully.
C:\WINDOWS\T8X7Pr8 moved successfully.
C:\WINDOWS\OmW4hGUmrl moved successfully.
C:\WINDOWS\bMgNPtp6 moved successfully.
C:\WINDOWS\W2CS2 moved successfully.
C:\WINDOWS\a1PWcH moved successfully.
C:\WINDOWS\8nngEoL moved successfully.
C:\WINDOWS\system32\dll moved successfully.
C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\prvlcl.dat moved successfully.
C:\WINDOWS\system32\0093CE428B.sys moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Rnady Barron\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Rnady Barron\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: drivers

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3864 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Temp folder emptied: 75655 bytes
->Temporary Internet Files folder emptied: 1216422 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59100758 bytes
->Flash cache emptied: 2190 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132232 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: drivers

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02042011_211833

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

Registry entries deleted on Reboot...

#162
SweetTech

Posted 04 February 2011 - 08:30 PM

Sir SpamAlot

Retired Staff
7,671 posts

Please post a fresh OTL log for me to review. Do you remember what the MBAM scan earlier found?

#163
rupertdigby

Posted 04 February 2011 - 08:35 PM

Member

Topic Starter
Member
113 posts

wasn't my last post the newest otl log? i did not adjust any settings on the otl when i reopened it last. malware showed nothing infected.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service LiveUpdate Notice Ex stopped successfully!
Service LiveUpdate Notice Ex deleted successfully!
File File not found not found.
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File File not found not found.
Registry value HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
C:\Documents and Settings\Rnady Barron\Application Data\AVG8 folder moved successfully.
C:\Documents and Settings\Rnady Barron\Desktop\jre-6u23-windows-i586.exe moved successfully.
C:\WINDOWS\Hzivanoxozoqu.dat moved successfully.
C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9 moved successfully.
C:\WINDOWS\NxQK1 moved successfully.
C:\WINDOWS\SnAF2h moved successfully.
C:\WINDOWS\sGVbix moved successfully.
C:\WINDOWS\Hvo7kUU moved successfully.
C:\WINDOWS\TOx3x5Y moved successfully.
C:\WINDOWS\k1atV moved successfully.
C:\WINDOWS\8xuuEFl moved successfully.
C:\WINDOWS\1cUWTTc4e moved successfully.
C:\WINDOWS\WXtYjgGvWB moved successfully.
C:\WINDOWS\tNbbFn moved successfully.
C:\WINDOWS\hkwRCVmf3P moved successfully.
C:\WINDOWS\GcCSso moved successfully.
C:\WINDOWS\gUu2n5 moved successfully.
C:\WINDOWS\r7WdPkmtN moved successfully.
C:\WINDOWS\7TtKhaDt2e moved successfully.
C:\WINDOWS\1euCH41Y2 moved successfully.
C:\WINDOWS\XJ5lf4C moved successfully.
C:\WINDOWS\pyxFWS2S moved successfully.
C:\WINDOWS\VQJPHi moved successfully.
C:\WINDOWS\qRgYu374 moved successfully.
C:\WINDOWS\oHjigD3tfi moved successfully.
C:\WINDOWS\Gniqh2 moved successfully.
C:\WINDOWS\eDFchX7Gu moved successfully.
C:\WINDOWS\dTU6n3qcO moved successfully.
C:\WINDOWS\7msMUWiACu moved successfully.
C:\WINDOWS\FtuUKI7tLO moved successfully.
C:\WINDOWS\8UHe2P moved successfully.
C:\WINDOWS\74eKv moved successfully.
C:\WINDOWS\1fQKO moved successfully.
C:\WINDOWS\VfboROYGFY moved successfully.
C:\WINDOWS\oemKQGlTS moved successfully.
C:\WINDOWS\eVOOvF moved successfully.
C:\WINDOWS\wkxxch3S moved successfully.
C:\WINDOWS\tfHvVM moved successfully.
C:\WINDOWS\l2X358N moved successfully.
C:\WINDOWS\2Qvsv moved successfully.
C:\WINDOWS\RCLHfsoVKo moved successfully.
C:\WINDOWS\DGweBm moved successfully.
C:\WINDOWS\CVkCg6GGje moved successfully.
C:\WINDOWS\5hJOk1N moved successfully.
C:\WINDOWS\3tvJyeq moved successfully.
C:\WINDOWS\Y4uGYpB moved successfully.
C:\WINDOWS\nJtf64j moved successfully.
C:\WINDOWS\dWmqNQboc moved successfully.
C:\WINDOWS\ABrHyOQF moved successfully.
C:\WINDOWS\1Vi1Y22E moved successfully.
C:\WINDOWS\SL4Gxd moved successfully.
C:\WINDOWS\dVgu63 moved successfully.
C:\WINDOWS\bnGVMejdQS moved successfully.
C:\WINDOWS\5pmmsMdNFo moved successfully.
C:\WINDOWS\WtQPnivy6 moved successfully.
C:\WINDOWS\sXQAwehfl moved successfully.
C:\WINDOWS\csaYl7Vra4 moved successfully.
C:\WINDOWS\Sg8JQhcb moved successfully.
C:\WINDOWS\hwvfAj moved successfully.
C:\WINDOWS\GJX5lU7 moved successfully.
C:\WINDOWS\uhbYm moved successfully.
C:\WINDOWS\pA8P1O moved successfully.
C:\WINDOWS\VQjKpNoC moved successfully.
C:\WINDOWS\Mv8FNpV2hK moved successfully.
C:\WINDOWS\Iul4M moved successfully.
C:\WINDOWS\GDfBH3qm moved successfully.
C:\WINDOWS\aPGWPE moved successfully.
C:\WINDOWS\mrq5K4P moved successfully.
C:\WINDOWS\4IWYB moved successfully.
C:\WINDOWS\mYDaRfcd moved successfully.
C:\WINDOWS\lnE1ok7SVo moved successfully.
C:\WINDOWS\T8X7Pr8 moved successfully.
C:\WINDOWS\OmW4hGUmrl moved successfully.
C:\WINDOWS\bMgNPtp6 moved successfully.
C:\WINDOWS\W2CS2 moved successfully.
C:\WINDOWS\a1PWcH moved successfully.
C:\WINDOWS\8nngEoL moved successfully.
C:\WINDOWS\system32\dll moved successfully.
C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\prvlcl.dat moved successfully.
C:\WINDOWS\system32\0093CE428B.sys moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Rnady Barron\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Rnady Barron\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: drivers

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3864 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Temp folder emptied: 75655 bytes
->Temporary Internet Files folder emptied: 1216422 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59100758 bytes
->Flash cache emptied: 2190 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132232 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: drivers

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02042011_211833

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

Registry entries deleted on Reboot...

#164
SweetTech

Posted 04 February 2011 - 08:39 PM

Sir SpamAlot

Retired Staff
7,671 posts

Sorry, I meant to ask that you post a new OTL log. I want to ensure that none of those entries respawned.

Can you just open up OTL and click on Quick Scan and post that log for me.

#165
rupertdigby

Posted 04 February 2011 - 08:56 PM

Member

Topic Starter
Member
113 posts

OTL logfile created on: 2/4/2011 9:49:05 PM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Rnady Barron\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 432.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 45.13 Gb Free Space | 65.94% Space Free | Partition Type: NTFS

Computer Name: D35W7X91 | User Name: Rnady Barron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.charter.net/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 22:20:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/03 22:48:06 | 000,000,000 | ---D | M]

[2008/12/16 13:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Extensions
[2011/02/04 21:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions
[2010/06/30 14:05:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 23:50:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/02/04 20:20:00 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\[email protected]
[2011/02/02 23:50:37 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\[email protected]
[2011/02/04 21:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 22:14:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/03 23:11:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/28 08:51:50 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/03 23:10:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/01/20 20:07:12 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/02/04 21:18:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194310281453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 20:37:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe
[2011/02/03 23:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/03 22:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/03 22:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Temp
[2011/02/03 22:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/03 19:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/03 19:10:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/03 15:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LeapFrog Connect
[2011/02/03 15:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/02/03 15:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/03 15:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2011/02/03 15:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\log
[2011/02/02 22:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/02/02 22:59:15 | 000,114,952 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/02/02 22:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/02/02 21:51:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/02 21:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/02 20:55:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/02 17:59:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/02 17:59:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/02 17:59:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/02 17:59:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/02 17:48:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/02 17:04:34 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/02/02 17:04:33 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/02/02 17:04:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/02/02 17:04:32 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/02/02 17:04:31 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/02/02 17:04:30 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/02/02 17:04:29 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/02/02 17:04:28 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/02/02 17:04:23 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/02/02 17:04:22 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/02/02 17:04:21 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/02/02 17:04:20 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/02/02 17:04:19 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/02/02 17:04:18 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/02/02 17:04:18 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/02/02 17:04:17 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/02/02 17:04:16 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/02/02 17:04:16 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/02/02 17:03:59 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/02/02 17:03:55 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/02/02 17:03:55 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/02/02 17:03:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/02/02 17:03:53 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/02/02 17:03:52 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/02/02 17:03:51 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/02/02 17:03:51 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/02/02 17:01:02 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/02/02 17:00:54 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/02/02 17:00:38 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/02/02 17:00:33 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/02/02 17:00:32 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/02/02 17:00:32 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/02/02 17:00:31 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/02/02 17:00:29 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/02/02 17:00:26 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/02/02 17:00:25 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/02/02 17:00:22 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/02/02 17:00:21 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/02/02 17:00:21 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/01/29 10:25:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\IECompatCache
[2011/01/28 17:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\GooredFix Backups
[2011/01/28 17:38:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/28 17:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/28 17:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\repairs
[2011/01/28 13:12:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\PrivacIE
[2011/01/28 10:19:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\IETldCache
[2011/01/28 10:11:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/01/28 10:07:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/26 13:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\DriverCure
[2011/01/26 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\ParetoLogic
[2011/01/26 13:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/26 10:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/26 10:58:29 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/26 10:58:29 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/26 10:58:27 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/26 10:58:26 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/26 10:58:26 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/26 10:58:26 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/26 10:58:25 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/26 10:58:05 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/26 10:58:04 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/21 12:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\FixCleaner
[2011/01/21 12:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/01/20 20:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/01/20 17:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/20 17:04:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/01/20 16:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/01/20 16:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/01/20 13:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/20 13:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/01/20 13:37:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\Application Data\Desktop
[2011/01/20 12:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\My Documents\Computer Repairs
[2011/01/12 21:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/01/12 21:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
[2011/01/12 21:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA

========== Files - Modified Within 30 Days ==========

[2011/02/04 21:24:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/04 21:21:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/04 21:20:56 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/04 21:20:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 21:18:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/04 20:47:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rnady Barron\Desktop\OTL.exe
[2011/02/03 22:01:50 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/03 21:05:10 | 000,879,047 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\SecurityCheck.exe
[2011/02/03 19:34:45 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\esetsmartinstaller_enu.exe
[2011/02/03 17:29:58 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\Payment Info.doc
[2011/02/03 15:21:45 | 000,447,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/03 15:21:45 | 000,074,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/03 15:21:35 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2011/02/02 22:22:00 | 001,191,584 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\KeyScrambler_Setup.exe
[2011/02/02 20:55:25 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/02 20:50:54 | 004,263,406 | R--- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\ComboFix.exe
[2011/02/02 15:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/28 22:12:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/28 17:39:02 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Rnady Barron\NTUSER.bak
[2011/01/26 10:58:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/20 23:17:43 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/20 21:22:29 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/20 17:47:00 | 000,609,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/18 09:58:06 | 000,000,000 | RH-- | M] () -- C:\2332b25bnet
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 21:55:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PIXELA ImageMixer Ver.1.0 for Sony.lnk
[2011/01/05 23:05:09 | 000,067,834 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\leonard gutters.pdf

========== Files Created - No Company Name ==========

[2011/02/03 22:01:50 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/03 22:01:49 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/03 21:05:18 | 000,879,047 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\SecurityCheck.exe
[2011/02/03 19:34:07 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\esetsmartinstaller_enu.exe
[2011/02/03 15:21:35 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2011/02/02 22:23:20 | 001,191,584 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\KeyScrambler_Setup.exe
[2011/02/02 20:55:24 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/02 20:55:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/02 20:51:18 | 004,263,406 | R--- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\ComboFix.exe
[2011/02/02 19:45:35 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\Microsoft Office Word 2003.lnk
[2011/02/02 19:45:35 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\Microsoft Office Excel 2003.lnk
[2011/02/02 19:45:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\My Computer.lnk
[2011/02/02 17:59:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/02 17:59:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/02 17:59:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/02 17:59:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/02 17:59:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/02 17:02:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/02/02 17:02:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/02/02 17:02:31 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/02/02 17:02:30 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/02/02 17:02:29 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/02/02 17:02:29 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/02/02 17:02:28 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/02/02 17:02:28 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/02/02 17:02:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/02/02 17:02:21 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/01/31 16:59:35 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/28 17:28:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Rnady Barron\NTUSER.tmp.LOG
[2011/01/20 17:46:46 | 000,609,566 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/18 09:58:06 | 000,000,000 | RH-- | C] () -- C:\2332b25bnet
[2011/01/12 21:55:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PIXELA ImageMixer Ver.1.0 for Sony.lnk
[2011/01/12 21:52:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/01/05 23:05:07 | 000,067,834 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\leonard gutters.pdf
[2009/10/26 13:28:13 | 000,011,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/08/30 09:26:46 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 11:59:56 | 000,000,183 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2009/04/15 17:48:24 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/08 17:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/09 10:17:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/09 06:38:17 | 000,037,084 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/02/23 18:18:55 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/12 10:53:05 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/07/30 22:10:27 | 000,162,286 | ---- | C] () -- C:\Program Files\Porter Paints.QIF
[2006/07/30 13:16:20 | 000,000,880 | ---- | C] () -- C:\Program Files\cash.QIF
[2006/06/25 22:14:04 | 000,134,464 | ---- | C] () -- C:\Program Files\Homedepot
[2006/05/30 20:20:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\PFP120JPR.{PB
[2006/05/30 20:20:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\PFP120JCM.{PB
[2006/05/15 22:23:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/05/15 22:05:23 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8B42CE9300.sys
[2006/05/15 22:05:14 | 000,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/08 22:27:49 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/05/05 15:09:47 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/05 14:35:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 13:38:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/03 15:27:38 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\fusioncache.dat
[2006/04/27 13:38:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/27 13:26:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/27 13:20:59 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/27 12:55:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/27 12:54:54 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/01/26 10:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/02/02 18:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/04/17 17:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/04/15 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiWired
[2008/08/27 22:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/02/03 15:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/01/26 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/02/19 16:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/20 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/09 10:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tkvsporq
[2007/10/07 09:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/30 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2011/01/20 22:03:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Desktop
[2011/01/26 13:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\DriverCure
[2011/01/29 12:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\FixCleaner
[2009/02/09 20:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2010/02/15 10:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\GetRightToGo
[2008/08/27 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\HotSync
[2008/12/30 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Leadertech
[2011/01/26 13:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\ParetoLogic
[2009/02/25 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Uniblue
[2007/10/07 09:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Viewpoint
[2011/02/04 21:24:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >