Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help with XP anti-virus 2011

Started by mary58 , Apr 13 2011 11:23 PM

  • This topic is locked This topic is locked

#1
mary58
Posted 13 April 2011 - 11:23 PM

mary58

    Member

  • Member
  • PipPipPip
  • 105 posts
I have already tried running system restore on my computer. I cannot try doing it in safe-mode as my computer do to an issue not related to this virus, will not start in safe-mode. I also tried downloading stopzilla but was not able to run that program. I can only open my browsers in the guest user section, it is the only one that doesn't appear to be infected. One other issue is when I go to open a program the 'open with' screen pops up, I can however right click on the icon and click run as and then the programs appear to run as normal.


Here is the OTL log. there are 2 of them OTL.txt and Extras.Txt

OTL logfile created on: 4/13/2011 10:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 453.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 19.24 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 22:02:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.com
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/13 22:02:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.com
MOD - [2011/04/13 09:30:09 | 000,062,976 | -H-- | M] () -- C:\WINDOWS\SYSTEM32\BOOTSN32.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 03:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
MOD - [2004/08/10 03:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
IE - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/04/13 21:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2011/04/03 15:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/03 15:31:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/26 14:41:37 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/02/26 14:41:38 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2009/06/03 20:03:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/30 03:02:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (MyWay.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\..\Toolbar\ShellBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\..\Toolbar\ShellBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\BTHPROPS.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1532243995-3657090055-2956115912-501..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1532243995-3657090055-2956115912-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\QC: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*
O36 - AppCertDlls: DRWADT32 - (C:\WINDOWS\system32\BOOTSN32.dll) - C:\WINDOWS\SYSTEM32\BOOTSN32.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 21:41:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.exe
[2011/04/13 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\Downloads
[2011/04/13 21:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
[2011/04/13 21:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Mozilla
[2011/04/13 13:37:16 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Guest\Desktop\STOPzilla_Setup.exe
[2011/04/13 13:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Macromedia
[2011/04/13 13:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Adobe
[2011/04/13 13:19:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Guest\UserData
[2011/04/13 13:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\FCTB000060497
[2011/04/13 13:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\HPAppData
[2011/04/13 13:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Dealio
[2011/04/13 13:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\BVRP Software
[2011/03/15 16:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/13 21:48:08 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 21:42:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.exe
[2011/04/13 21:41:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/13 21:41:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/13 21:37:00 | 000,013,060 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1474035932
[2011/04/13 21:36:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/13 21:36:10 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 21:36:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/13 21:35:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/13 21:35:52 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 13:37:20 | 000,509,440 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Guest\Desktop\STOPzilla_Setup.exe
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/13 13:14:29 | 000,012,972 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\537205135
[2011/04/13 13:13:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/13 11:32:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/13 11:19:48 | 000,036,232 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/13 09:30:09 | 000,062,976 | -H-- | M] () -- C:\WINDOWS\System32\BOOTSN32.dll
[2011/04/13 09:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{7FD699C8-3F26-46B3-9AB6-48D511AFF6E9}_MARYP_Mom.job
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/12 16:00:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{00C1D88B-CCF2-438F-9B73-E273329EBE94}_MARYP_Mom.job
[2011/04/11 20:41:24 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/08 16:00:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{1396EDD5-D4E4-4C5E-95C0-493AD02A4C41}_MARYP_Mom.job
[2011/04/03 14:28:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/17 13:00:54 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/13 11:52:40 | 000,012,972 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\537205135
[2011/04/13 11:32:56 | 000,013,060 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1474035932
[2011/04/13 11:19:48 | 000,036,232 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/13 09:30:08 | 000,062,976 | -H-- | C] () -- C:\WINDOWS\System32\BOOTSN32.dll
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/03 14:28:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/15 16:15:05 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/02/19 11:59:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Idilupecejo.dat
[2011/02/19 11:59:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pcena.bin
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/09/06 15:53:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 20:07:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/02/19 13:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jKcBgJg08200
[2009/08/02 20:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/05/27 12:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/18 15:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/13 13:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Dealio
[2011/04/13 13:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\FCTB000060497
[2005/11/12 14:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\PC Suite
[2008/10/14 13:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Snapfish
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010/02/22 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Dealio
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/13 21:36:04 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/13 21:41:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job
[2011/04/12 16:00:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\{00C1D88B-CCF2-438F-9B73-E273329EBE94}_MARYP_Mom.job
[2011/04/08 16:00:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\{1396EDD5-D4E4-4C5E-95C0-493AD02A4C41}_MARYP_Mom.job
[2011/04/13 09:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\{7FD699C8-3F26-46B3-9AB6-48D511AFF6E9}_MARYP_Mom.job

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 4/13/2011 10:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 453.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 19.24 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\tfj.exe" -a "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"" =
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Documents and Settings\Mom\My Documents\NetSetClient.exe" = C:\Documents and Settings\Mom\My Documents\NetSetClient.exe:*:Enabled:NetSetClient -- (Gteko Ltd.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe" = C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe:*:Enabled:MyPoints Toolbar 2.0 (Helper) -- (FreeCause Inc.)
"C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe" = C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe:*:Enabled:MyPoints Toolbar 2.0 (Update) -- (FreeCause Inc.)
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{1445ECFA-AD4B-4f22-A1D2-DDB81354EC1D}" = Snapfish PictureMover
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{250F2B64-1729-4A6F-A3A4-17B478C03431}" = TurboTax 2010 woriper
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30E6EEA3-9375-41EA-B83A-189A5766090B}" = Sears
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C024FB0-EAA2-012B-AE8A-000000000000}" = TurboTax 2009 woriper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459E0590-ECD4-490E-9E52-3EF1F1782225}" = Dawn
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"{4B81F85C-728F-4316-B2FF-F4169317EC36}" = AlarmXP Pro
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54579CE4-5DB5-11D6-A7DD-F76237061D3F}" = Print Perfect Gold
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70841508-9E4E-4949-B324-523D61EF22F2}" = My Ebook Library
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{808AE71A-0B00-4D19-B4CE-57A55622F0B5}" = Homeschool Tracker Basic
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83FC2D98-CB55-4E05-82C1-EDC8A4E8EDD2}" = Garmin MapSource
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}" = Dealio Toolbar v4.3
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BC489586-33E9-412D-BA70-485F3EA92DBE}" = DaisyTrail Digikit Collection 1
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD93F118-7334-0F0D-A3B8-43F67989D1AF}" = YNAB 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDA822A4-8F8A-4377-924C-D36B24F52233}" = EasyChild
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E1AA659A-DC45-4670-AF13-E55694887566}" = HomeSchool Minder
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F523EA0F-D930-4825-A69D-AC8407A4DFA0}" = TurboTax 2008 woriper
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"FLYLADY BenefitBar" = FLYLADY BenefitBar
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Greetings Workshop" = Greetings Workshop
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSOffice" = Microsoft Office Professional
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"MyPoints Toolbar 2.0" = MyPoints Toolbar 2.0
"MyWaySearchAssistantDE" = My Way Search Assistant
"Need For Speed III" = Need For Speed III
"New LEGO Digital Designer" = LEGO Digital Designer
"Northwest Trails" = Northwest Trails
"PDFZilla_is1" = PDFZilla V1.0.7
"Photodex Presenter" = Photodex Presenter
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Pixillion" = Pixillion Image Converter
"Premium Awana VerseMinder_is1" = Premium Awana VerseMinder 01.39 905281
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.91
"Shockwave" = Shockwave
"Shopping List for Windows 95/98/00/ME/NT/XP" = Shopping List for Windows 95/98/00/ME/NT/XP
"ST4UNST #1" = Awana
"ST6UNST #1" = TranscriptPro Version 3.0
"StartWrite50" = StartWrite
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Teknia Language Tools (Greek)" = Teknia Language Tools (Greek)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TikTokCook_is1" = TikTokToDo ver 2.9.2.12
"TTB000001.TTB000001Toolbar" = CouponBar
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"Upromise TurboSaver" = Upromise TurboSaver (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Weather Services" = Weather Services
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"WordWeb" = WordWeb
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"XNote Stopwatch" = XNote Stopwatch 1.50
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Edited by mary58, 14 April 2011 - 09:19 PM.

  • 0

Advertisements

#2
mary58
Posted 15 April 2011 - 07:03 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I think I've managed to get rid of this virus. Thankyou


Well I guess not, it seems to keep coming back. I have run RogueKiller several times, and it shows clean at the moment. I am running Malwarebytes again right now, it shows 1 infected item I'll post that as soon as it finishes.
I have updated Microsoft Security essentials and it just popped up with Rogue: Win 32/FakeRean which I had it remove.

I will run another OTL tomorrow and am shutting the computer down for tonight.

Here is my log from the last Malwarebytes scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6370

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/15/2011 11:03:43 PM
mbam-log-2011-04-15 (23-03-43).txt

Scan type: Quick scan
Objects scanned: 220007
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\phx.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\local settings\application data\phx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Edited by mary58, 16 April 2011 - 12:06 AM.

  • 0

#3
BlackOxide
Posted 16 April 2011 - 07:08 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, mary58! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :D

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :D


Can you get me a fresh OTL log using the instructions below please and I'll have a look to see if there are still any infections present. Can you make sure you run OTL from your normal user account now and not the guest account please :D

We'll also get a scan done to check on your MBR.



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply





In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#4
mary58
Posted 16 April 2011 - 11:49 AM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
thanks for getting back to me so soon.

Here is the OTL log and below it is the Extras from the OTL I'll run the aswMBR and post it in the next post.

OTL logfile created on: 4/16/2011 10:42:46 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 20.03 Gb Free Space | 13.91% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/06 17:35:44 | 000,475,136 | ---- | M] () -- C:\Program Files\Snapfish PictureMover\PictureMover.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/10/25 12:28:02 | 000,098,304 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/13 11:19:49 | 000,217,600 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\itlpfw32.dll -- (itlperf)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 10:24:06 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05FAA579-2764-4304-969F-1E402B59DA55}\MpKsl466c8991.sys -- (MpKsl466c8991)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/15 20:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\QC: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05615f48-c6f1-11dc-9cdf-00038a000015}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O36 - AppCertDlls: DRWADT32 - (C:\WINDOWS\system32\BOOTSN32.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 10:33:20 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 16:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\RK_Quarantine
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/16 10:41:22 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/16 10:33:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/16 10:29:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/16 10:25:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/16 10:24:32 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/16 10:24:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 10:23:55 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/16 10:23:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/16 10:23:46 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/15 22:25:17 | 000,012,314 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qb4wt75j32d2kq3
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 20:48:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/15 20:41:52 | 000,013,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/15 16:31:12 | 000,013,092 | -HS- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\1474035932
[2011/04/15 16:31:12 | 000,013,092 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1474035932
[2011/04/15 16:27:07 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 16:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{1396EDD5-D4E4-4C5E-95C0-493AD02A4C41}_MARYP_Mom.job
[2011/04/15 16:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{00C1D88B-CCF2-438F-9B73-E273329EBE94}_MARYP_Mom.job
[2011/04/15 15:48:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/15 15:06:58 | 000,012,982 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\537205135
[2011/04/15 12:22:44 | 000,013,008 | -HS- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\537205135
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/13 11:19:48 | 000,036,232 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/13 09:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{7FD699C8-3F26-46B3-9AB6-48D511AFF6E9}_MARYP_Mom.job
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/11 20:41:24 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/28 13:21:40 | 000,043,978 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2011/03/17 13:00:54 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 22:22:49 | 000,012,314 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\qb4wt75j32d2kq3
[2011/04/15 22:22:49 | 000,012,314 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qb4wt75j32d2kq3
[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 20:39:34 | 000,013,308 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/15 20:39:34 | 000,013,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/15 16:26:40 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 13:13:37 | 000,013,008 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\537205135
[2011/04/13 11:52:40 | 000,013,092 | -HS- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\1474035932
[2011/04/13 11:52:40 | 000,012,982 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\537205135
[2011/04/13 11:32:56 | 000,013,092 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1474035932
[2011/04/13 11:32:56 | 000,013,080 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1474035932
[2011/04/13 11:19:48 | 000,036,232 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/19 11:59:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Idilupecejo.dat
[2011/02/19 11:59:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pcena.bin
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/09/06 15:53:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,043,978 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/02/19 13:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jKcBgJg08200
[2009/08/02 20:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/05/27 12:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/18 15:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010/02/22 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Dealio
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/16 10:23:55 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/16 10:29:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job
[2011/04/15 16:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\{00C1D88B-CCF2-438F-9B73-E273329EBE94}_MARYP_Mom.job
[2011/04/15 16:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\{1396EDD5-D4E4-4C5E-95C0-493AD02A4C41}_MARYP_Mom.job
[2011/04/13 09:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\{7FD699C8-3F26-46B3-9AB6-48D511AFF6E9}_MARYP_Mom.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >



OTL Extras logfile created on: 4/16/2011 10:42:46 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 20.03 Gb Free Space | 13.91% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"" =
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Documents and Settings\Mom\My Documents\NetSetClient.exe" = C:\Documents and Settings\Mom\My Documents\NetSetClient.exe:*:Enabled:NetSetClient -- (Gteko Ltd.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe" = C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe:*:Enabled:MyPoints Toolbar 2.0 (Helper) -- (FreeCause Inc.)
"C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe" = C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe:*:Enabled:MyPoints Toolbar 2.0 (Update) -- (FreeCause Inc.)
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{1445ECFA-AD4B-4f22-A1D2-DDB81354EC1D}" = Snapfish PictureMover
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{250F2B64-1729-4A6F-A3A4-17B478C03431}" = TurboTax 2010 woriper
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30E6EEA3-9375-41EA-B83A-189A5766090B}" = Sears
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C024FB0-EAA2-012B-AE8A-000000000000}" = TurboTax 2009 woriper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459E0590-ECD4-490E-9E52-3EF1F1782225}" = Dawn
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"{4B81F85C-728F-4316-B2FF-F4169317EC36}" = AlarmXP Pro
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54579CE4-5DB5-11D6-A7DD-F76237061D3F}" = Print Perfect Gold
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70841508-9E4E-4949-B324-523D61EF22F2}" = My Ebook Library
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{808AE71A-0B00-4D19-B4CE-57A55622F0B5}" = Homeschool Tracker Basic
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83FC2D98-CB55-4E05-82C1-EDC8A4E8EDD2}" = Garmin MapSource
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}" = Dealio Toolbar v4.3
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BC489586-33E9-412D-BA70-485F3EA92DBE}" = DaisyTrail Digikit Collection 1
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD93F118-7334-0F0D-A3B8-43F67989D1AF}" = YNAB 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDA822A4-8F8A-4377-924C-D36B24F52233}" = EasyChild
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E1AA659A-DC45-4670-AF13-E55694887566}" = HomeSchool Minder
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F523EA0F-D930-4825-A69D-AC8407A4DFA0}" = TurboTax 2008 woriper
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"FLYLADY BenefitBar" = FLYLADY BenefitBar
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Greetings Workshop" = Greetings Workshop
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSOffice" = Microsoft Office Professional
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"MyPoints Toolbar 2.0" = MyPoints Toolbar 2.0
"Need For Speed III" = Need For Speed III
"New LEGO Digital Designer" = LEGO Digital Designer
"Northwest Trails" = Northwest Trails
"PDFZilla_is1" = PDFZilla V1.0.7
"Photodex Presenter" = Photodex Presenter
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Pixillion" = Pixillion Image Converter
"Premium Awana VerseMinder_is1" = Premium Awana VerseMinder 01.39 905281
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.91
"Shockwave" = Shockwave
"Shopping List for Windows 95/98/00/ME/NT/XP" = Shopping List for Windows 95/98/00/ME/NT/XP
"ST4UNST #1" = Awana
"ST6UNST #1" = TranscriptPro Version 3.0
"StartWrite50" = StartWrite
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Teknia Language Tools (Greek)" = Teknia Language Tools (Greek)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TikTokCook_is1" = TikTokToDo ver 2.9.2.12
"TTB000001.TTB000001Toolbar" = CouponBar
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"Upromise TurboSaver" = Upromise TurboSaver (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"WordWeb" = WordWeb
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"XNote Stopwatch" = XNote Stopwatch 1.50
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2011 12:09:37 AM | Computer Name = MARYP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/16/2011 12:09:39 AM | Computer Name = MARYP | Source = Microsoft Security Client | ID = 5000
Description =

Error - 4/16/2011 12:12:34 AM | Computer Name = MARYP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/16/2011 12:12:37 AM | Computer Name = MARYP | Source = Microsoft Security Client | ID = 5000
Description =

Error - 4/16/2011 12:24:33 AM | Computer Name = MARYP | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/16/2011 1:42:46 AM | Computer Name = MARYP | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x00011a5c.

Error - 4/16/2011 1:48:42 AM | Computer Name = MARYP | Source = Application Error | ID = 1004
Description = Faulting application SVCHOST.EXE, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/16/2011 1:51:14 AM | Computer Name = MARYP | Source = Application Error | ID = 1001
Description = Fault bucket 00536409.

Error - 4/16/2011 1:52:04 AM | Computer Name = MARYP | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011a5c.

Error - 4/16/2011 2:00:11 AM | Computer Name = MARYP | Source = Application Error | ID = 1000
Description = Faulting application SVCHOST.EXE, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.

[ Media Center Events ]
Error - 4/14/2006 7:16:04 PM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/14/2006 4:16:04 PM. You may need to reschedule your recordings.

Error - 6/13/2006 11:54:08 AM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 6/13/2006 8:54:08 AM. You may need to reschedule your recordings.

Error - 7/10/2007 8:02:19 PM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/10/2007 5:02:19 PM. You may need to reschedule your recordings.

Error - 7/29/2008 6:11:39 PM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/29/2008 3:11:39 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 4/15/2011 10:59:38 PM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/16/2011 12:03:47 AM | Computer Name = MARYP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 4/16/2011 12:06:21 AM | Computer Name = MARYP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1317.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 4/16/2011 12:08:44 AM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/16/2011 12:09:06 AM | Computer Name = MARYP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1317.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 4/16/2011 12:09:37 AM | Computer Name = MARYP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1317.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 4/16/2011 12:12:34 AM | Computer Name = MARYP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1317.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 4/16/2011 1:53:25 AM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 4/16/2011 1:24:53 PM | Computer Name = MARYP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 4/16/2011 1:29:50 PM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

#5
mary58
Posted 16 April 2011 - 11:56 AM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
When I booted up my computer this AM before I saw your post, I ran Malware bytes and it showed clean. As I was preparing to post the aswMBR log Security Essentials popped up with Trojan:DOS/Alureon.A which I let it remove.

Below is the aswMBR log

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-16 10:50:03
-----------------------------
10:50:03.531 OS Version: Windows 5.1.2600 Service Pack 2
10:50:03.531 Number of processors: 2 586 0x403
10:50:03.531 ComputerName: MARYP UserName: Mom
10:50:06.250 Initialize success
10:50:23.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
10:50:23.718 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
10:50:23.734 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST3160023AS_____________________________8.12____#4&244ba08&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
10:50:23.734 Disk 0 MBR read successfully
10:50:23.734 Disk 0 MBR scan
10:50:23.734 Disk 0 TDL4@MBR code has been found
10:50:23.734 Disk 0 MBR hidden
10:50:23.750 Disk 0 MBR [TDL4] **ROOTKIT**
10:50:23.750 Disk 0 trace - called modules:
10:50:23.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86c4f439]<<
10:50:23.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c65030]
10:50:23.765 3 CLASSPNP.SYS[f766305b] -> nt!IofCallDriver -> [0x86bf00e8]
10:50:23.765 \Driver\iaStor[0x86f90470] -> IRP_MJ_CREATE -> 0x86c4f439
10:50:23.781 Scan finished successfully
  • 0

#6
BlackOxide
Posted 16 April 2011 - 02:41 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs and info :D

There are still several infections present in your OTL log, so we will try and clear these now. Just follow the steps below...


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2011/04/13 11:19:49 | 000,217,600 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\itlpfw32.dll -- (itlperf)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\QC: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O36 - AppCertDlls: DRWADT32 - (C:\WINDOWS\system32\BOOTSN32.dll) - File not found
[2011/04/15 22:25:17 | 000,012,314 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qb4wt75j32d2kq3
[2011/04/15 20:41:52 | 000,013,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/04/15 16:31:12 | 000,013,092 | -HS- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\1474035932
[2011/04/15 16:31:12 | 000,013,092 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1474035932
[2011/04/15 16:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{1396EDD5-D4E4-4C5E-95C0-493AD02A4C41}_MARYP_Mom.job
[2011/04/15 16:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{00C1D88B-CCF2-438F-9B73-E273329EBE94}_MARYP_Mom.job
[2011/04/15 15:06:58 | 000,012,982 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\537205135
[2011/04/15 12:22:44 | 000,013,008 | -HS- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\537205135
[2011/04/13 11:19:48 | 000,036,232 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/04/13 09:00:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{7FD699C8-3F26-46B3-9AB6-48D511AFF6E9}_MARYP_Mom.job
[2011/04/15 22:22:49 | 000,012,314 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\qb4wt75j32d2kq3
[2011/04/15 20:39:34 | 000,013,308 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\kb1ct45l884db54a8j0jvs53mpyp5v727vs2666h
[2011/02/19 11:59:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Idilupecejo.dat
[2011/02/19 11:59:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pcena.bin
[2011/02/19 13:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jKcBgJg08200

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\jKcBgJg08200

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Lets see if Security Essentials successfully got rid of the rootkit or not. Could you run another scan with aswMBR please. I'll post the instructions again for you below :D

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#7
mary58
Posted 16 April 2011 - 04:08 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Here is the OTL log

OTL logfile created on: 4/16/2011 2:57:33 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 487.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 20.90 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/06 17:35:44 | 000,475,136 | ---- | M] () -- C:\Program Files\Snapfish PictureMover\PictureMover.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/10/25 12:28:02 | 000,098,304 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 14:55:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05FAA579-2764-4304-969F-1E402B59DA55}\MpKslf9e08e67.sys -- (MpKslf9e08e67)
DRV - [2011/04/16 14:48:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05FAA579-2764-4304-969F-1E402B59DA55}\MpKsl0bd37163.sys -- (MpKsl0bd37163)
DRV - [2011/04/16 10:24:06 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05FAA579-2764-4304-969F-1E402B59DA55}\MpKsl466c8991.sys -- (MpKsl466c8991)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/15 20:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/16 14:48:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05615f48-c6f1-11dc-9cdf-00038a000015}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 14:48:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/16 10:33:20 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 16:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\RK_Quarantine
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 17:02:13 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/04/12 17:02:13 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2011/04/12 17:02:12 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2011/04/12 17:02:12 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/04/12 17:02:12 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/04/12 17:02:12 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2011/04/12 17:02:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2011/04/12 17:02:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/04/12 17:02:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2011/04/12 17:02:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/04/12 17:02:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/04/12 17:01:55 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/04/12 17:01:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/04/12 17:01:13 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/04/12 17:01:13 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2011/04/12 17:01:13 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2011/04/12 17:01:13 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/04/12 17:01:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/04/12 17:01:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2011/04/12 17:01:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/04/12 17:01:07 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/04/12 17:01:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/04/12 17:01:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/04/12 17:01:04 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/04/12 17:01:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/04/12 17:00:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/04/12 17:00:47 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/04/12 17:00:46 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/04/12 17:00:45 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/04/12 17:00:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2011/04/12 17:00:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/04/12 17:00:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2011/04/12 17:00:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/04/12 17:00:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2011/04/12 17:00:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/04/12 17:00:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2011/04/12 17:00:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/04/12 17:00:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2011/04/12 17:00:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/04/12 17:00:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2011/04/12 17:00:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/04/12 17:00:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2011/04/12 17:00:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/04/12 17:00:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2011/04/12 17:00:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/04/12 17:00:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2011/04/12 17:00:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/04/12 17:00:43 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/04/12 17:00:43 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/04/12 17:00:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2011/04/12 17:00:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/04/12 17:00:42 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/04/12 17:00:42 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/04/12 17:00:14 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/04/12 17:00:14 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/04/12 17:00:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/04/12 17:00:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/16 15:00:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/16 14:56:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/16 14:56:29 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/16 14:55:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/16 14:55:08 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/16 14:55:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/16 14:55:02 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/16 10:48:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/16 10:41:22 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/16 10:33:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:27:07 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/11 20:41:24 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/28 13:21:40 | 000,043,978 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:26:40 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 11:32:56 | 000,013,080 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1474035932
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/09/06 15:53:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,043,978 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >
  • 0

#8
mary58
Posted 16 April 2011 - 04:14 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
aswMBR log below, as I was running it Security Essentials popped up again showing Trojan:DOS/Alureon.A I will click remove and then run aswMBR again and post the results


aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-16 15:12:06
-----------------------------
15:12:06.355 OS Version: Windows 5.1.2600 Service Pack 2
15:12:06.355 Number of processors: 2 586 0x403
15:12:06.355 ComputerName: MARYP UserName: Mom
15:12:07.902 Initialize success
15:12:10.136 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
15:12:10.136 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
15:12:10.136 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST3160023AS_____________________________8.12____#4&244ba08&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
15:12:10.136 Disk 0 MBR read successfully
15:12:10.152 Disk 0 MBR scan
15:12:10.152 Disk 0 TDL4@MBR code has been found
15:12:10.152 Disk 0 MBR hidden
15:12:10.152 Disk 0 MBR [TDL4] **ROOTKIT**
15:12:10.167 Disk 0 trace - called modules:
15:12:10.167 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86c40439]<<
15:12:10.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f92030]
15:12:10.183 3 CLASSPNP.SYS[f765305b] -> nt!IofCallDriver -> [0x86be1790]
15:12:10.183 \Driver\iaStor[0x86c68888] -> IRP_MJ_CREATE -> 0x86c40439
15:12:10.199 Scan finished successfully
  • 0

#9
mary58
Posted 16 April 2011 - 04:17 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I see now that Security Essentials is thinking MBR is the threat.

Below is my latest aswMBR log

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-16 15:16:16
-----------------------------
15:16:16.260 OS Version: Windows 5.1.2600 Service Pack 2
15:16:16.276 Number of processors: 2 586 0x403
15:16:16.276 ComputerName: MARYP UserName: Mom
15:16:17.182 Initialize success
15:16:19.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
15:16:19.448 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
15:16:19.448 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST3160023AS_____________________________8.12____#4&244ba08&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
15:16:19.448 Disk 0 MBR read successfully
15:16:19.448 Disk 0 MBR scan
15:16:19.463 Disk 0 TDL4@MBR code has been found
15:16:19.463 Disk 0 MBR hidden
15:16:19.463 Disk 0 MBR [TDL4] **ROOTKIT**
15:16:19.463 Disk 0 trace - called modules:
15:16:19.479 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86c40439]<<
15:16:19.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f92030]
15:16:19.479 3 CLASSPNP.SYS[f765305b] -> nt!IofCallDriver -> [0x86be1790]
15:16:19.494 \Driver\iaStor[0x86c68888] -> IRP_MJ_CREATE -> 0x86c40439
15:16:19.494 Scan finished successfully
  • 0

#10
mary58
Posted 16 April 2011 - 07:03 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I've used the computer off and on all day, and NOW IT'S BACK.

I noticed the bar across the bottom of the screen that shows the programs open had changed appearance, so I started to run Malware bytes just to check, and then the browser closed and the virus windows started opening again. I ran rogue killer and here is the log from it. I'll post another post with the Malware bytes log and then run another OTL log and post that.

RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Mom [Admin rights]
Mode: Scan -- Date : 04/16/2011 17:56:13

Bad processes: 1
[APPDT/TMP/DESKTOP] xar.exe -- c:\documents and settings\localservice\local settings\application data\xar.exe -> KILLED

Registry Entries: 8
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[FILEASSO] HKLM\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe" -a "C:\Program Files\mozilla firefox\firefox.exe") -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe" -a "C:\Program Files\Intern") -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

Advertisements

#11
BlackOxide
Posted 17 April 2011 - 05:56 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the updates. Could you do the following steps for me please, in this order.


1)
Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and press Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.




2)
Lets now see if we can remove this Rootkit, which is still causing problems...

As Security Essentials is detecting it (and possibly interfering with aswMBR), you will need to temporarily disable it.
To do this, open Security Essentials, click the Settings tab. Click Real-Time Protection on the left hand side, then UNtick Turn on real-time protection. Now click Save Changes and it should disable Security Essentials.


Now open aswMBR again and do the following...


Click Scan

On completion of the scan

Click the Fix Button

Posted Image



Save the log as before and post in your next reply




3)
Could you get me another fresh OTL scan please.


OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
RogueKiller log
aswMBR log
OTL log
  • 0

#12
mary58
Posted 17 April 2011 - 09:04 AM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Thanks

Here they are

RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Mom [Admin rights]
Mode: Remove -- Date : 04/17/2011 07:44:06

Bad processes: 0

Registry Entries: 0

HOSTS File:


Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-17 07:45:56
-----------------------------
07:45:56.859 OS Version: Windows 5.1.2600 Service Pack 2
07:45:56.859 Number of processors: 2 586 0x403
07:45:56.859 ComputerName: MARYP UserName: Mom
07:45:58.109 Initialize success
07:46:09.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
07:46:09.281 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
07:46:09.281 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST3160023AS_____________________________8.12____#4&244ba08&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
07:46:09.296 Disk 0 MBR read successfully
07:46:09.312 Disk 0 MBR scan
07:46:09.312 Disk 0 TDL4@MBR code has been found
07:46:09.312 Disk 0 MBR hidden
07:46:09.312 Disk 0 MBR [TDL4] **ROOTKIT**
07:46:09.328 Disk 0 trace - called modules:
07:46:09.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86c4f439]<<
07:46:09.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f95510]
07:46:09.343 3 CLASSPNP.SYS[f765305b] -> nt!IofCallDriver -> [0x86bc10c0]
07:46:09.343 \Driver\iaStor[0x86f935e8] -> IRP_MJ_CREATE -> 0x86c4f439
07:46:09.359 Scan finished successfully
07:46:39.093 Disk 0 fixing MBR
07:46:49.109 Disk 0 MBR restored successfully
07:46:49.109 Infection fixed successfully - please reboot ASAP


OTL logfile created on: 4/17/2011 7:48:03 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 20.66 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 10:33:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
PRC - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/04/15 16:27:07 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/06 17:35:44 | 000,475,136 | ---- | M] () -- C:\Program Files\Snapfish PictureMover\PictureMover.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/10/25 12:28:02 | 000,098,304 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
PRC - [2004/08/10 03:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CMD.EXE
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - [2011/04/17 07:34:35 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05FAA579-2764-4304-969F-1E402B59DA55}\MpKsl3d7656c3.sys -- (MpKsl3d7656c3)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/15 20:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05615f48-c6f1-11dc-9cdf-00038a000015}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 22:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/16 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/16 15:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\fixing virus
[2011/04/16 14:48:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/16 10:33:20 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 16:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\RK_Quarantine
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/17 07:48:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 07:47:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\MBR.dat
[2011/04/17 07:41:14 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/17 07:39:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/17 07:35:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/17 07:34:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/17 07:34:41 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/17 07:34:28 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/17 07:34:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/17 07:34:20 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/16 20:41:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/16 18:14:35 | 000,014,198 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\l068fp6ptd5np2lt166sas867
[2011/04/16 10:33:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:27:07 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/28 13:21:40 | 000,043,978 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/04/17 07:47:26 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\MBR.dat
[2011/04/16 17:54:59 | 000,014,198 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\l068fp6ptd5np2lt166sas867
[2011/04/16 17:54:59 | 000,014,198 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l068fp6ptd5np2lt166sas867
[2011/04/16 17:54:56 | 000,235,810 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe
[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:26:40 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 11:32:56 | 000,013,080 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1474035932
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/09/06 15:53:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,043,978 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/08/02 20:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/05/27 12:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/18 15:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010/02/22 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Dealio
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/17 07:34:28 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/17 07:39:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >
  • 0

#13
BlackOxide
Posted 17 April 2011 - 01:49 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Looks as if the rootkit has now been removed, which is good news :D

Please reboot your PC if you haven't already done so after doing the aswMBR fix.

I can see that there are a few infections which have creeped back on, so lets remove these with OTL, then we'll run a scan with ComboFix :D


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\l068fp6ptd5np2lt166sas867
C:\Documents and Settings\LocalService\Local Settings\Application Data\l068fp6ptd5np2lt166sas867
C:\Documents and Settings\LocalService\Local Settings\Application Data\xar.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\1474035932
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.




In your next reply
Please post the contents of...
OTL log
ComboFix log
  • 0

#14
mary58
Posted 17 April 2011 - 02:30 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
OTL logfile created on: 4/17/2011 1:17:10 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 232.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 20.87 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/10 03:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS -- (VolSnap)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/15 20:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/17 13:04:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} https://offers.e-cen...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05615f48-c6f1-11dc-9cdf-00038a000015}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 08:00:18 | 000,569,344 | -H-- | C] (BitSprx) -- C:\Documents and Settings\All Users\Application Data\aIdFJYXaJU.exe
[2011/04/16 22:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/16 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/16 15:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\fixing virus
[2011/04/16 14:48:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/16 10:33:20 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/17 13:20:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/17 13:14:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/17 13:10:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/17 13:10:20 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/17 13:09:36 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/17 13:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/17 13:09:30 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 13:04:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/04/17 08:48:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 08:41:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/17 08:00:17 | 000,569,344 | -H-- | M] (BitSprx) -- C:\Documents and Settings\All Users\Application Data\aIdFJYXaJU.exe
[2011/04/16 20:41:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/16 10:33:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:27:07 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/28 13:21:40 | 000,043,978 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:26:40 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/09/06 15:53:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,043,978 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/08/02 20:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/05/27 12:19:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/18 15:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010/02/22 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Dealio
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/17 13:09:36 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/17 13:14:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/13 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >
  • 0

#15
mary58
Posted 17 April 2011 - 02:55 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
ComboFix 11-04-16.03 - Mom 04/17/2011 13:39:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.592 [GMT -7:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\aIdFJYXaJU.exe
c:\documents and settings\frank2\Application Data\Dealio
c:\documents and settings\frank2\Application Data\Dealio\res\widgets.xml
c:\documents and settings\frank2\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Guest\Application Data\Dealio
c:\documents and settings\Guest\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Guest\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Mom\Application Data\Dealio
c:\documents and settings\Mom\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Mom\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Mom\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Mom\GoToAssistDownloadHelper.exe
c:\documents and settings\Mom\Local Settings\Application Data\{37F13E1A-597D-4246-853C-4DDD894BBCEC}
c:\documents and settings\Mom\Local Settings\Application Data\{37F13E1A-597D-4246-853C-4DDD894BBCEC}\chrome\content\_cfg.js
c:\documents and settings\Mom\Local Settings\Application Data\{37F13E1A-597D-4246-853C-4DDD894BBCEC}\chrome\content\overlay.xul
c:\documents and settings\Mom\Local Settings\Application Data\{37F13E1A-597D-4246-853C-4DDD894BBCEC}\install.rdf
c:\documents and settings\Mom\WINDOWS
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\[email protected]
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))))
.
.
2011-04-15 23:31 . 2011-04-15 23:31 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2011-04-15 22:48 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 22:48 . 2011-04-15 22:48 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-15 22:48 . 2011-04-17 01:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-15 19:52 . 2011-04-15 19:52 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\BVRP Software
2011-04-15 19:25 . 2011-04-16 00:04 -------- d-----w- c:\documents and settings\frank2
2011-04-14 04:39 . 2011-04-14 04:39 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2011-04-13 20:19 . 2011-04-15 19:52 -------- d-s---w- c:\documents and settings\Guest\UserData
2011-04-13 20:17 . 2011-04-13 20:17 -------- d--h--w- c:\documents and settings\Guest\Application Data\FCTB000060497
2011-04-13 20:17 . 2011-04-14 04:39 -------- d--h--w- c:\documents and settings\Guest\Application Data\HPAppData
2011-04-13 19:06 . 2011-04-17 01:00 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-04-13 16:29 . 2011-04-17 05:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-13 15:38 . 2011-04-13 15:38 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-04-13 00:02 . 2004-08-10 10:00 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
2011-04-13 00:02 . 2004-08-10 10:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2011-04-13 00:02 . 2004-08-10 10:00 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-04-13 00:02 . 2004-08-10 10:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2011-04-13 00:02 . 2004-08-10 10:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2011-04-13 00:02 . 2004-08-10 10:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-04-13 00:02 . 2004-08-10 10:00 1875968 ----a-w- c:\windows\system32\msir3jp.lex
2011-04-13 00:02 . 2004-08-10 10:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2011-04-13 00:02 . 2004-08-10 10:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-04-13 00:02 . 2004-08-10 10:00 19456 ----a-w- c:\windows\system32\dllcache\agt0404.dll
2011-04-13 00:00 . 2004-08-10 10:00 19456 ----a-w- c:\windows\system32\dllcache\agt0411.dll
2011-04-03 21:28 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-03 21:28 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-03 21:28 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-03 21:28 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-03 21:28 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-03 21:28 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-03 21:28 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-03 21:28 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2011-02-20 21:50 6792528 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-25 23:32 . 2011-02-06 23:51 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-02-03 04:40 . 2010-08-02 01:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11 . 2011-02-19 21:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:53 . 2011-04-03 21:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-08-25 15:45 617472 --sha-w- c:\windows\SYSTEM32\comctl32.dll
1996-03-20 07:00 35088 --sha-w- c:\windows\SYSTEM32\MSJINT32.DLL
2002-02-04 06:16 978944 --sha-w- c:\windows\SYSTEM32\MSJT3032.DLL
1996-03-20 07:00 98356 --sha-w- c:\windows\SYSTEM32\MSJTER32.DLL
2004-08-10 10:00 413696 --sha-w- c:\windows\SYSTEM32\MSVCP60.DLL
2004-08-10 10:00 343040 --sha-w- c:\windows\SYSTEM32\MSVCRT.DLL
2004-08-10 10:00 253952 --sha-w- c:\windows\SYSTEM32\MSVCRT20.DLL
2004-08-10 10:00 30749 --sha-w- c:\windows\SYSTEM32\VBAJET32.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Toolbar 2.0\Helper.dll" [2009-11-20 242688]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-11-20 22:14 1440768 ----a-w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-20 1440768]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-20 1440768]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-08-16 167936]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-04-23 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2005-08-12 81920]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-29 526336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
c:\documents and settings\Mom\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
Premium Awana VerseMinder.lnk - c:\program files\VerseMinder\awanapremium\xulrunner\xulrunner.exe [2010-4-14 98304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2008-11-20 315392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-6-15 98304]
Microsoft Office Fast Start.lnk - c:\msoffice95\Office\FASTBOOT.EXE [1996-3-20 14848]
Microsoft Office Find Fast Indexer.lnk - c:\msoffice95\Office\FINDFAST.EXE [1996-3-20 86528]
Snapfish PictureMover.lnk - c:\program files\Snapfish PictureMover\PictureMover.exe [2007-11-6 475136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^MySurvey Messenger.lnk]
path=c:\documents and settings\Mom\Start Menu\Programs\Startup\MySurvey Messenger.lnk
backup=c:\windows\pss\MySurvey Messenger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^Sears.lnk]
path=c:\documents and settings\Mom\Start Menu\Programs\Startup\Sears.lnk
backup=c:\windows\pss\Sears.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\Mom\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 17:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\EHOME\EHTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-15 03:36 136176 ----atw- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-12 00:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-09-18 20:46 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-09-18 20:46 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-05-31 17:30 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update]
2009-07-01 17:19 81920 ----a-w- c:\program files\Upromise\dca-ua.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Mom\\My Documents\\NetSetClient.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdController.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServer.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\Mom\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"55567:TCP"= 55567:TCP:RosettaStoneLtdServices Port 55567
"55570:TCP"= 55570:TCP:RosettaStoneLtdServices Port 55570
"55568:TCP"= 55568:TCP:RosettaStoneLtdServer Port 55568
"55569:TCP"= 55569:TCP:RosettaStoneLtdController Port 55569
"55566:TCP"= 55566:TCP:RosettaStoneLtdServices Port 55566
"<NO NAME>"=
.
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [8/27/2010 10:44 AM 401920]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/28/2011 6:10 PM 387072]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [10/31/2007 4:11 PM 354648]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/6/2008 3:15 PM 24652]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\SYSTEM32\DRIVERS\atinewp2.sys [12/31/1979 10:00 PM 485888]
S0 bmsxwdh;bmsxwdh;c:\windows\system32\drivers\mcemu.sys --> c:\windows\system32\drivers\mcemu.sys [?]
S1 MpKsl2ac6bc57;MpKsl2ac6bc57;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44B346CD-566A-46BE-B52C-4AE67286BB72}\MpKsl2ac6bc57.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44B346CD-566A-46BE-B52C-4AE67286BB72}\MpKsl2ac6bc57.sys [?]
S1 MpKsl49443c70;MpKsl49443c70;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22DDD9FF-2BBD-4D6F-8A3F-B1200CBDF437}\MpKsl49443c70.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22DDD9FF-2BBD-4D6F-8A3F-B1200CBDF437}\MpKsl49443c70.sys [?]
S1 MpKsl5509f582;MpKsl5509f582;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FDE92C8-340E-41C5-AC2E-1DBD7FDA044B}\MpKsl5509f582.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FDE92C8-340E-41C5-AC2E-1DBD7FDA044B}\MpKsl5509f582.sys [?]
S1 MpKsl7954bc01;MpKsl7954bc01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64994654-A3F1-4685-9C7B-E2FB9835E8B6}\MpKsl7954bc01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64994654-A3F1-4685-9C7B-E2FB9835E8B6}\MpKsl7954bc01.sys [?]
S1 MpKsl8224a411;MpKsl8224a411;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82502E68-5C75-41E7-B9A1-585587592F9B}\MpKsl8224a411.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82502E68-5C75-41E7-B9A1-585587592F9B}\MpKsl8224a411.sys [?]
S1 MpKsl87e56295;MpKsl87e56295;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50A196E4-A0FB-4E06-8FA3-FDBAA80531E4}\MpKsl87e56295.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50A196E4-A0FB-4E06-8FA3-FDBAA80531E4}\MpKsl87e56295.sys [?]
S1 MpKsla5b89750;MpKsla5b89750;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3CAAE6BC-2A0B-4BDB-BA90-886CA17C8AB4}\MpKsla5b89750.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3CAAE6BC-2A0B-4BDB-BA90-886CA17C8AB4}\MpKsla5b89750.sys [?]
S1 MpKslcf55b674;MpKslcf55b674;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35384FE2-C2BD-4F0C-8671-D7720247FEA7}\MpKslcf55b674.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35384FE2-C2BD-4F0C-8671-D7720247FEA7}\MpKslcf55b674.sys [?]
S1 MpKsleb2708a6;MpKsleb2708a6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5515AC3D-97AF-4D62-B02B-C35AA2D335FD}\MpKsleb2708a6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5515AC3D-97AF-4D62-B02B-C35AA2D335FD}\MpKsleb2708a6.sys [?]
S1 MpKslefc3e1d4;MpKslefc3e1d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C234DA2-D21E-4626-A262-256356273E03}\MpKslefc3e1d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C234DA2-D21E-4626-A262-256356273E03}\MpKslefc3e1d4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/5/2010 6:43 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-17 c:\windows\Tasks\AlarmXP Pro.job
- c:\program files\Red Point\AlarmXP Pro\AlarmXPPro.exe [2006-03-31 19:53]
.
2011-04-10 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2010-12-21 21:42]
.
2011-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-25 00:53]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 01:42]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 01:42]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-15 03:36]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-15 03:36]
.
2011-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2010-11-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-11-07 02:48]
.
2011-04-17 c:\windows\Tasks\SHUTDOWN.job
- c:\windows\system32\SHUTDOWN.EXE [2004-08-10 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crosswalk.com/
mWindow Title = Microsoft Internet Explorer provided by CenturyTel
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKU-Default-Run-aIdFJYXaJU - c:\documents and settings\All Users\Application Data\aIdFJYXaJU.exe
Notify-itlntfy - itlnfw32.dll
AddRemove-Need For Speed III - j:\program files\electronic arts\need for speed iii\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-17 13:46
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
Completion time: 2011-04-17 13:50:12
ComboFix-quarantined-files.txt 2011-04-17 20:50
.
Pre-Run: 22,289,801,216 bytes free
Post-Run: 22,266,007,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 588BA311FE5826DCCFBB2966F29B1F74
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP