Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help with XP anti-virus 2011

Started by mary58 , Apr 13 2011 11:23 PM

This topic is locked

#16
BlackOxide

Posted 17 April 2011 - 03:16 PM

Trusted Helper

Malware Removal
1,976 posts

We look to be making good progress. How is your PC behaving now, are there any Fake Anti Virus popups or are you still having trouble running any programs?

Could you do the following two steps for me please. I'd like to check on a file to see if it is infected or not and we'll run a scan with ESET Online, just to check to see if any malware items are still lurking

1)
Can you re-enable your Security Essentials now please. To do this, click the Settings tab, then Real-time protection on the left, then check the Turn on Real-time protection box and then click Save Changes.

2)

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\system32\drivers\mcemu.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

3)
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

In your next reply
Please post the contents of...
VirScan log
ESET Online Scanner log

#17
mary58

Posted 17 April 2011 - 04:36 PM

Member

Topic Starter
Member
105 posts

I attempted to run VirSCAN and it said error file not found.

I am starting the ESET scan now.

My programs all seem okay.

#18
mary58

Posted 17 April 2011 - 06:57 PM

Member

Topic Starter
Member
105 posts

Below is the ESET log, thanks again for your help.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=81017fd7a8bc354b95ddff0b003b4357
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-18 12:40:03
# local_time=2011-04-17 05:40:03 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5891 16776869 42 87 0 14175780 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184783
# found=25
# cleaned=24
# scan_time=5484
C:\Documents and Settings\Mom\Desktop\fixing virus\RK_Quarantine\cyh.exe.vir a variant of Win32/Kryptik.MRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Mom\Desktop\fixing virus\RK_Quarantine\phx.exe.vir a variant of Win32/Kryptik.MRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Mom\Desktop\fixing virus\RK_Quarantine\tfj.exe.vir a variant of Win32/Injector.FUD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\aIdFJYXaJU.exe.vir a variant of Win32/Kryptik.MSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll.vir a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2024\A0388873.dll probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2054\A0395688.exe Win32/Adware.SystemSecurity application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2054\A0395689.dll a variant of Win32/Kryptik.KZL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396209.rbf Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396211.rbf Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396213.rbf probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396221.old Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396222.old Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396223.old Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2068\A0396224.old Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2122\A0418952.exe a variant of Win32/Kryptik.MSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2122\A0418957.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2123\A0419059.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2123\A0419060.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2123\A0419061.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS Win32/Olmasco.E trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04162011_144819\C_WINDOWS\SYSTEM32\itlnfw32.dll a variant of Win32/Koblu.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#19
BlackOxide

Posted 18 April 2011 - 12:36 PM

Trusted Helper

Malware Removal
1,976 posts

No problem

ESET has removed a few files, but they are mainly in quarantine folders or System Restore points (which we will clear at the end). There is one file though that it says is infected and that it is unable to clean, so I'd like you to run the following scan to see if it picks it up

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#20
mary58

Posted 18 April 2011 - 10:13 PM

Member

Topic Starter
Member
105 posts

I am going to be away from that computer for a few days, hopefully I can have someone run the scan tomorrow evening for me. I will have him respond with the results when it gets done. Thanks again.

#21
BlackOxide

Posted 19 April 2011 - 01:45 PM

Trusted Helper

Malware Removal
1,976 posts

No worries, that's fine

#22
mary58

Posted 19 April 2011 - 04:46 PM

Member

Topic Starter
Member
105 posts

Below is the TDSSKiller log.

2011/04/19 15:37:43.0968 1804 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/19 15:37:44.0484 1804 ================================================================================
2011/04/19 15:37:44.0484 1804 SystemInfo:
2011/04/19 15:37:44.0484 1804
2011/04/19 15:37:44.0484 1804 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/19 15:37:44.0484 1804 Product type: Workstation
2011/04/19 15:37:44.0484 1804 ComputerName: MARYP
2011/04/19 15:37:44.0484 1804 UserName: Mom
2011/04/19 15:37:44.0484 1804 Windows directory: C:\WINDOWS
2011/04/19 15:37:44.0484 1804 System windows directory: C:\WINDOWS
2011/04/19 15:37:44.0484 1804 Processor architecture: Intel x86
2011/04/19 15:37:44.0484 1804 Number of processors: 2
2011/04/19 15:37:44.0484 1804 Page size: 0x1000
2011/04/19 15:37:44.0484 1804 Boot type: Normal boot
2011/04/19 15:37:44.0484 1804 ================================================================================
2011/04/19 15:37:45.0359 1804 Initialize success
2011/04/19 15:37:57.0625 3768 ================================================================================
2011/04/19 15:37:57.0625 3768 Scan started
2011/04/19 15:37:57.0625 3768 Mode: Manual;
2011/04/19 15:37:57.0625 3768 ================================================================================
2011/04/19 15:37:57.0812 3768 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/19 15:37:57.0843 3768 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/19 15:37:57.0890 3768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/19 15:37:57.0937 3768 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/19 15:37:57.0984 3768 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/19 15:37:58.0031 3768 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/19 15:37:58.0078 3768 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/19 15:37:58.0093 3768 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/19 15:37:58.0125 3768 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/19 15:37:58.0156 3768 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/19 15:37:58.0187 3768 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/19 15:37:58.0218 3768 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/19 15:37:58.0250 3768 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/19 15:37:58.0281 3768 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/19 15:37:58.0312 3768 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/19 15:37:58.0343 3768 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/19 15:37:58.0375 3768 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/19 15:37:58.0406 3768 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/19 15:37:58.0437 3768 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/19 15:37:58.0484 3768 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/04/19 15:37:58.0593 3768 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/19 15:37:58.0625 3768 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/19 15:37:58.0718 3768 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/19 15:37:58.0765 3768 atinewp2 (34e74fab657dc47031330dfa30ee7e38) C:\WINDOWS\system32\DRIVERS\atinewp2.sys
2011/04/19 15:37:58.0796 3768 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/19 15:37:58.0843 3768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/19 15:37:58.0890 3768 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/19 15:37:58.0921 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/19 15:37:59.0000 3768 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/19 15:37:59.0015 3768 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/19 15:37:59.0078 3768 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/19 15:37:59.0109 3768 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/04/19 15:37:59.0140 3768 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/19 15:37:59.0187 3768 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/19 15:37:59.0234 3768 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/19 15:37:59.0375 3768 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/19 15:37:59.0390 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/19 15:37:59.0437 3768 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/19 15:37:59.0468 3768 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/19 15:37:59.0500 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/19 15:37:59.0531 3768 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/19 15:37:59.0562 3768 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/19 15:37:59.0625 3768 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/19 15:37:59.0671 3768 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/19 15:37:59.0703 3768 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/19 15:37:59.0734 3768 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/19 15:37:59.0781 3768 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/19 15:37:59.0828 3768 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/19 15:37:59.0859 3768 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/19 15:37:59.0890 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/19 15:37:59.0937 3768 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/19 15:37:59.0968 3768 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/19 15:38:00.0000 3768 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/19 15:38:00.0046 3768 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/19 15:38:00.0093 3768 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/19 15:38:00.0703 3768 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/19 15:38:00.0828 3768 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/04/19 15:38:00.0859 3768 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/19 15:38:00.0953 3768 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/19 15:38:01.0000 3768 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/19 15:38:01.0046 3768 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/19 15:38:01.0093 3768 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/19 15:38:01.0140 3768 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/19 15:38:01.0171 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/19 15:38:01.0218 3768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/19 15:38:01.0265 3768 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/19 15:38:01.0312 3768 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/04/19 15:38:01.0390 3768 HidIr (1f695c5e013ba11a1901d8b845111b7e) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/04/19 15:38:01.0437 3768 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/19 15:38:01.0484 3768 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/19 15:38:01.0546 3768 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/19 15:38:01.0578 3768 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/19 15:38:01.0625 3768 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/19 15:38:01.0687 3768 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/19 15:38:01.0734 3768 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/19 15:38:01.0765 3768 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/19 15:38:01.0796 3768 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/19 15:38:01.0843 3768 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/04/19 15:38:01.0890 3768 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/19 15:38:01.0937 3768 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/19 15:38:02.0015 3768 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/04/19 15:38:02.0078 3768 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/04/19 15:38:02.0125 3768 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/04/19 15:38:02.0156 3768 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/19 15:38:02.0187 3768 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/19 15:38:02.0234 3768 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/19 15:38:02.0265 3768 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/19 15:38:02.0312 3768 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/19 15:38:02.0343 3768 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/19 15:38:02.0375 3768 IrBus (3dcdb9480fc39b5f3bd6298296213c26) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/04/19 15:38:02.0421 3768 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/19 15:38:02.0468 3768 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/19 15:38:02.0484 3768 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/19 15:38:02.0531 3768 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/19 15:38:02.0562 3768 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/19 15:38:02.0625 3768 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/19 15:38:02.0750 3768 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/19 15:38:02.0765 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/19 15:38:02.0796 3768 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/19 15:38:02.0828 3768 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/19 15:38:02.0859 3768 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/04/19 15:38:02.0890 3768 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/19 15:38:02.0921 3768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/19 15:38:02.0968 3768 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/19 15:38:03.0015 3768 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/19 15:38:03.0281 3768 MpKslc49ee383 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1376B4BE-9E3E-4798-817D-A07A3611879B}\MpKslc49ee383.sys
2011/04/19 15:38:03.0390 3768 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/19 15:38:03.0437 3768 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/19 15:38:03.0468 3768 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/19 15:38:03.0531 3768 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/19 15:38:03.0562 3768 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/19 15:38:03.0609 3768 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/19 15:38:03.0625 3768 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/19 15:38:03.0656 3768 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/19 15:38:03.0687 3768 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/19 15:38:03.0718 3768 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/19 15:38:03.0765 3768 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/19 15:38:03.0812 3768 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/19 15:38:03.0843 3768 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/19 15:38:03.0875 3768 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/19 15:38:03.0921 3768 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/19 15:38:03.0968 3768 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/19 15:38:04.0000 3768 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/19 15:38:04.0046 3768 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/19 15:38:04.0078 3768 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/19 15:38:04.0140 3768 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/19 15:38:04.0171 3768 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/19 15:38:04.0218 3768 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/19 15:38:04.0265 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/19 15:38:04.0359 3768 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/19 15:38:04.0437 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/19 15:38:04.0468 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/19 15:38:04.0500 3768 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/19 15:38:04.0531 3768 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/19 15:38:04.0593 3768 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/19 15:38:04.0625 3768 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/19 15:38:04.0656 3768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/19 15:38:04.0687 3768 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/19 15:38:04.0734 3768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/19 15:38:04.0781 3768 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/19 15:38:04.0906 3768 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/19 15:38:04.0937 3768 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/19 15:38:05.0031 3768 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/19 15:38:05.0078 3768 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/19 15:38:05.0109 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/19 15:38:05.0171 3768 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/19 15:38:05.0187 3768 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/19 15:38:05.0234 3768 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/19 15:38:05.0265 3768 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/19 15:38:05.0281 3768 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/19 15:38:05.0328 3768 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/19 15:38:05.0359 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/19 15:38:05.0390 3768 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/19 15:38:05.0437 3768 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/19 15:38:05.0453 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/19 15:38:05.0515 3768 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/19 15:38:05.0531 3768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/19 15:38:05.0578 3768 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/19 15:38:05.0640 3768 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/19 15:38:05.0671 3768 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/19 15:38:05.0734 3768 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/19 15:38:05.0843 3768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/19 15:38:05.0906 3768 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/04/19 15:38:05.0953 3768 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/19 15:38:05.0984 3768 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/19 15:38:06.0046 3768 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/04/19 15:38:06.0109 3768 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/19 15:38:06.0140 3768 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/19 15:38:06.0187 3768 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/19 15:38:06.0218 3768 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/19 15:38:06.0281 3768 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/19 15:38:06.0312 3768 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/19 15:38:06.0375 3768 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/19 15:38:06.0406 3768 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/19 15:38:06.0484 3768 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/19 15:38:06.0562 3768 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/19 15:38:06.0609 3768 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/19 15:38:06.0640 3768 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/19 15:38:06.0671 3768 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/19 15:38:06.0703 3768 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/19 15:38:06.0734 3768 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/19 15:38:06.0750 3768 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/19 15:38:06.0781 3768 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/19 15:38:06.0812 3768 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/19 15:38:06.0890 3768 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/19 15:38:06.0937 3768 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/19 15:38:06.0968 3768 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/19 15:38:07.0000 3768 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/19 15:38:07.0062 3768 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/19 15:38:07.0109 3768 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/19 15:38:07.0156 3768 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/19 15:38:07.0203 3768 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/19 15:38:07.0234 3768 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/19 15:38:07.0296 3768 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/19 15:38:07.0328 3768 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/19 15:38:07.0375 3768 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/19 15:38:07.0421 3768 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/19 15:38:07.0515 3768 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/19 15:38:07.0593 3768 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/19 15:38:07.0625 3768 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/19 15:38:07.0703 3768 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/19 15:38:07.0765 3768 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/19 15:38:07.0796 3768 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/19 15:38:07.0828 3768 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/19 15:38:07.0859 3768 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/19 15:38:07.0906 3768 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/19 15:38:07.0953 3768 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/19 15:38:07.0984 3768 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/19 15:38:08.0015 3768 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/19 15:38:08.0062 3768 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/19 15:38:08.0093 3768 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/19 15:38:08.0125 3768 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/19 15:38:08.0156 3768 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/19 15:38:08.0171 3768 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/19 15:38:08.0234 3768 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/19 15:38:08.0296 3768 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/04/19 15:38:08.0359 3768 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/19 15:38:08.0531 3768 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/19 15:38:08.0593 3768 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/19 15:38:08.0703 3768 ================================================================================
2011/04/19 15:38:08.0703 3768 Scan finished
2011/04/19 15:38:08.0703 3768 ================================================================================
2011/04/19 15:38:08.0718 1664 Detected object count: 1
2011/04/19 15:38:53.0187 1664 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/19 15:38:53.0359 1664 Backup copy not found, trying to cure infected file..
2011/04/19 15:38:53.0359 1664 Cure success, using it..
2011/04/19 15:38:53.0437 1664 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/04/19 15:38:53.0437 1664 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/04/19 15:39:03.0453 2424 Deinitialize success

#23
BlackOxide

Posted 20 April 2011 - 11:36 AM

Trusted Helper

Malware Removal
1,976 posts

Thanks for posting the log. TDSSKiller looks to have successfully cured that infected file

Can you let me know if you are experiencing any problems now or does everything seem fine.

If you could also just get me a fresh OTL log, so I can check to see if it is still appears clean. Overall though your logs are looking very good.

OTL Quick Scan

Double click on the OTL icon to run it.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window.
Please post the contents of this log

#24
mary58

Posted 20 April 2011 - 05:51 PM

Member

Topic Starter
Member
105 posts

Everything seems fine now, of course the computer hasn't been turned on very much recently.
Here is the OTL log. Thankyou.

OTL logfile created on: 4/20/2011 4:38:28 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 20.54 Gb Free Space | 14.27% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)

========== Driver Services (SafeList) ==========

DRV - [2011/04/20 16:34:03 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1376B4BE-9E3E-4798-817D-A07A3611879B}\MpKsldbc9228f.sys -- (MpKsldbc9228f)
DRV - [2011/04/19 15:39:51 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS -- (VolSnap)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/17 13:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/17 13:46:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\tdsskiller
[2011/04/17 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/17 15:01:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/17 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/17 13:31:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/17 13:31:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/17 13:31:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/17 13:31:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/17 13:28:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/16 22:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/16 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/16 15:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\fixing virus
[2011/04/16 14:48:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/16 10:33:20 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/20 16:41:03 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/20 16:39:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/20 16:34:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/20 16:34:36 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/20 16:34:18 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 16:33:56 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/20 16:33:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/20 16:33:47 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 15:48:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 15:39:51 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2011/04/19 15:36:01 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/04/17 20:41:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/17 17:52:43 | 000,044,074 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2011/04/17 15:15:37 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:46:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/17 13:36:08 | 000,000,325 | RHS- | M] () -- C:\BOOT.INI
[2011/04/17 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/17 13:26:07 | 004,323,312 | R--- | M] () -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2011/04/16 10:33:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:27:07 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/04/19 15:35:47 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/04/17 15:04:11 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:36:08 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/04/17 13:36:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/17 13:31:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/17 13:31:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/17 13:31:12 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/17 13:31:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/17 13:31:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/17 13:25:40 | 004,323,312 | R--- | C] () -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 16:26:40 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe
[2011/04/15 15:48:14 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,044,074 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/08/02 20:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/04/17 15:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/18 15:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/20 16:33:56 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/20 16:39:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/17 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >

#25
BlackOxide

Posted 21 April 2011 - 01:41 PM

Trusted Helper

Malware Removal
1,976 posts

Good stuff, your logs now appear clean

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Just let me know if you do experience any issues when you next get to use it properly. If you're happy with everything, you should be all good to go now

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.

========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR, RogueKiller and TDSSKiller from the Desktop (if present)

2)
Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points

Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
```
:Commands
[CLEARALLRESTOREPOINTS]
```
Then Click Run Fix

4)
OTL Cleanup

Open OTL
Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates

Click the Start button
Click Control Panel
Double Click Java
Click the Update tab
Click Update Now
Allow any updates to be downloaded and installed

Adobe Reader updates

Open Adobe Reader
Click Help on the menu at the top
Click Check for Updates
Allow any updates to be downloaded and installed

========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.

Have fun and stay safe online
BlackOxide

#26
mary58

Posted 26 April 2011 - 10:27 PM

Member

Topic Starter
Member
105 posts

I'm finally getting around to the final steps here. I got to removing ComboFix, and couldn't find Microsoft Security essentials to disable it. I do have the Security Center Icon, and through that I am not able to turn on Windows automatic updates or turn off Security Essentials. Most of my programs are working ok, looks like I'll have to reinstall Microsoft Word, but for now can open my documents another way. I continued with removing ComboFix, but don't know if it fully uninstalled since it had requested I disable Security Essentials. I decided to run Malware bytes and it came up with 6 Trojans, which I had it remove, while it was running Security Essentials popped up with something again, which I had it remove. I have tried to update Malware Bytes, but for some reason it won't do that. I'm sending another OTL log for you to look over.

OTL logfile created on: 4/26/2011 9:18:40 PM - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 25.62 Gb Free Space | 17.79% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)

========== Driver Services (SafeList) ==========

DRV - [2011/04/26 21:08:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8703D172-8626-4C75-B37B-B0B346C5007C}\MpKsle29f9d95.sys -- (MpKsle29f9d95)
DRV - [2011/04/19 15:39:51 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS -- (VolSnap)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine [2011/04/23 19:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar [2011/04/23 19:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/23 14:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/23 14:31:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/26 19:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/17 13:46:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GetDailyCoupon.com Toolbar) - {F8E689F4-E66C-41be-8497-AD9556FBE439} - C:\Program Files\SBar\ToolBand.dll (GetDailyCoupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 12:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\BabylonToolbar
[2011/04/23 19:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\SBar
[2011/04/23 19:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/04/23 14:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/04/23 14:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/04/19 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\tdsskiller
[2011/04/17 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/17 15:01:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/17 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/16 22:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/16 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/16 14:48:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/16 10:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/26 21:13:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/26 21:09:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/26 21:08:48 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/26 21:08:31 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 21:08:25 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/26 21:08:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/26 21:08:19 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 20:48:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/26 20:41:07 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/26 20:41:06 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/26 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/25 15:29:58 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to CCleaner.lnk
[2011/04/19 15:39:51 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2011/04/17 17:52:43 | 000,044,074 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2011/04/17 15:15:37 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:46:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/17 13:36:08 | 000,000,325 | RHS- | M] () -- C:\BOOT.INI
[2011/04/16 10:33:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 15:48:14 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:06:51 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/04/25 15:29:58 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to CCleaner.lnk
[2011/04/17 15:04:11 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:36:08 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/04/17 13:36:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 15:48:14 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,044,074 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/08/02 20:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/04/17 15:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/04/18 15:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2011/04/24 12:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BabylonToolbar
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/26 21:08:25 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/26 21:13:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/26 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >

#27
BlackOxide

Posted 27 April 2011 - 04:38 PM

Trusted Helper

Malware Removal
1,976 posts

Yep, you've been infected again by the sounds of it. Thanks for posting a fresh OTL log. I'll go over your OTL log closely tomorrow as I've only just got back home. In the meantime could you post your most recent MBAM log for me please, thanks

Open MBAM and click the Logs tab at the top
They should be in Date/Time order, please choose the log from the previous run whereby those infections were removed, then click Open.
Copy and Paste the log into your next reply

#28
mary58

Posted 27 April 2011 - 05:48 PM

Member

Topic Starter
Member
105 posts

I've done a few things today, so that the OTL log I posted last night isn't fresh. I've completed the cleanup steps you had previously suggested, hoping to protect my computer from any more Malware, and installed Spyware Blaster and the Firefox Addons. I had already run Malware Bytes again and it had showed clean but am posting that log for you now. And will also post a new OTL log. Then will wait for your response before doing anything else. I am still unable to update Malware Bytes, and am unable to run Windows Updates, and still can't figure out how to turn Security Essentials off.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6370

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/27/2011 4:36:09 PM
mbam-log-2011-04-27 (16-36-09).txt

Scan type: Quick scan
Objects scanned: 212752
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 4/27/2011 4:41:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 264.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 25.59 Gb Free Space | 17.77% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 16:27:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/04/27 16:27:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)

========== Driver Services (SafeList) ==========

DRV - [2011/04/27 13:12:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8703D172-8626-4C75-B37B-B0B346C5007C}\MpKsl4d4b585c.sys -- (MpKsl4d4b585c)
DRV - [2011/04/19 15:39:51 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS -- (VolSnap)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine [2011/04/23 19:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar [2011/04/23 19:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/27 13:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/23 14:31:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/26 19:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/17 13:46:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GetDailyCoupon.com Toolbar) - {F8E689F4-E66C-41be-8497-AD9556FBE439} - C:\Program Files\SBar\ToolBand.dll (GetDailyCoupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 16:27:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/27 12:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/27 12:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/27 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/24 12:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\BabylonToolbar
[2011/04/23 19:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\SBar
[2011/04/23 19:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/04/23 14:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/04/23 14:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/04/17 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/17 15:01:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/17 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/16 22:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/16 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/27 16:27:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/27 15:48:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 15:47:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/27 13:47:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/27 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/27 13:17:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/27 13:17:49 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 13:17:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/27 13:12:05 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/27 13:12:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/27 13:11:59 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 12:52:01 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SpywareBlaster.lnk
[2011/04/27 12:41:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to mbam.lnk
[2011/04/27 10:57:20 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/27 10:47:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/25 15:29:58 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to CCleaner.lnk
[2011/04/19 15:39:51 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2011/04/17 17:52:43 | 000,044,074 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2011/04/17 15:15:37 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:46:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/17 13:36:08 | 000,000,325 | RHS- | M] () -- C:\BOOT.INI
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 15:48:14 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/04/27 12:52:01 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SpywareBlaster.lnk
[2011/04/27 12:41:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to mbam.lnk
[2011/04/25 15:29:58 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to CCleaner.lnk
[2011/04/17 15:04:11 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:36:08 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/04/17 13:36:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 15:48:14 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,044,074 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/08/02 20:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/04/17 15:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/27 12:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/18 15:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2011/04/24 12:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BabylonToolbar
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/27 13:12:05 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/27 13:17:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/27 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >

OTL Extras logfile created on: 4/27/2011 4:41:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 264.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 25.59 Gb Free Space | 17.77% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"" =
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
"" =
"427:TCP" = 427:TCP:LocalSubNet:Disabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Disabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Mom\My Documents\NetSetClient.exe" = C:\Documents and Settings\Mom\My Documents\NetSetClient.exe:*:Enabled:NetSetClient -- (Gteko Ltd.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe" = C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe:*:Enabled:MyPoints Toolbar 2.0 (Helper) -- (FreeCause Inc.)
"C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe" = C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe:*:Enabled:MyPoints Toolbar 2.0 (Update) -- (FreeCause Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{1445ECFA-AD4B-4f22-A1D2-DDB81354EC1D}" = Snapfish PictureMover
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{250F2B64-1729-4A6F-A3A4-17B478C03431}" = TurboTax 2010 woriper
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30E6EEA3-9375-41EA-B83A-189A5766090B}" = Sears
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C024FB0-EAA2-012B-AE8A-000000000000}" = TurboTax 2009 woriper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459E0590-ECD4-490E-9E52-3EF1F1782225}" = Dawn
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"{4B81F85C-728F-4316-B2FF-F4169317EC36}" = AlarmXP Pro
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54579CE4-5DB5-11D6-A7DD-F76237061D3F}" = Print Perfect Gold
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70841508-9E4E-4949-B324-523D61EF22F2}" = My Ebook Library
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{808AE71A-0B00-4D19-B4CE-57A55622F0B5}" = Homeschool Tracker Basic
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83FC2D98-CB55-4E05-82C1-EDC8A4E8EDD2}" = Garmin MapSource
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}" = Dealio Toolbar v4.3
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BC489586-33E9-412D-BA70-485F3EA92DBE}" = DaisyTrail Digikit Collection 1
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD93F118-7334-0F0D-A3B8-43F67989D1AF}" = YNAB 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDA822A4-8F8A-4377-924C-D36B24F52233}" = EasyChild
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E1AA659A-DC45-4670-AF13-E55694887566}" = HomeSchool Minder
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F523EA0F-D930-4825-A69D-AC8407A4DFA0}" = TurboTax 2008 woriper
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BabylonToolbar" = Babylon toolbar
"CCleaner" = CCleaner
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"ESET Online Scanner" = ESET Online Scanner v3
"FLYLADY BenefitBar" = FLYLADY BenefitBar
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Greetings Workshop" = Greetings Workshop
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}" = Nokia Connectivity Cable Driver
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"InternetEngine" = Internet Engine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSOffice" = Microsoft Office Professional
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"MyPoints Toolbar 2.0" = MyPoints Toolbar 2.0
"New LEGO Digital Designer" = LEGO Digital Designer
"Northwest Trails" = Northwest Trails
"PDFZilla_is1" = PDFZilla V1.0.7
"Photodex Presenter" = Photodex Presenter
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Pixillion" = Pixillion Image Converter
"Premium Awana VerseMinder_is1" = Premium Awana VerseMinder 01.39 905281
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.91
"Shockwave" = Shockwave
"Shopping List for Windows 95/98/00/ME/NT/XP" = Shopping List for Windows 95/98/00/ME/NT/XP
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST4UNST #1" = Awana
"ST6UNST #1" = TranscriptPro Version 3.0
"StartWrite50" = StartWrite
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Teknia Language Tools (Greek)" = Teknia Language Tools (Greek)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TikTokCook_is1" = TikTokToDo ver 2.9.2.12
"TTB000001.TTB000001Toolbar" = CouponBar
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"Upromise TurboSaver" = Upromise TurboSaver (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"WordWeb" = WordWeb
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"XNote Stopwatch" = XNote Stopwatch 1.50
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2011 1:40:07 PM | Computer Name = MARYP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/26/2011 9:39:07 PM | Computer Name = MARYP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x10005c2e.

Error - 4/26/2011 9:39:24 PM | Computer Name = MARYP | Source = Application Error | ID = 1000
Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module
DBGHELP.DLL, version 5.1.2600.2180, fault address 0x0001295d.

Error - 4/26/2011 9:43:21 PM | Computer Name = MARYP | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2011 12:08:41 AM | Computer Name = MARYP | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2011 1:25:54 PM | Computer Name = MARYP | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2011 1:57:38 PM | Computer Name = MARYP | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2011 2:08:07 PM | Computer Name = MARYP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/27/2011 4:12:15 PM | Computer Name = MARYP | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/27/2011 7:24:42 PM | Computer Name = MARYP | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Media Center Events ]
Error - 4/14/2006 7:16:04 PM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/14/2006 4:16:04 PM. You may need to reschedule your recordings.

Error - 6/13/2006 11:54:08 AM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 6/13/2006 8:54:08 AM. You may need to reschedule your recordings.

Error - 7/10/2007 8:02:19 PM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/10/2007 5:02:19 PM. You may need to reschedule your recordings.

Error - 7/29/2008 6:11:39 PM | Computer Name = MARYP | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/29/2008 3:11:39 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 4/26/2011 9:44:51 PM | Computer Name = MARYP | Source = Print | ID = 6161
Description = The document Test Page owned by Mom failed to print on printer HP
Photosmart Premium C309g-m. Data type: NT EMF 1.008. Size of the spool file in bytes:
178344. Number of bytes printed: 4128. Total number of pages in the document: 1.
Number of pages printed: 0. Client machine: \\MARYP. Win32 error code returned
by the print processor: 259 (0x103).

Error - 4/26/2011 9:53:16 PM | Computer Name = MARYP | Source = Microsoft Antimalware | ID = 1014
Description = %%860 has encountered an error trying to remove history of malware
and other potentially unwanted software. Time: 3/27/2011 6:53:15 PM User: NT AUTHORITY\SYSTEM

Error
Code: 0x80070005 Error description: Access is denied.

Error - 4/27/2011 12:08:54 AM | Computer Name = MARYP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 4/27/2011 1:53:34 PM | Computer Name = MARYP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/27/2011 1:53:35 PM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 4/27/2011 1:57:38 PM | Computer Name = MARYP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/27/2011 1:57:42 PM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 4/27/2011 2:08:07 PM | Computer Name = MARYP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.427.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 4/27/2011 4:12:21 PM | Computer Name = MARYP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/27/2011 4:12:23 PM | Computer Name = MARYP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

#29
BlackOxide

Posted 28 April 2011 - 12:52 PM

Trusted Helper

Malware Removal
1,976 posts

Hey,

I have a sneaky suspicion that you may have been re-infected with the TDL Rootkit that we removed not long ago. Could you run a scan with TDSSKiller and then if you can, get back to me with the MBAM log where those 6 infections were removed. Don't worry about disabling Security Essentials. Even if ComboFix did not remove itself properly, OTL would take care of the leftovers

1)
Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2)
Could you see if you can find the MBAM log which showed those approx 6 infections that you recently removed.

In your next reply
Please post the contents of...
TDSSKiller log
MBAM log

#30
mary58

Posted 28 April 2011 - 01:23 PM

Member

Topic Starter
Member
105 posts

Thanks Again

Here is the TDSS log

2011/04/28 12:15:36.0546 1608 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 12:15:37.0218 1608 ================================================================================
2011/04/28 12:15:37.0218 1608 SystemInfo:
2011/04/28 12:15:37.0218 1608
2011/04/28 12:15:37.0218 1608 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/28 12:15:37.0218 1608 Product type: Workstation
2011/04/28 12:15:37.0218 1608 ComputerName: MARYP
2011/04/28 12:15:37.0218 1608 UserName: Mom
2011/04/28 12:15:37.0218 1608 Windows directory: C:\WINDOWS
2011/04/28 12:15:37.0218 1608 System windows directory: C:\WINDOWS
2011/04/28 12:15:37.0218 1608 Processor architecture: Intel x86
2011/04/28 12:15:37.0218 1608 Number of processors: 2
2011/04/28 12:15:37.0218 1608 Page size: 0x1000
2011/04/28 12:15:37.0218 1608 Boot type: Normal boot
2011/04/28 12:15:37.0218 1608 ================================================================================
2011/04/28 12:15:38.0328 1608 Initialize success
2011/04/28 12:15:40.0453 2540 ================================================================================
2011/04/28 12:15:40.0453 2540 Scan started
2011/04/28 12:15:40.0453 2540 Mode: Manual;
2011/04/28 12:15:40.0453 2540 ================================================================================
2011/04/28 12:15:40.0734 2540 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/28 12:15:40.0765 2540 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/28 12:15:40.0812 2540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/28 12:15:40.0843 2540 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/28 12:15:40.0921 2540 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/28 12:15:40.0968 2540 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/28 12:15:41.0031 2540 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/28 12:15:41.0062 2540 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/28 12:15:41.0093 2540 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/28 12:15:41.0125 2540 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/28 12:15:41.0187 2540 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/28 12:15:41.0328 2540 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/28 12:15:41.0406 2540 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/28 12:15:41.0468 2540 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/28 12:15:41.0546 2540 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/28 12:15:41.0625 2540 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/28 12:15:41.0687 2540 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/28 12:15:41.0703 2540 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/28 12:15:41.0765 2540 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/28 12:15:41.0859 2540 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/04/28 12:15:42.0078 2540 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/28 12:15:42.0140 2540 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/28 12:15:42.0218 2540 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/28 12:15:42.0312 2540 atinewp2 (34e74fab657dc47031330dfa30ee7e38) C:\WINDOWS\system32\DRIVERS\atinewp2.sys
2011/04/28 12:15:42.0343 2540 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/28 12:15:42.0390 2540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/28 12:15:42.0437 2540 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/28 12:15:42.0484 2540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/28 12:15:42.0562 2540 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/28 12:15:42.0578 2540 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/28 12:15:42.0625 2540 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/28 12:15:42.0671 2540 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/04/28 12:15:42.0703 2540 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/28 12:15:42.0750 2540 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/28 12:15:42.0812 2540 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/28 12:15:42.0875 2540 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/28 12:15:42.0890 2540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/28 12:15:42.0937 2540 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/28 12:15:42.0968 2540 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/28 12:15:43.0000 2540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/28 12:15:43.0031 2540 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/28 12:15:43.0062 2540 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/28 12:15:43.0156 2540 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/28 12:15:43.0203 2540 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/28 12:15:43.0250 2540 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/28 12:15:43.0281 2540 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/28 12:15:43.0312 2540 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/28 12:15:43.0375 2540 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/28 12:15:43.0406 2540 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/28 12:15:43.0437 2540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/28 12:15:43.0484 2540 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/28 12:15:43.0515 2540 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/28 12:15:43.0546 2540 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/28 12:15:43.0593 2540 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/28 12:15:43.0640 2540 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/28 12:15:43.0750 2540 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/28 12:15:43.0828 2540 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/04/28 12:15:43.0859 2540 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/28 12:15:43.0937 2540 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/28 12:15:44.0000 2540 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/28 12:15:44.0046 2540 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/28 12:15:44.0078 2540 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/28 12:15:44.0125 2540 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/28 12:15:44.0156 2540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/28 12:15:44.0187 2540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/28 12:15:44.0218 2540 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/28 12:15:44.0265 2540 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/04/28 12:15:44.0359 2540 HidIr (1f695c5e013ba11a1901d8b845111b7e) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/04/28 12:15:44.0406 2540 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/28 12:15:44.0437 2540 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/28 12:15:44.0515 2540 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/28 12:15:44.0546 2540 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/28 12:15:44.0578 2540 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/28 12:15:44.0625 2540 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/28 12:15:44.0656 2540 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/28 12:15:44.0687 2540 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/28 12:15:44.0718 2540 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/28 12:15:44.0765 2540 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/04/28 12:15:44.0812 2540 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/28 12:15:44.0843 2540 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/28 12:15:44.0921 2540 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/04/28 12:15:45.0000 2540 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/04/28 12:15:45.0062 2540 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/04/28 12:15:45.0093 2540 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/28 12:15:45.0125 2540 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/28 12:15:45.0171 2540 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/28 12:15:45.0203 2540 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/28 12:15:45.0250 2540 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/28 12:15:45.0296 2540 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/28 12:15:45.0343 2540 IrBus (3dcdb9480fc39b5f3bd6298296213c26) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/04/28 12:15:45.0375 2540 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/28 12:15:45.0421 2540 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/28 12:15:45.0453 2540 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/28 12:15:45.0500 2540 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/28 12:15:45.0546 2540 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/28 12:15:45.0593 2540 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/28 12:15:45.0718 2540 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/28 12:15:45.0765 2540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/28 12:15:45.0812 2540 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/28 12:15:45.0828 2540 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/28 12:15:45.0859 2540 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/04/28 12:15:45.0890 2540 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/28 12:15:45.0921 2540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/28 12:15:45.0968 2540 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/28 12:15:46.0000 2540 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/28 12:15:46.0093 2540 MpKsl06e4d43c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8703D172-8626-4C75-B37B-B0B346C5007C}\MpKsl06e4d43c.sys
2011/04/28 12:15:46.0375 2540 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/28 12:15:46.0421 2540 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/28 12:15:46.0468 2540 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/28 12:15:46.0515 2540 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/28 12:15:46.0562 2540 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/28 12:15:46.0609 2540 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/28 12:15:46.0640 2540 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/28 12:15:46.0671 2540 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/28 12:15:46.0703 2540 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/28 12:15:46.0734 2540 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/28 12:15:46.0781 2540 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/28 12:15:46.0812 2540 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/28 12:15:46.0843 2540 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/28 12:15:46.0890 2540 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/28 12:15:46.0921 2540 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/28 12:15:46.0953 2540 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/28 12:15:46.0984 2540 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/28 12:15:47.0015 2540 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/28 12:15:47.0046 2540 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/28 12:15:47.0125 2540 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/28 12:15:47.0171 2540 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/28 12:15:47.0218 2540 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/28 12:15:47.0281 2540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/28 12:15:47.0359 2540 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/28 12:15:47.0453 2540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/28 12:15:47.0468 2540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/28 12:15:47.0515 2540 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/28 12:15:47.0562 2540 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/28 12:15:47.0625 2540 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/28 12:15:47.0656 2540 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/28 12:15:47.0703 2540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/28 12:15:47.0718 2540 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/28 12:15:47.0765 2540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/28 12:15:47.0828 2540 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/28 12:15:47.0953 2540 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/28 12:15:47.0968 2540 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/28 12:15:48.0078 2540 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/28 12:15:48.0125 2540 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/28 12:15:48.0156 2540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/28 12:15:48.0218 2540 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/28 12:15:48.0234 2540 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/28 12:15:48.0265 2540 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/28 12:15:48.0296 2540 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/28 12:15:48.0328 2540 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/28 12:15:48.0359 2540 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/28 12:15:48.0375 2540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/28 12:15:48.0421 2540 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/28 12:15:48.0453 2540 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/28 12:15:48.0484 2540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/28 12:15:48.0531 2540 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/28 12:15:48.0562 2540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/28 12:15:48.0609 2540 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/28 12:15:48.0671 2540 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/28 12:15:48.0718 2540 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/28 12:15:48.0781 2540 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/28 12:15:48.0890 2540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/28 12:15:48.0953 2540 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/04/28 12:15:49.0015 2540 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/28 12:15:49.0062 2540 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/28 12:15:49.0140 2540 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/04/28 12:15:49.0203 2540 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/28 12:15:49.0234 2540 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/28 12:15:49.0296 2540 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/28 12:15:49.0328 2540 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/28 12:15:49.0375 2540 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/28 12:15:49.0406 2540 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/28 12:15:49.0468 2540 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/28 12:15:49.0515 2540 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/28 12:15:49.0546 2540 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/28 12:15:49.0609 2540 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/28 12:15:49.0640 2540 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/28 12:15:49.0671 2540 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/28 12:15:49.0718 2540 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/28 12:15:49.0750 2540 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/28 12:15:49.0796 2540 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/28 12:15:49.0812 2540 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/28 12:15:49.0843 2540 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/28 12:15:49.0875 2540 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/28 12:15:49.0953 2540 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/28 12:15:50.0000 2540 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/28 12:15:50.0046 2540 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/28 12:15:50.0062 2540 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/28 12:15:50.0140 2540 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/28 12:15:50.0203 2540 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/28 12:15:50.0250 2540 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/28 12:15:50.0281 2540 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/28 12:15:50.0375 2540 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/28 12:15:50.0437 2540 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/28 12:15:50.0515 2540 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/28 12:15:50.0562 2540 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/28 12:15:50.0609 2540 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/28 12:15:50.0703 2540 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/28 12:15:50.0750 2540 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/28 12:15:50.0781 2540 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/28 12:15:50.0843 2540 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/28 12:15:50.0921 2540 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/28 12:15:50.0953 2540 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/28 12:15:50.0984 2540 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/28 12:15:51.0015 2540 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/28 12:15:51.0062 2540 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/28 12:15:51.0109 2540 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/28 12:15:51.0156 2540 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/28 12:15:51.0203 2540 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/28 12:15:51.0250 2540 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/28 12:15:51.0281 2540 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/28 12:15:51.0312 2540 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/28 12:15:51.0359 2540 VolSnap (19fbe5878a3f3426860b7b0007629bcd) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/28 12:15:51.0468 2540 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/28 12:15:51.0546 2540 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/04/28 12:15:51.0625 2540 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/28 12:15:51.0781 2540 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/28 12:15:51.0828 2540 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/28 12:15:51.0921 2540 ================================================================================
2011/04/28 12:15:51.0921 2540 Scan finished
2011/04/28 12:15:51.0921 2540 ================================================================================

And the MalwareBytes log with the 6 infected items

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6370

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/26/2011 9:05:05 PM
mbam-log-2011-04-26 (21-05-05).txt

Scan type: Quick scan
Objects scanned: 212259
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Object\bho_project.dll (Trojan.BHO) -> Quarantined and deleted successfully.