Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyWebSearch, DoubleD, other infections


  • This topic is locked This topic is locked

#1
hanc18

hanc18

    New Member

  • Member
  • Pip
  • 8 posts
I have some malware infections (not sure of the source; I run Norton 360 but am concerned it was bypassed or disabled, as I ran scans and it didn't pick up anything).

Symptoms:
  • Computer runs slow
  • Active desktop won't stay up; disappears
  • Every time on startup, the computer displays an error message saying AOL needs to be reinstalled. Have tried reinstalling AOL; no change.
  • Desktop icons rearrange themselves
  • Computer crashed frequently (seems to be fixed at least for now)
  • I occasionally get "Norton blocked an attack" messages.
What I've done to fix it thus far:
  • Downloaded and ran Malwarebytes; it found a lot of infections; I had it get rid of everything it found. At this point, scans come up clean. (Note: I have the paid version of Malwarebytes, but its realtime features are disabled, so it shouldn't be conflicting with Norton.)
  • I then downloaded SuperAntiSpyware and cleaned out some more things with it. However, scans from SAS still show traces of MyWebSearch, MyWebSearch/FunWebProducts, DoubleD, and also shows Disabled.SecurityCenterOption

Below is my OTL log. Thank you in advance for all your help!

OTL logfile created on: 2/28/2011 12:24:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\steve\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.18 Gb Total Space | 81.10 Gb Free Space | 55.86% Space Free | Partition Type: NTFS

Computer Name: DJL209C1 | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 12:22:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
PRC - [2011/02/28 12:08:38 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/13 05:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\waol.exe
PRC - [2011/01/13 05:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\shellmon.exe
PRC - [2010/12/22 15:21:14 | 000,144,712 | ---- | M] (AOL Inc.) -- c:\Program Files\AOL Toolbar\aoltbServer.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/10/21 09:34:28 | 000,248,328 | ---- | M] (AOL., (www.aol.com)) -- C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/07/23 10:50:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/07/23 10:50:46 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/20 13:34:30 | 012,026,216 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2010/03/08 01:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1166754925\ee\aolsoftware.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/02/12 17:07:32 | 005,933,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/08/01 14:25:01 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/06/27 23:58:20 | 002,256,896 | ---- | M] (SourceForge.net) -- C:\Program Files\Password Safe\pwsafe.exe
PRC - [2008/09/05 13:55:58 | 000,894,192 | ---- | M] (AT&T Inc.) -- C:\Program Files\Interwise\Participant\pull.exe
PRC - [2008/04/28 05:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 07:12:16 | 001,130,496 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe
PRC - [2008/02/05 14:29:20 | 000,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2008/01/22 10:17:30 | 000,888,832 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe
PRC - [2007/12/05 09:22:02 | 000,290,816 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe
PRC - [2007/11/27 19:27:13 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/11/16 14:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/05/04 12:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007/04/30 16:53:48 | 000,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/18 14:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006/08/14 14:20:26 | 000,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/01 21:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/03/01 20:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/01/17 13:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/11/08 05:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/10/14 11:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/25 01:40:00 | 000,450,560 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/05/25 01:40:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2003/12/10 03:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC LightSpeed Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 12:22:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
MOD - [2010/09/20 13:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2007/04/30 16:53:48 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\steve\Local Settings\Temp\IadHide5.dll
MOD - [2005/11/08 05:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2005/05/25 01:40:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2004/04/16 09:04:58 | 000,126,976 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC LightSpeed Self Support Tool\SmartBridge\SBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (CVPND)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/21 09:34:28 | 000,248,328 | ---- | M] (AOL., (www.aol.com)) [Auto | Running] -- C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe -- (AOLDiskOptimizer)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/16 16:04:42 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110228.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 16:04:41 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110228.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/22 20:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/08 18:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110225.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 21:27:05 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/09 00:35:38 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 18:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/14 21:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/07/07 23:32:12 | 000,012,800 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEAudioL.sys -- (aeaudiol) AE USB Audio Driver-Lower (WDM)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/11/27 19:27:16 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/03/15 10:18:12 | 010,198,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006/02/14 23:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/08 05:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/11/08 05:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 05:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 05:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 05:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 05:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 16:35:56 | 000,305,739 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/07/13 02:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/05/20 14:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 14:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 14:01:00 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/26 04:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/27 12:32:02 | 000,146,888 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?ncid=toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 9C 12 FB D9 31 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {b9b97401-98e1-4942-930d-c36652dab7f2} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://aolsearch.aol...archbox&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011/02/15 19:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/08/01 14:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 16:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/09 00:36:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 20:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/21 23:47:21 | 000,000,000 | ---D | M]

[2010/08/01 19:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions
[2009/11/27 19:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions\[email protected]
[2010/12/05 11:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\extensions
[2010/11/25 10:42:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/05 11:14:51 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/02/21 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/21 23:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/09 00:36:42 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/05/25 16:16:08 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
File not found (No name found) -- C:\PROGRAM FILES\INTERNET SAVING OPTIMIZER\3.4.0.4340\FF
[2008/12/19 17:25:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MEDIA ACCESS STARTUP\1.5.0.850\FF
[2011/02/15 19:20:20 | 000,000,000 | ---D | M] (*xg.dll) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/01 07:52:43 | 000,024,576 | ---- | M] (My Web Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrWB.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Freecause Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (no name) - {b9b97401-98e1-4942-930d-c36652dab7f2} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166754925\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Nuance.ctfmngr] C:\Program Files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [aoddbrek] File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6b\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [NortonUpdateAgent] File not found
O4 - HKCU..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL Inc.)
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} http://wdownload.wea...ransporter.cab? (Reg Error: Key error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.75,85.255.112.95
O18 - Protocol\Handler\bw+0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\offline-8876480 {7842CE64-DE65-4814-88EC-F4F6EC1F99FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0162b611-9456-11db-a2eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0162b611-9456-11db-a2eb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0162b611-9456-11db-a2eb-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 12:22:48 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
[2011/02/28 10:44:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/02/25 15:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/02/25 14:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Tami
[2011/02/24 10:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/24 10:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/21 23:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/21 16:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Glop
[2011/02/18 11:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\2011-02-17FlagTechSocialBenefits-Notes
[2011/02/16 18:30:47 | 000,013,832 | ---- | C] (AOL., (www.aol.com)) -- C:\WINDOWS\System32\roboot.exe
[2011/02/16 18:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AOL Computer Checkup
[2011/02/16 18:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Computer Checkup
[2011/02/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\SUPERAntiSpyware.com
[2011/02/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/15 15:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/15 15:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/15 13:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2011/02/14 13:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\Malwarebytes
[2011/02/14 13:22:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/14 13:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/14 13:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/14 13:22:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/14 13:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/14 13:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Flag
[2011/02/14 11:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.6b
[2011/02/11 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\emaillogo
[2011/02/11 07:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\flagtechinvoiceDecemberthroughJanuaryconsulting
[2011/02/06 10:09:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/02/04 22:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\tjnet
[2011/02/04 19:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\magicJack
[2011/02/04 19:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/02/04 19:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\mjusbsp
[2011/01/29 15:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/01/29 15:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.6a
[2011/01/29 15:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2009/12/18 18:17:21 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/12/18 18:17:21 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/18 18:17:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/12/18 18:17:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2006/12/19 03:14:04 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/12/19 03:09:18 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\steve\Desktop\*.tmp files -> C:\Documents and Settings\steve\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/28 12:26:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/02/28 12:22:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
[2011/02/28 11:51:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{00ADAF14-7C81-40C3-AD55-1DBC7576028B}.job
[2011/02/28 11:50:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/28 11:30:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3169265928-3499252812-404044738-1006UA.job
[2011/02/28 10:52:30 | 000,072,851 | ---- | M] () -- C:\VETlog.dmp
[2011/02/28 10:49:15 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/28 10:48:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/28 10:48:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/28 10:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/28 10:35:47 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2011/02/27 19:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3169265928-3499252812-404044738-1006Core.job
[2011/02/27 13:27:13 | 000,002,954 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\SAS7_000.DAT
[2011/02/24 13:56:17 | 000,025,615 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\195199BC.pdf
[2011/02/24 10:56:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/24 08:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/22 13:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/02/21 22:52:20 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/02/21 22:52:20 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\FB45830514.sys
[2011/02/21 22:46:40 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 16:15:53 | 005,429,985 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Glop.zip
[2011/02/21 12:20:54 | 000,022,151 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\195199BC.pdf
[2011/02/20 12:11:17 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/20 12:11:17 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/20 12:11:17 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/02/20 12:11:17 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/20 12:11:17 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/18 18:44:31 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/18 18:44:31 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/18 13:43:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/18 13:40:23 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/18 11:32:35 | 000,018,535 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\FlagTechsocialbenefits[1]_cwedits.rtf
[2011/02/18 11:29:01 | 000,010,319 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\2011-02-17FlagTechSocialBenefits-Notes.zip
[2011/02/18 11:12:41 | 000,017,611 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\NewCards_newblue.pdf
[2011/02/16 19:19:38 | 000,002,576 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/02/16 18:41:46 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Computer Checkup.lnk
[2011/02/16 18:41:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Computer Checkup.lnk
[2011/02/15 15:11:59 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/15 13:38:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/15 09:46:07 | 000,031,085 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\BKD-736931636.pdf
[2011/02/15 09:25:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/14 18:09:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/14 12:16:26 | 000,016,309 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\NewCards_blue.pdf
[2011/02/14 11:24:49 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6.lnk
[2011/02/14 11:24:49 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2011/02/11 15:30:32 | 000,031,310 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\emaillogo.zip
[2011/02/11 12:44:57 | 000,018,527 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\NewCards.pdf
[2011/02/11 11:15:07 | 000,404,493 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\scan0001.pdf
[2011/02/11 07:34:24 | 000,026,539 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\flagtechinvoiceDecemberthroughJanuaryconsulting.zip
[2011/02/09 16:53:15 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2011/02/05 18:08:08 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/02/04 22:28:50 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\magicJack.lnk
[2011/01/29 19:17:37 | 000,009,495 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\helping Tami.rtf
[2011/01/29 15:08:51 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\WINDOWS\System32\AOLParconLink.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\steve\Desktop\*.tmp files -> C:\Documents and Settings\steve\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/24 13:56:17 | 000,025,615 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\195199BC.pdf
[2011/02/24 10:56:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/21 16:15:34 | 005,429,985 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Glop.zip
[2011/02/21 12:20:54 | 000,022,151 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\195199BC.pdf
[2011/02/18 11:29:00 | 000,010,319 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\2011-02-17FlagTechSocialBenefits-Notes.zip
[2011/02/18 11:12:40 | 000,017,611 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\NewCards_newblue.pdf
[2011/02/17 09:35:27 | 000,018,535 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\FlagTechsocialbenefits[1]_cwedits.rtf
[2011/02/16 19:14:47 | 000,002,576 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/02/16 18:30:42 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Computer Checkup.lnk
[2011/02/16 18:30:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Computer Checkup.lnk
[2011/02/15 15:11:59 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/15 09:46:07 | 000,031,085 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\BKD-736931636.pdf
[2011/02/14 13:22:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/14 12:16:26 | 000,016,309 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\NewCards_blue.pdf
[2011/02/11 15:30:32 | 000,031,310 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\emaillogo.zip
[2011/02/11 12:44:56 | 000,018,527 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\NewCards.pdf
[2011/02/11 11:15:04 | 000,404,493 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\scan0001.pdf
[2011/02/11 07:34:24 | 000,026,539 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\flagtechinvoiceDecemberthroughJanuaryconsulting.zip
[2011/02/09 16:53:15 | 000,010,920 | ---- | C] () -- C:\aolconnfix.exe
[2011/02/04 19:53:00 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\steve\Start Menu\Programs\magicJack.lnk
[2011/02/04 19:52:55 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\magicJack.lnk
[2011/01/29 18:54:54 | 000,009,495 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\helping Tami.rtf
[2011/01/04 17:16:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/20 17:09:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/10 23:40:10 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/18 18:17:27 | 000,843,776 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/12/18 18:17:25 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/11/26 11:41:35 | 000,072,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/08 14:43:43 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/29 22:37:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/04/08 22:06:54 | 000,000,185 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2009/03/24 16:42:33 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 19:07:14 | 000,000,046 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/24 15:43:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/12/24 15:43:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/12/24 15:43:24 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/12/24 15:43:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/12/24 15:43:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/12/24 15:43:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/12/24 15:43:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/12/24 15:43:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/12/24 15:43:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/12/24 15:43:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/12/24 15:43:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/12/24 15:43:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/12/24 15:43:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/12/24 15:43:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/12/24 15:43:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/24 15:43:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/04/22 14:51:46 | 000,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2008/01/02 21:03:30 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/11/09 18:11:36 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/11/09 18:11:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\FB45830514.sys
[2007/09/26 20:21:48 | 000,959,575 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\hanc18.zip
[2007/08/19 18:40:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/19 18:37:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/01 11:05:02 | 000,001,345 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/03 16:46:42 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\dvd.bmk
[2007/04/30 16:53:49 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2007/03/11 16:55:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\wklnhst.dat
[2007/03/11 16:22:51 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/18 11:05:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\fusioncache.dat
[2006/12/25 13:53:25 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/21 23:01:21 | 000,002,954 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\SAS7_000.DAT
[2006/12/21 22:40:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/12/21 20:32:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/19 03:44:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/19 03:38:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/19 03:34:37 | 000,009,159 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/12/19 03:30:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/19 03:14:04 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/12/19 03:14:03 | 000,366,255 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/12/19 03:14:03 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/12/19 03:09:19 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/12/19 03:09:19 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/12/19 03:09:19 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/12/19 03:09:19 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/12/19 03:09:18 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/12/19 03:09:18 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/12/19 03:09:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/12/19 03:09:18 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/12/19 03:09:18 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/12/19 03:09:17 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/12/19 03:08:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/19 03:08:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/19 03:07:16 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/25 05:24:22 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS3L3.DLL
[2005/01/19 14:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\Pspwma.ini
[2004/09/23 13:31:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\Pspmp3.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/05/03 07:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini
[1999/11/05 08:42:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[1999/10/08 12:58:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[1998/12/11 10:55:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[1998/08/10 13:04:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[1998/08/10 13:04:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[1998/08/10 13:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[1998/08/10 13:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[1998/08/10 13:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[1998/08/10 13:02:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[1998/08/10 13:02:00 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[1998/08/10 13:02:00 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\PSPDSS.INI
[1998/08/10 13:02:00 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini

========== LOP Check ==========

[2007/09/26 18:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2010/10/02 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kinnor Software
[2011/02/04 19:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2008/12/30 19:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/11/25 20:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/09/25 17:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/03/04 22:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/08/01 14:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/03/18 08:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/02/28 10:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/08 18:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/19 03:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/12 08:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 17:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/27 21:00:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{732BD52C-2B24-4AF1-8509-89A619EC2006}
[2009/09/10 09:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 17:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/16 18:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Chessmaster Challenge
[2010/05/02 10:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\FCTB000061107
[2010/08/22 10:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\GARMIN
[2009/03/05 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Interwise
[2007/05/26 22:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Leadertech
[2011/02/04 22:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\mjusbsp
[2007/04/30 16:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Musicmatch
[2010/09/25 17:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Nuance
[2008/12/24 21:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Panasonic
[2009/11/27 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Scribd
[2008/04/18 21:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\StumbleUpon
[2009/01/11 19:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Uniblue
[2007/02/08 18:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Viewpoint
[2011/02/28 10:48:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/02/22 13:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/08/06 12:16:52 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2011/02/28 11:51:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{00ADAF14-7C81-40C3-AD55-1DBC7576028B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - could you tell me what your current problems are please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
    File not found (No name found) -- C:\PROGRAM FILES\INTERNET SAVING OPTIMIZER\3.4.0.4340\FF
    [2011/02/15 19:20:20 | 000,000,000 | ---D | M] (*xg.dll) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE
    O2 - BHO: (no name) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - No CLSID value found.
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Freecause Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (no name) - {b9b97401-98e1-4942-930d-c36652dab7f2} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - 8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O4 - HKCU..\Run: [aoddbrek] File not found
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.75,85.255.112.95
    [2011/02/16 18:30:47 | 000,013,832 | ---- | C] (AOL., (www.aol.com)) -- C:\WINDOWS\System32\roboot.exe

    :Files
    ipconfig /flushdns /c
    C:\PROGRAM FILES\INTERNET SAVING OPTIMIZER
    C:\PROGRAM FILES\RELEVANTKNOWLEDGE
    C:\Program Files\AddThis Toolbar
    C:\Program Files\ConduitEngine
    C:\Program Files\Common Files\Homepage Protection

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#5
hanc18

hanc18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you very much! I have run the fix you suggested. Below is my new OTL log.

I have just run the fix, so can update later as to what problems the computer is still having if anything changes. For now, the list is as follows. The AOL and Active Desktop issues are definitely still present. As for crashing, it hasn't yet ... we'll see what happens.

I don't know for certain what's related to malware and what is not - all these issues have appeared since malware got on my system but I don't know for sure whether there's a causal relationship in all cases.

1. Every time I reboot the computer, I get this error message:

The AOL Software cannot start up correctly. Please try again, restart your computer, or reinstall the software.
Error starting: ee://aol/FrontierApp
Error code: 1



I've reinstalled/updated multiple times, and I still always get this message on startup.

2. The computer is running very slow.

3. The computer has a tendency to freeze up entirely, won't respond to command to shut down.

4. The active desktop has been replaced by a white screen with an error message. When I press the button to restore the desktop, I get this message:

An error has occurred in the script on this page.
Line: 65
Char: 1
Error: Object doesn't support this action
File:///C:/Documents%20and%20Settings/steve/Application%20Data/Microsoft/Internet%20Explorer/Desktop.htt
Do you want to continue running scripts on this page?


Whether I click yes or no, nothing appears to happen.

5. Norton keeps telling me it blocked attacks. While blocked is good, I wonder how much is getting through; I don't recall getting this many alerts in the past. Some of the most frequent blocked attacks/addresses have been as follows: m01n83kjf7.com, DJL209C1, 62.122.73.54, 69.50.202.28 ... also a lot of "Unauthorized Access Blocked" messages.

6. Desktop Icons have a tendency to move from where I put them. Haven't noticed this issue since the fix yet.

Thank you again so much for all of your help! New OTL log:

OTL logfile created on: 3/8/2011 10:54:12 AM - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\steve\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.18 Gb Total Space | 88.73 Gb Free Space | 61.12% Space Free | Partition Type: NTFS
Drive D: | 1.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DJL209C1 | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 12:22:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
PRC - [2011/02/28 12:08:38 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/13 05:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\waol.exe
PRC - [2011/01/13 05:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\shellmon.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/10/21 09:34:28 | 000,248,328 | ---- | M] (AOL., (www.aol.com)) -- C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/07/23 10:50:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/05/20 13:34:30 | 012,026,216 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2010/03/08 01:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1166754925\ee\aolsoftware.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/02/12 17:07:32 | 005,933,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/08/01 14:25:01 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/06/27 23:58:20 | 002,256,896 | ---- | M] (SourceForge.net) -- C:\Program Files\Password Safe\pwsafe.exe
PRC - [2008/09/05 13:55:58 | 000,894,192 | ---- | M] (AT&T Inc.) -- C:\Program Files\Interwise\Participant\pull.exe
PRC - [2008/04/28 05:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 18:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 07:12:16 | 001,130,496 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe
PRC - [2008/01/22 10:17:30 | 000,888,832 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Andrea Electronics\AudioCommander\AudioCommander.exe
PRC - [2007/12/05 09:22:02 | 000,290,816 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Andrea Electronics\AudioCommander\AEFltrs.exe
PRC - [2007/11/27 19:27:13 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/11/16 14:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/05/04 12:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007/04/30 16:53:48 | 000,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/18 14:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006/08/14 14:20:26 | 000,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/01 21:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/03/01 20:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/01/17 13:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/11/08 05:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/12/10 03:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC LightSpeed Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 12:22:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
MOD - [2010/09/20 13:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/11 23:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/11 23:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2007/04/30 16:53:48 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\steve\Local Settings\Temp\IadHide5.dll
MOD - [2005/11/08 05:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004/04/16 09:04:58 | 000,126,976 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC LightSpeed Self Support Tool\SmartBridge\SBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (CVPND)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/21 09:34:28 | 000,248,328 | ---- | M] (AOL., (www.aol.com)) [Auto | Running] -- C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe -- (AOLDiskOptimizer)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/02/25 15:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110225.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/16 16:04:42 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110308.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 16:04:41 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110308.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/08 18:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110304.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/16 19:56:52 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/16 19:56:52 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/09 00:35:38 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 18:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/14 21:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/07/07 23:32:12 | 000,012,800 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEAudioL.sys -- (aeaudiol) AE USB Audio Driver-Lower (WDM)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/11/27 19:27:16 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/03/15 10:18:12 | 010,198,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2006/02/14 23:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/08 05:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/11/08 05:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 05:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 05:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 05:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 05:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 16:35:56 | 000,305,739 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/07/13 02:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/05/20 14:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 14:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 14:01:00 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/26 04:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/27 12:32:02 | 000,146,888 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?ncid=toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 9C 12 FB D9 31 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {b9b97401-98e1-4942-930d-c36652dab7f2} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://aolsearch.aol...archbox&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/08/01 14:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 16:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/09 00:36:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 20:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 10:53:42 | 000,000,000 | ---D | M]

[2010/08/01 19:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions
[2009/11/27 19:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions\[email protected]
[2010/12/05 11:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\extensions
[2010/11/25 10:42:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/05 11:14:51 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/02/21 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/21 23:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/09 00:36:42 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/05/25 16:16:08 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
File not found (No name found) -- C:\PROGRAM FILES\INTERNET SAVING OPTIMIZER\3.4.0.4340\FF
[2008/12/19 17:25:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MEDIA ACCESS STARTUP\1.5.0.850\FF
File not found (No name found) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/01 07:52:43 | 000,024,576 | ---- | M] (My Web Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrWB.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/03/08 10:37:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166754925\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Nuance.ctfmngr] C:\Program Files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Andrea Electronics\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6b\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [NortonUpdateAgent] File not found
O4 - HKCU..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL Inc.)
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} http://wdownload.wea...ransporter.cab? (Reg Error: Key error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\bw+0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {7842ce64-de65-4814-88ec-f4f6ec1f99fe} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\offline-8876480 {7842CE64-DE65-4814-88EC-F4F6EC1F99FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0162b611-9456-11db-a2eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0162b611-9456-11db-a2eb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0162b611-9456-11db-a2eb-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 10:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/08 10:51:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/08 10:50:53 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/03/08 10:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\WINDOWS
[2011/03/08 10:37:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/03 08:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/03 08:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/28 12:22:48 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
[2011/02/28 10:44:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/02/25 15:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/02/25 14:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Tami
[2011/02/21 23:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/21 16:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Glop
[2011/02/18 11:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\2011-02-17FlagTechSocialBenefits-Notes
[2011/02/16 18:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AOL Computer Checkup
[2011/02/16 18:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Computer Checkup
[2011/02/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\SUPERAntiSpyware.com
[2011/02/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/15 15:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/15 15:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/15 13:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2011/02/14 13:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\Malwarebytes
[2011/02/14 13:22:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/14 13:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/14 13:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/14 13:22:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/14 13:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/14 13:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Flag
[2011/02/14 11:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.6b
[2011/02/11 15:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\emaillogo
[2011/02/11 07:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\flagtechinvoiceDecemberthroughJanuaryconsulting
[2009/12/18 18:17:21 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/12/18 18:17:21 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/18 18:17:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/12/18 18:17:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2006/12/19 03:14:04 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/12/19 03:09:18 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[1 C:\Documents and Settings\steve\Desktop\*.tmp files -> C:\Documents and Settings\steve\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/08 10:55:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/08 10:53:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/08 10:50:44 | 000,071,923 | ---- | M] () -- C:\VETlog.dmp
[2011/03/08 10:48:10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{00ADAF14-7C81-40C3-AD55-1DBC7576028B}.job
[2011/03/08 10:46:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/08 10:44:44 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/08 10:44:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/03/08 10:43:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 10:42:44 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/03/08 10:42:44 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/03/08 10:42:44 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/03/08 10:42:44 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/08 10:42:44 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/08 10:37:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/08 10:30:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3169265928-3499252812-404044738-1006UA.job
[2011/03/07 19:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3169265928-3499252812-404044738-1006Core.job
[2011/03/07 10:52:57 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2011/03/06 12:26:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/03/04 13:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/03/03 20:43:22 | 000,090,430 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\_MG_6127.jpg
[2011/03/03 20:43:01 | 000,101,679 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\_MG_5910.jpg
[2011/03/03 08:47:36 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/03 08:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/02 11:57:26 | 000,026,007 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\195199BC.pdf
[2011/03/02 11:54:05 | 000,002,954 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\SAS7_000.DAT
[2011/02/28 12:22:33 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
[2011/02/21 22:52:20 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/02/21 22:52:20 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\FB45830514.sys
[2011/02/21 22:46:40 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 16:15:53 | 005,429,985 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Glop.zip
[2011/02/21 12:20:54 | 000,022,151 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\195199BC.pdf
[2011/02/18 18:44:31 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/18 18:44:31 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/18 13:43:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/18 13:40:23 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/18 11:29:01 | 000,010,319 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\2011-02-17FlagTechSocialBenefits-Notes.zip
[2011/02/18 11:12:41 | 000,017,611 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\NewCards_newblue.pdf
[2011/02/16 19:19:38 | 000,002,576 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/02/16 18:41:46 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Computer Checkup.lnk
[2011/02/16 18:41:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Computer Checkup.lnk
[2011/02/15 15:11:59 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/15 13:38:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/15 09:46:07 | 000,031,085 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\BKD-736931636.pdf
[2011/02/15 09:25:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/14 18:09:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/14 12:16:26 | 000,016,309 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\NewCards_blue.pdf
[2011/02/14 11:24:49 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6.lnk
[2011/02/14 11:24:49 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2011/02/11 15:30:32 | 000,031,310 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\emaillogo.zip
[2011/02/11 12:44:57 | 000,018,527 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\NewCards.pdf
[2011/02/11 11:15:07 | 000,404,493 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\scan0001.pdf
[2011/02/09 16:53:15 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[1 C:\Documents and Settings\steve\Desktop\*.tmp files -> C:\Documents and Settings\steve\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/08 10:52:03 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/08 10:52:03 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/03 20:43:21 | 000,090,430 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\_MG_6127.jpg
[2011/03/03 20:43:01 | 000,101,679 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\_MG_5910.jpg
[2011/03/03 08:47:36 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/24 13:56:17 | 000,026,007 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\195199BC.pdf
[2011/02/21 16:15:34 | 005,429,985 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Glop.zip
[2011/02/21 12:20:54 | 000,022,151 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\195199BC.pdf
[2011/02/18 11:29:00 | 000,010,319 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\2011-02-17FlagTechSocialBenefits-Notes.zip
[2011/02/18 11:12:40 | 000,017,611 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\NewCards_newblue.pdf
[2011/02/16 19:14:47 | 000,002,576 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/02/16 18:30:42 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Computer Checkup.lnk
[2011/02/16 18:30:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Computer Checkup.lnk
[2011/02/15 15:11:59 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/15 09:46:07 | 000,031,085 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\BKD-736931636.pdf
[2011/02/14 13:22:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/14 12:16:26 | 000,016,309 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\NewCards_blue.pdf
[2011/02/11 15:30:32 | 000,031,310 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\emaillogo.zip
[2011/02/11 12:44:56 | 000,018,527 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\NewCards.pdf
[2011/02/11 11:15:04 | 000,404,493 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\scan0001.pdf
[2011/02/09 16:53:15 | 000,010,920 | ---- | C] () -- C:\aolconnfix.exe
[2011/01/04 17:16:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/20 17:09:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/10 23:40:10 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/18 18:17:27 | 000,843,776 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2009/12/18 18:17:25 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/11/26 11:41:35 | 000,072,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/08 14:43:43 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/29 22:37:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/04/08 22:06:54 | 000,000,185 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2009/03/24 16:42:33 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 19:07:14 | 000,000,046 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/24 15:43:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/12/24 15:43:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/12/24 15:43:24 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/12/24 15:43:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/12/24 15:43:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/12/24 15:43:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/12/24 15:43:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/12/24 15:43:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/12/24 15:43:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/12/24 15:43:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/12/24 15:43:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/12/24 15:43:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/12/24 15:43:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/12/24 15:43:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/12/24 15:43:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/24 15:43:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/04/22 14:51:46 | 000,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2008/01/02 21:03:30 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/11/09 18:11:36 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/11/09 18:11:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\FB45830514.sys
[2007/09/26 20:21:48 | 000,959,575 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\hanc18.zip
[2007/08/19 18:40:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/19 18:37:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/01 11:05:02 | 000,001,345 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/03 16:46:42 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\dvd.bmk
[2007/04/30 16:53:49 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2007/03/11 16:55:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\wklnhst.dat
[2007/03/11 16:22:51 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/18 11:05:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\fusioncache.dat
[2006/12/25 13:53:25 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/21 23:01:21 | 000,002,954 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\SAS7_000.DAT
[2006/12/21 22:40:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/12/21 20:32:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/19 03:44:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/19 03:38:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/19 03:34:37 | 000,009,159 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/12/19 03:30:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/19 03:14:04 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/12/19 03:14:03 | 000,366,255 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/12/19 03:14:03 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/12/19 03:09:19 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/12/19 03:09:19 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/12/19 03:09:19 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/12/19 03:09:19 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/12/19 03:09:18 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/12/19 03:09:18 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/12/19 03:09:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/12/19 03:09:18 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/12/19 03:09:18 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/12/19 03:09:17 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/12/19 03:08:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/19 03:08:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/19 03:07:16 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/25 05:24:22 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS3L3.DLL
[2005/01/19 14:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\Pspwma.ini
[2004/09/23 13:31:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\Pspmp3.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,353,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/05/03 07:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini
[1999/11/05 08:42:36 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[1999/10/08 12:58:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[1998/12/11 10:55:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[1998/08/10 13:04:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[1998/08/10 13:04:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[1998/08/10 13:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[1998/08/10 13:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[1998/08/10 13:03:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[1998/08/10 13:02:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[1998/08/10 13:02:00 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[1998/08/10 13:02:00 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\PSPDSS.INI
[1998/08/10 13:02:00 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini

========== LOP Check ==========

[2007/09/26 18:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2010/10/02 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kinnor Software
[2011/02/04 19:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2008/12/30 19:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/11/25 20:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/09/25 17:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/03/04 22:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/08/01 14:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/03/18 08:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/03/08 03:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/08 18:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/19 03:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/12 08:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 17:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/27 21:00:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{732BD52C-2B24-4AF1-8509-89A619EC2006}
[2009/09/10 09:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 17:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/16 18:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Chessmaster Challenge
[2010/05/02 10:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\FCTB000061107
[2010/08/22 10:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\GARMIN
[2009/03/05 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Interwise
[2007/05/26 22:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Leadertech
[2011/02/04 22:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\mjusbsp
[2007/04/30 16:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Musicmatch
[2010/09/25 17:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Nuance
[2008/12/24 21:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Panasonic
[2009/11/27 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Scribd
[2008/04/18 21:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\StumbleUpon
[2009/01/11 19:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Uniblue
[2007/02/08 18:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Viewpoint
[2011/03/08 10:44:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/03/04 13:16:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/08/06 12:16:52 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2011/03/08 10:48:10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{00ADAF14-7C81-40C3-AD55-1DBC7576028B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm methinks I will need a stronger tool this time around

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
hanc18

hanc18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks - I ran combofix, and the log is below. One note: I disabled Norton, but I did have it set to re-activate on restart. Combofix found a rootkit and restarted the computer early on, then ran again upon reboot. So I don't know if Norton was running after that reboot, but if it interfered with anything and/or I should run combofix again, let me know.

Thank you again for your help!

ComboFix Log:

ComboFix 11-03-08.01 - steve 03/08/2011 13:58:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1435 [GMT -6:00]
Running from: c:\documents and settings\steve\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\config.md
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\ipdata.md
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090704-201138.156.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090705-100351.281.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-171337.578.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-171348.000.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-171931.390.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-175516.984.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-233025.640.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-132638.140.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-132817.921.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-132912.625.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-132923.015.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-132929.031.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-214607.890.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-214825.750.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-215438.328.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-215515.593.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-215516.687.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090713-215517.843.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090714-105634.875.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090714-105825.687.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090714-110500.265.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-194400.203.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-194458.890.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-194537.765.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-194555.906.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-195658.578.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-195701.375.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-200602.125.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-201405.140.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-202526.984.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-234913.578.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-235145.625.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090716-235726.046.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090717-000520.984.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090717-001249.937.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090717-001702.406.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090717-002500.093.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090717-002501.250.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090717-002503.968.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090719-204614.359.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\rstatus.md
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-205330.187.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-210206.281.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-210338.125.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-210559.468.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-211048.578.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-211653.828.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-092825.265.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-092828.718.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-192444.468.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-193038.859.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-193802.515.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-194152.343.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-144108.062.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-152018.625.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-153251.906.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-153332.390.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-235527.390.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-235527.421.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-235531.468.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-235623.812.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-000314.359.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-000425.562.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-000818.234.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-084036.828.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-194816.640.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-061401.328.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-083939.343.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-145159.171.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-174116.625.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-180759.593.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-180823.406.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-181616.140.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-181819.531.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-182006.750.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-182639.359.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-182737.531.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-182751.875.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-183256.343.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-184105.937.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-214343.781.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-214458.125.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-235822.406.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-005817.125.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-072027.312.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-213804.937.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-213819.390.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-002856.048.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-002900.627.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-003106.673.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-003109.236.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-003301.783.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-003304.720.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-095926.923.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-102041.642.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-103312.736.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-103335.330.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-103652.267.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-103957.502.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-105833.798.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-103241.314.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-103443.798.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-103501.783.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-104141.736.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-104344.127.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-142149.455.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-142253.267.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-142637.298.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-191437.267.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-191555.439.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-191558.283.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-191846.798.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-192519.189.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-192524.455.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-221018.330.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-104858.845.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-152630.408.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-153355.361.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-153356.377.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-170634.268.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-170846.440.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-170919.252.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-171117.190.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-171205.018.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-171316.846.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-171459.893.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172441.846.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172708.424.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172817.252.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172818.440.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172822.502.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172846.705.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-172950.393.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-184843.018.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-215435.033.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-024652.877.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-025536.299.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-232611.031.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-232937.156.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-233302.109.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-233524.578.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-233535.203.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-233649.093.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-233708.078.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-163147.859.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-224659.625.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-224807.109.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-150650.734.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-200346.062.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-201945.937.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-202032.421.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090810-235927.968.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090812-100248.812.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090822-161824.515.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090822-161828.812.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090828-004220.187.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090828-004223.953.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090828-232716.312.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090828-232718.484.log
c:\documents and settings\steve\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md
c:\program files\AccessMV
c:\program files\Common Files\PersonalSecUninstall
c:\program files\Common Files\PersonalSecUninstall\Uninstall.lnk
c:\program files\Quicktime\QTTask.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
.
Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack :D
.
((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-08 17:19 . 2011-03-08 18:10 -------- d-----w- c:\program files\AOL Desktop 9.6c
2011-03-08 16:51 . 2011-03-08 16:51 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-08 16:50 . 1997-04-09 02:08 299520 ----a-w- c:\windows\uninst.exe
2011-03-08 16:48 . 2011-03-08 16:48 -------- d-----w- c:\documents and settings\steve\WINDOWS
2011-03-08 16:37 . 2011-03-08 16:37 -------- d-----w- C:\_OTL
2011-03-03 14:46 . 2011-03-03 14:46 -------- d-----w- c:\program files\iPod
2011-02-28 16:44 . 2011-02-28 16:44 -------- d-----w- C:\found.000
2011-02-25 21:44 . 2011-02-25 21:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-02-22 05:47 . 2011-02-03 03:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-22 05:47 . 2011-02-03 03:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-17 01:14 . 2011-02-17 01:19 2576 ----a-w- c:\windows\system32\ASOROSet.bin
2011-02-17 00:30 . 2011-02-17 00:41 -------- d-----w- c:\program files\AOL Computer Checkup
2011-02-15 21:12 . 2011-02-15 21:12 -------- d-----w- c:\documents and settings\steve\Application Data\SUPERAntiSpyware.com
2011-02-15 21:12 . 2011-02-15 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-15 21:11 . 2011-02-28 18:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-15 19:41 . 2011-02-15 19:41 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\documents and settings\steve\Application Data\Malwarebytes
2011-02-14 19:22 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-14 19:22 . 2011-02-15 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-14 19:22 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 17:21 . 2011-02-15 00:02 -------- d-----w- c:\program files\AOL Desktop 9.6b
2011-02-09 22:53 . 2011-02-09 22:53 10920 ----a-w- C:\aolconnfix.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 22:36 . 2009-03-12 14:42 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 22:36 . 2007-11-08 01:43 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-03 01:19 . 2008-05-17 04:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-29 21:08 . 2010-08-08 03:21 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-02-17 42392]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2010-05-20 12026216]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-01 160592]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-30 32768]
"Google Update"="c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-05 136176]
"cdloader"="c:\documents and settings\steve\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-28 2423752]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6c\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HostManager"="c:\program files\Common Files\AOL\1166754925\ee\AOLSoftware.exe" [2010-03-08 41800]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-11-28 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"VoiceCenter"="c:\program files\Andrea Electronics\VoiceCenter\AndreaVC.exe" [2008-02-28 1130496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe" [2010-07-23 39272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2011-03-04 53248]
.
c:\documents and settings\steve\Start Menu\Programs\Startup\
AOL OpenRide.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2010-3-8 41800]
Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2009-6-27 2256896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-19 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-4-30 450560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166754925\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.5a\\waol.exe"=
"c:\\Program Files\\AOL 9.5b\\waol.exe"=
"c:\\Program Files\\AOL 9.5c\\waol.exe"=
"c:\\Program Files\\AOL 9.5d\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AOL Desktop 9.6a\\waol.exe"=
"c:\\Documents and Settings\\steve\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\steve\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AOL Desktop 9.6b\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AOL Desktop 9.6c\\waol.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/23/2010 5:30 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/23/2010 5:30 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110225.002\BHDrvx86.sys [2/25/2011 3:59 PM 800376]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/23/2010 5:30 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/23/2010 5:30 PM 116784]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\AOL Computer Checkup\AOLDefragSrv.exe [2/16/2011 6:30 PM 248328]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/23/2010 12:24 PM 296808]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/14/2011 1:22 PM 363344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/23/2010 5:30 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/1/2011 7:31 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110304.001\IDSXpx86.sys [3/7/2011 4:40 PM 341944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/14/2011 1:22 PM 20952]
S3 aeaudiol;AE USB Audio Driver-Lower (WDM);c:\windows\system32\drivers\AEAudioL.sys [5/21/2009 11:16 AM 12800]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3169265928-3499252812-404044738-1006Core.job
- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 01:25]
.
2011-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3169265928-3499252812-404044738-1006UA.job
- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 01:25]
.
2011-03-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2011-03-08 c:\windows\Tasks\User_Feed_Synchronization-{00ADAF14-7C81-40C3-AD55-1DBC7576028B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=toolbar
uInternet Settings,ProxyOverride = <local>;*.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\kl6rjk2z.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b9b97401-98e1-4942-930d-c36652dab7f2} - (no file)
Toolbar-{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - (no file)
HKCU-Run-NortonUpdateAgent - c:\documents and settings\All Users\Application Data\Norton\NUA.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
AddRemove-AddThis Toolbar - c:\program files\AddThis Toolbar\Uninst.exe
AddRemove-AOL Toolbar 5.0 - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-Homepage Protection - c:\program files\Common Files\Homepage Protection\uninstall.exe
AddRemove-JuicyAccess Toolbar - c:\documents and settings\All Users\Application Data\{732BD52C-2B24-4AF1-8509-89A619EC2006}\Setup.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1D975A5E-1126-4F46-A423-41781934A63E} - c:\documents and settings\All Users\Application Data\{732BD52C-2B24-4AF1-8509-89A619EC2006}\Setup.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
AddRemove-PersonalSec - c:\program files\PersonalSec\psecurity.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 14:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-08 14:10:06
ComboFix-quarantined-files.txt 2011-03-08 20:09
.
Pre-Run: 94,726,676,480 bytes free
Post-Run: 94,690,381,824 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BB2C38E44CD403EB59387125FC907355
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well that cleared some rubbish :D

What problems do you have at the moment ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#12
hanc18

hanc18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry for the delay - that fixed a lot of the problems, though, so thank you so much for your help!

Remaining issues:

The computer is still a little slow.
The desktop icons still have a tendency to move from where I place them. I think it's happening when I restart the computer - it doesn't seem to happen when I'm actively using the computer. I'm not sure whether it happens when the computer is on but inactive.

Malwarebytes scan said nothing found; I've posted the log below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6079

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/16/2011 2:07:38 PM
mbam-log-2011-03-16 (14-07-38).txt

Scan type: Quick scan
Objects scanned: 175726
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you right click anywhere on your desktop

And then check the view part and ensure that auto arrange icons is not selected
  • 0

#14
hanc18

hanc18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Auto arrange is not selected.

The only things I have selected are: "Align to Grid," "Show Desktop Items," and "Lock Web Items on Desktop."

Thanks!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Remove the align to grid tick then reboot
[attachment=48422:Untitled.gif]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP