Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot remove or download programs, computer very slow!


  • This topic is locked This topic is locked

#1
peta.grrl

peta.grrl

    Member

  • Member
  • PipPip
  • 23 posts
I don't know how long this has been going on but I've been trying to fix my magicJack problems the last 5 or 6 days steady and I've discovered that I can't remove or download any programs. I've been asked, by the mJ staff, to download Java updates and allow them to remotely access my computer (to fix these stupid mJ probs for good!) but these aren't allowed by my computer. I keep getting a message, "Windows Installer Service could not be accessed" when I'm trying to download.

When I go into Add/Remove Programs to get rid of programs I'm not using (such as Firefox), I click on remove and it just flickers another window (I just see a quick, slight glimpse and it's gone) and then it ignores my request. I've tried, twice now, to do a System Restore but it hasn't fixed anything. I have run scans with Avast, Malwarebytes and Ad-Aware but they have all found nothing.

I know there's something very wrong with my computer and need some serious help to fix it...and wouldn't it be lovely to finally fix this magicJack at the same time?!

Added July 16, 2011

Now my computer is telling me that my Virtual Memory is too low. Also, I can be looking at one page and all of a sudden my computer will bring up a page I've closed. It now takes up to 3 minutes for a page to load, all the time.


OTL logfile created on: 7/11/2011 11:22:51 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cara-Leigh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 117.99 Mb Available Physical Memory | 11.64% Memory free
2.38 Gb Paging File | 1.51 Gb Available in Paging File | 63.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.87 Gb Total Space | 23.32 Gb Free Space | 51.97% Space Free | Partition Type: NTFS
Drive D: | 45.35 Gb Total Space | 45.22 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

Computer Name: DRSLAPTOP | User Name: Cara-Leigh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 23:19:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/22 13:34:50 | 002,408,448 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/16 05:51:00 | 022,119,824 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp\magicJack.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/18 21:45:23 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/11 20:21:00 | 000,200,704 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2004/10/08 15:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 23:19:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/08 15:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySql)
SRV - File not found [Disabled | Stopped] -- -- (Awmcnkh)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/06/06 20:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Disabled | Stopped] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 20:10:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82A62AC3-DC81-4C60-B4EE-0728111B3CE8}\MpKslfed96d7c.sys -- (MpKslfed96d7c)
DRV - [2011/07/08 00:03:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82A62AC3-DC81-4C60-B4EE-0728111B3CE8}\MpKsld6b77242.sys -- (MpKsld6b77242)
DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/06 02:25:58 | 000,044,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUCcid.sys -- (RSUSBCCID)
DRV - [2009/11/06 02:25:58 | 000,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUIr.sys -- (RtsUIr)
DRV - [2009/01/21 08:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/30 17:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/30 16:16:58 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/06/30 16:16:06 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/06/30 16:16:02 | 000,716,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/07 19:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/14 16:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/10 16:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/16 13:06:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/07/19 14:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thecomedynetwork.ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.ca/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...728,16969,0,8,0
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/11 20:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 19:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/11 19:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Extensions
[2011/07/11 19:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions
[2011/07/11 19:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/07/11 19:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions\[email protected]
[2011/07/11 19:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions\[email protected]
[2011/07/11 19:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1293144173619 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1293144229119 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 18:39:24 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 23:19:24 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
[2011/07/11 20:15:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/11 19:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Start Menu\Programs\Spiceworks
[2011/07/11 19:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spiceworks
[2011/07/11 19:57:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cara-Leigh\Recent
[2011/07/11 19:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\tjnet
[2011/07/11 19:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\magicJack
[2011/07/11 19:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp
[2011/07/11 19:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedItup Free
[2011/07/11 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedItup Free
[2011/07/11 17:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(4)
[2011/07/11 16:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\tjnet(2)
[2011/07/11 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\Sun
[2011/07/11 15:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hsswpr
[2011/07/11 13:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Conduit
[2011/07/11 13:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield
[2011/07/11 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2011/07/11 11:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp(2)
[2011/07/08 23:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Laser Printing
[2011/07/08 14:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\DDMSettings
[2011/07/08 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/07/08 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/07/08 00:31:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/07/07 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/07 23:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/07 23:41:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/07 23:41:57 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/07 23:41:51 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/07 23:41:51 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/07 23:41:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/07 23:41:50 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/07 23:41:50 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/07 23:41:49 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/07 23:40:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/07 23:40:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/07 23:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/07/07 23:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/07/04 20:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(3)
[2011/07/04 15:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2011/07/04 15:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Chipset_Intel_6.3.0.1007_XPx86
[2011/07/04 15:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\Intel
[2011/07/04 15:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011/07/04 15:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Wireless_Intel_9.0.3.9_XPx86
[2011/07/03 23:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\SpeedItUp
[2011/07/03 20:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2011/07/03 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2011/07/03 20:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/07/03 20:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater
[2011/07/03 20:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/06/28 19:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\AskToolbar
[2011/06/28 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/06/18 23:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Insider Tales - The Stolen Venus 2
[2011/06/18 23:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Insider Tales - The Stolen Venus 2
[2011/06/18 13:27:46 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/06/18 00:04:16 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/06/17 22:50:00 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/06/17 21:01:42 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/06/17 21:00:21 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/06/17 20:18:22 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/06/12 23:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\Dream Aquarium
[2011/06/12 22:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Rental Disputes
[2011/06/12 22:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Bible, Service Products
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3863 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 23:19:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
[2011/07/11 20:26:36 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/11 20:25:57 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/11 20:25:57 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/11 20:25:56 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\magicJack.lnk
[2011/07/11 20:15:19 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/11 20:14:51 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/11 20:14:21 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/11 20:14:19 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/07/11 20:12:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 20:09:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 20:08:53 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 17:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 16:22:17 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Self-Service Support.url
[2011/07/11 12:54:44 | 000,280,620 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Bad audio quality.pdf
[2011/07/08 04:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/08 03:58:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 03:57:39 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A66A6A00-5E7B-4145-A922-2DD292CA2173}.job
[2011/07/08 03:21:03 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009UA.job
[2011/07/08 00:31:55 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2011/07/08 00:05:15 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/07 23:40:57 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/07 23:35:36 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/07/07 23:09:44 | 000,001,668 | ---- | M] () -- C:\WINDOWS\System32\.ini
[2011/07/07 21:44:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 20:34:52 | 001,008,488 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_52_000169f0.dmp
[2011/07/07 20:34:44 | 001,008,817 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_40_00013db0.dmp
[2011/07/07 20:34:18 | 001,009,889 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_15_0000dc65.dmp
[2011/07/04 22:52:18 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Win a trip around the World with Sofitel.url
[2011/07/04 13:26:20 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\I need someone to help at farmers markets.url
[2011/07/04 13:24:36 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Retired, Semi-Retired or Homemakers.url
[2011/07/04 09:21:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009Core.job
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/27 17:32:56 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Dollar Store ad.rtf
[2011/06/23 14:59:14 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Dis.Chq. Dts.url
[2011/06/22 10:29:15 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\RBC.url
[2011/06/21 03:14:06 | 000,456,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 03:14:06 | 000,075,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3863 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 19:33:15 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/07/11 19:33:15 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/07/11 19:33:15 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/07/11 19:33:14 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/07/11 19:33:14 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/07/11 19:33:14 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/07/11 19:33:14 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/07/11 19:33:14 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/07/11 19:33:14 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/07/11 19:33:14 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/07/11 19:33:14 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/07/11 19:33:14 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/07/11 19:33:14 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/07/11 19:33:13 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/07/11 19:33:13 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2011/07/11 19:33:13 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/07/11 19:33:13 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/07/11 19:33:13 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2011/07/11 19:33:13 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/07/11 19:33:13 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2011/07/11 17:38:27 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 16:22:17 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Self-Service Support.url
[2011/07/11 12:54:39 | 000,280,620 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Bad audio quality.pdf
[2011/07/08 00:31:55 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2011/07/07 23:59:26 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/07/07 23:58:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/07 23:54:00 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/07 23:53:25 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/07 23:41:59 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/07 23:35:36 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/07/07 23:09:44 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/07/07 20:34:52 | 001,008,488 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_52_000169f0.dmp
[2011/07/07 20:34:44 | 001,008,817 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_40_00013db0.dmp
[2011/07/07 20:34:15 | 001,009,889 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_15_0000dc65.dmp
[2011/07/04 22:52:18 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Win a trip around the World with Sofitel.url
[2011/07/04 13:26:20 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\I need someone to help at farmers markets.url
[2011/07/04 13:24:36 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Retired, Semi-Retired or Homemakers.url
[2011/06/28 19:01:14 | 000,000,244 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/27 17:32:56 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Dollar Store ad.rtf
[2011/06/18 20:38:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/15 17:49:55 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/14 22:18:37 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Dis.Chq. Dts.url
[2011/04/20 23:40:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 23:40:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/28 00:01:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\housecall.guid.cache
[2011/03/27 23:59:51 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/27 22:42:04 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/01/03 23:42:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2009/08/20 00:13:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/19 23:49:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/04/03 12:06:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006/05/18 05:09:16 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2006/05/18 04:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/05/18 04:40:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2006/05/18 04:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2006/05/17 15:12:41 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ppserial.ini
[2006/05/17 15:09:14 | 000,000,588 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/19 16:56:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/16 18:58:19 | 000,000,336 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/08/16 18:58:19 | 000,000,225 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/08/16 18:58:19 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/08/16 18:37:28 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/16 18:29:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/08/16 18:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
[2005/08/16 18:23:49 | 000,000,750 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2005/08/16 18:23:25 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/16 18:23:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2005/08/16 18:22:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 18:14:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 18:13:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 18:08:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 18:07:48 | 002,373,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 18:00:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 18:00:45 | 000,456,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 18:00:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 18:00:45 | 000,075,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 18:00:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 18:00:44 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 18:00:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 18:00:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 18:00:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 18:00:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 18:00:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 18:00:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/08/09 21:34:56 | 000,002,772 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[2005/04/27 12:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 12:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/25 21:48:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/06/29 03:21:22 | 000,126,976 | ---- | C] () -- C:\WINDOWS\MKICON.EXE

========== LOP Check ==========

[2011/01/30 21:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/07/07 23:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/28 04:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/28 23:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/01/30 21:40:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/31 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2011/04/28 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2011/07/11 15:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hsswpr
[2011/03/29 00:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2011/02/11 12:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2011/05/19 19:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/01/04 04:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2011/03/27 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/20 23:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011/04/28 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/01/24 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011/02/18 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/01/22 23:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/06/18 23:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/03 20:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/05/06 00:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Alawar
[2011/04/15 15:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Artogon
[2011/01/30 23:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\AVG
[2011/01/30 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\AVG10
[2011/03/27 22:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\CheckPoint
[2011/07/08 14:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\DDMSettings
[2011/02/23 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Dekovir
[2011/06/14 22:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Dream Aquarium
[2011/05/31 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Elephant Games
[2011/05/06 00:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Fugazo
[2011/04/29 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Fuzzy Bug Interactive
[2011/01/13 22:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\G-HeadGames
[2011/01/07 11:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Gaijin Ent
[2011/02/11 11:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\GameMill Entertainment
[2011/03/17 15:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Keyword Strategy Studio Pro
[2011/02/11 12:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\LittleGamesCompany
[2011/01/04 04:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Merscom
[2011/07/11 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp
[2011/07/11 19:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp(2)
[2011/03/29 23:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Namco
[2011/01/24 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\PoBros
[2011/07/08 01:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\SpeedItUp
[2011/04/14 22:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Stellarium
[2011/04/01 22:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Uniblue
[2011/01/06 07:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Watchtower
[2011/02/13 22:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\WhiteBirdsProductions
[2011/07/11 20:26:36 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/11 20:15:19 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/11 20:14:19 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/07/08 04:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/07/08 03:57:39 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A66A6A00-5E7B-4145-A922-2DD292CA2173}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9720EBEF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21433CE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:207C4C79
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD26EF3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by peta.grrl, 16 July 2011 - 05:48 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, sorry for the delay.

Lets see if we can get things working for you

Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type msiexec.exe /unregister, and then press ENTER.
Type msiexec /regserver, and then press ENTER.

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thank you soooooo much for getting back to me! I was just about to give up and try somewhere else. I am so excited to do everything you tell me and finally fix this computer.

I tried 3 times to run OTL as you said and it froze immediately each time...not responding to "end task" on Task Manager. What do I do now?

Btw... this is what I get when I try to download anything. "The Windows Installer Service could not be accessed. This can occur if you are running Windows in Safe Mode (which I'm not) or if the Windows Installer is not correctly installed (just to be sure I uninstalled Windows Installer and re-installed it). Contact your support personnel for assistance".
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run this first ?

Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type msiexec.exe /unregister, and then press ENTER.
Type msiexec /regserver, and then press ENTER.


Could you now attempt to run aswMBR for me please
  • 0

#5
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I feel so much better knowing you are there to help me...thanks again!

I did this 4 times now (1 time tonight), before I ran OTL but my computer froze during the scan each time:
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type msiexec.exe /unregister, and then press ENTER.
Type msiexec /regserver, and then press ENTER.

So, I followed your last instructions and ran aswMBR. Please find the log attached.

It would be great if an email was sent to us who need help when we receive a reply to our help requests. Having to log in to this site and check most likely slows things down as people are busy and don't get a chance to constantly check in. Just a suggestion.

Attached File  aswMBR.txt   1.76KB   79 downloads
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At the top of this thread should be a button that states "watch this topic" press that and it will set you up for immediate e-mail notification

OK could you do the following from safe mode with networking please
Reboot the computer and immediately continually press and release the F8 button on your keyboard.
A menu will appear - select safe mode with networking

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Essexboy:
I tried following your instructions but ran into nothing but trouble. As soon as I got into Safe Mode, I no longer had an internet connection. I went into View Wireless Connections and there were none.

I ran into: Network Diagnostics for Windows XP. This computer is set up to use 802.1x authentication. Typically this is used for corporate networks. Verify that the network you are trying to connect to, requires 802.1x authentication. This laptop used to be owned by a Dentist. I followed the directions, unchecked the IIEE? box and no network. I switched it back and still no network.

Then I got: DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.

I did some poking around and found out my computer is on Workgroup WDC. 3 users are listed in Computer Management: 1) Administrator 2) ASPNET - ASP.NET Machine Account 3) Cara-Leigh (me). There are many groups listed: -Administrators, -Backup Operators, -Guests, -Network Configuration Operators, -Power Users, -Remote Desktop Users, -Replicator, -Users, -HelpServicesGroup, -_ISW_RESTRICTED_GROUP_

I don't know if any of this has any relevance but I thought it may shed some light.

In order to get back my internet connection I had to do a system restore to 2 days ago. What should I do now?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download and run combofix please, try from normal mode first
  • 0

#9
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Essexboy:

I ran ComboFix and it worked!

Here's the log:

ComboFix 11-07-21.02 - Cara-Leigh 07/21/2011 13:50:11.1.1 - x86
Running from: c:\documents and settings\Cara-Leigh\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\autorun.ini
c:\windows\Uninstall.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 19:03 . 2011-07-21 19:03 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37F712D8-8783-46BD-A910-7D430C1EABC8}\MpKslba35388e.sys
2011-07-21 19:02 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37F712D8-8783-46BD-A910-7D430C1EABC8}\mpengine.dll
2011-07-21 18:56 . 2001-08-18 05:37 24576 ----a-w- c:\windows\system32\dllcache\OLD15D.tmp
2011-07-21 18:51 . 2008-04-14 00:11 43520 ----a-w- c:\windows\system32\dllcache\OLD19.tmp
2011-07-21 18:51 . 2008-04-14 00:11 290816 ----a-w- c:\windows\system32\dllcache\OLD1C.tmp
2011-07-21 18:51 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD15.tmp
2011-07-21 18:51 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD10.tmp
2011-07-21 18:51 . 2011-07-21 19:41 -------- d-----w- c:\windows\LastGood
2011-07-21 18:42 . 2011-07-21 18:42 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-21 18:09 . 2001-08-17 19:11 46112 ----a-w- c:\windows\system32\dllcache\OLD145.tmp
2011-07-19 03:30 . 2011-07-19 03:30 -------- d-----w- C:\_OTL
2011-07-14 03:18 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 02:57 . 2011-07-19 05:32 -------- d-----w- c:\program files\Spiceworks
2011-07-12 02:56 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\tjnet
2011-07-12 02:56 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\magicJack
2011-07-12 02:56 . 2011-07-21 19:27 -------- d-----w- c:\documents and settings\Cara-Leigh\Application Data\mjusbsp
2011-07-12 02:47 . 2011-07-12 02:47 -------- d-----w- c:\program files\SpeedItup Free
2011-07-12 00:53 . 2001-08-17 21:01 36096 ----a-w- c:\windows\system32\dllcache\OLD1D2.tmp
2011-07-12 00:53 . 2008-04-13 17:46 38912 ----a-w- c:\windows\system32\dllcache\OLD1CE.tmp
2011-07-12 00:53 . 2004-08-04 13:00 9216 ----a-w- c:\windows\system32\dllcache\OLD1CA.tmp
2011-07-12 00:53 . 2001-08-17 21:56 137216 ----a-w- c:\windows\system32\dllcache\OLD187.tmp
2011-07-12 00:53 . 2001-08-17 21:55 382592 ----a-w- c:\windows\system32\dllcache\OLD183.tmp
2011-07-12 00:53 . 2001-08-17 19:49 46464 ----a-w- c:\windows\system32\dllcache\OLD17F.tmp
2011-07-12 00:53 . 2001-08-17 20:57 77568 ----a-w- c:\windows\system32\dllcache\OLD17B.tmp
2011-07-12 00:53 . 2001-08-17 21:55 96128 ----a-w- c:\windows\system32\dllcache\OLD177.tmp
2011-07-12 00:53 . 2004-08-04 13:00 29184 ----a-w- c:\windows\system32\dllcache\OLD173.tmp
2011-07-12 00:53 . 2004-08-04 13:00 10240 ----a-w- c:\windows\system32\dllcache\OLD16F.tmp
2011-07-12 00:53 . 2001-08-17 19:12 97354 ----a-w- c:\windows\system32\dllcache\OLD16B.tmp
2011-07-12 00:53 . 2008-04-14 00:11 369664 ----a-w- c:\windows\system32\dllcache\OLD167.tmp
2011-07-12 00:52 . 2008-04-14 00:11 331264 ----a-w- c:\windows\system32\dllcache\OLD163.tmp
2011-07-12 00:52 . 2001-08-18 05:36 45056 ----a-w- c:\windows\system32\dllcache\OLD15F.tmp
2011-07-12 00:52 . 2008-04-14 00:11 108544 ----a-w- c:\windows\system32\dllcache\OLD15B.tmp
2011-07-12 00:52 . 2001-08-17 20:47 6272 ----a-w- c:\windows\system32\dllcache\OLD157.tmp
2011-07-12 00:52 . 2004-08-04 05:31 36224 ----a-w- c:\windows\system32\dllcache\OLD153.tmp
2011-07-12 00:52 . 2001-08-17 19:11 16969 ----a-w- c:\windows\system32\dllcache\OLD14F.tmp
2011-07-12 00:52 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\OLD14B.tmp
2011-07-12 00:52 . 2001-08-17 19:11 27678 ----a-w- c:\windows\system32\dllcache\OLD147.tmp
2011-07-12 00:52 . 2001-08-18 05:37 24576 ----a-w- c:\windows\system32\dllcache\OLD143.tmp
2011-07-12 00:52 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\dllcache\OLD13F.tmp
2011-07-12 00:51 . 2004-08-04 13:00 49664 ----a-w- c:\windows\system32\dllcache\OLD13B.tmp
2011-07-12 00:51 . 2001-08-17 19:11 46112 ----a-w- c:\windows\system32\dllcache\OLD137.tmp
2011-07-12 00:51 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\dllcache\OLD132.tmp
2011-07-12 00:51 . 2004-08-04 05:32 10880 ----a-w- c:\windows\system32\dllcache\OLD12E.tmp
2011-07-12 00:51 . 2008-04-14 00:11 29696 ----a-w- c:\windows\system32\dllcache\OLD128.tmp
2011-07-11 22:52 . 2011-07-11 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hsswpr
2011-07-11 20:02 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Conduit
2011-07-11 20:02 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield
2011-07-11 20:00 . 2011-07-12 02:56 -------- d-----w- c:\program files\Hotspot Shield
2011-07-08 21:15 . 2011-07-08 21:15 -------- d-----w- c:\documents and settings\Cara-Leigh\Application Data\DDMSettings
2011-07-08 21:04 . 2011-07-12 02:58 -------- d-----w- c:\program files\DivX
2011-07-08 21:01 . 2011-07-12 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-07-08 07:31 . 2011-07-08 07:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-07-08 06:58 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-08 06:53 . 2011-07-08 06:53 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-08 06:41 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-08 06:41 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-08 06:41 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-08 06:41 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-08 06:41 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-08 06:41 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-08 06:41 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-08 06:41 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-08 06:40 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-08 06:40 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-08 06:35 . 2011-07-08 06:35 -------- d-----w- c:\program files\Lavasoft
2011-07-08 02:39 . 2001-08-17 20:28 224802 ----a-w- c:\windows\system32\dllcache\OLD1D1F.tmp
2011-07-08 02:38 . 2001-08-18 05:36 216064 ----a-w- c:\windows\system32\dllcache\OLD1CED.tmp
2011-07-08 02:37 . 2008-04-14 00:12 33792 ----a-w- c:\windows\system32\dllcache\OLD1CBC.tmp
2011-07-08 02:36 . 2001-08-18 05:36 53760 ----a-w- c:\windows\system32\dllcache\OLD1C88.tmp
2011-07-08 02:35 . 2001-08-17 19:51 20752 ----a-w- c:\windows\system32\dllcache\OLD1C52.tmp
2011-07-08 02:34 . 2004-08-04 05:31 63547 ----a-w- c:\windows\system32\dllcache\OLD1BE6.tmp
2011-07-08 02:33 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\dllcache\OLD1BB1.tmp
2011-07-08 02:32 . 2001-08-17 21:56 210496 ----a-w- c:\windows\system32\dllcache\OLD1B79.tmp
2011-07-08 02:31 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\OLD1B39.tmp
2011-07-08 02:30 . 2008-04-13 17:40 8832 ----a-w- c:\windows\system32\dllcache\OLD1AF9.tmp
2011-07-08 02:29 . 2001-08-18 05:36 41984 ----a-w- c:\windows\system32\dllcache\OLD1AB0.tmp
2011-07-08 02:28 . 2010-12-09 13:07 2027008 ----a-w- c:\windows\system32\dllcache\OLD1A7B.tmp
2011-07-08 02:27 . 2001-08-18 05:36 59104 ----a-w- c:\windows\system32\dllcache\OLD1A3F.tmp
2011-07-08 02:26 . 2008-04-14 00:12 40960 ----a-w- c:\windows\system32\dllcache\OLD1A10.tmp
2011-07-08 02:25 . 2001-08-18 05:36 65536 ----a-w- c:\windows\system32\dllcache\OLD19D6.tmp
2011-07-08 02:24 . 2008-04-13 23:11 48640 ----a-w- c:\windows\system32\dllcache\OLD197F.tmp
2011-07-08 02:23 . 2001-08-18 05:36 20480 ----a-w- c:\windows\system32\dllcache\OLD1939.tmp
2011-07-08 02:22 . 2001-08-17 20:28 57471 ----a-w- c:\windows\system32\dllcache\OLD18F7.tmp
2011-07-08 02:21 . 2008-04-14 00:11 39936 ----a-w- c:\windows\system32\dllcache\OLD18AC.tmp
2011-07-08 02:20 . 2001-08-17 19:10 22090 ----a-w- c:\windows\system32\dllcache\OLD1855.tmp
2011-07-08 02:19 . 2001-08-17 20:50 144896 ----a-w- c:\windows\system32\dllcache\OLD17EE.tmp
2011-07-08 02:18 . 2001-08-17 19:14 952007 ----a-w- c:\windows\system32\dllcache\OLD1783.tmp
2011-07-08 02:17 . 2001-08-17 20:50 17152 ----a-w- c:\windows\system32\dllcache\OLD1700.tmp
2011-07-08 02:16 . 2001-08-18 05:37 116736 ----a-w- c:\windows\system32\dllcache\OLD166E.tmp
2011-07-08 02:15 . 2004-08-04 13:00 9216 ----a-w- c:\windows\system32\dllcache\OLD1595.tmp
2011-07-08 02:14 . 2001-08-18 05:36 61440 ----a-w- c:\windows\system32\dllcache\OLD1514.tmp
2011-07-08 02:13 . 2010-12-09 13:42 2148864 ----a-w- c:\windows\system32\dllcache\OLD14DA.tmp
2011-07-05 03:48 . 2001-08-17 20:47 6272 ----a-w- c:\windows\system32\dllcache\OLD1D3.tmp
2011-07-05 03:48 . 2004-08-04 05:31 36224 ----a-w- c:\windows\system32\dllcache\OLD1CB.tmp
2011-07-05 03:46 . 2001-08-18 05:37 24576 ----a-w- c:\windows\system32\dllcache\OLD1BA.tmp
2011-07-05 03:46 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\dllcache\OLD1B6.tmp
2011-07-05 03:46 . 2004-08-04 13:00 49664 ----a-w- c:\windows\system32\dllcache\OLD1B2.tmp
2011-07-05 03:46 . 2001-08-17 19:11 46112 ----a-w- c:\windows\system32\dllcache\OLD1AE.tmp
2011-07-05 03:46 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\dllcache\OLD1AA.tmp
2011-07-05 03:46 . 2001-08-17 19:19 747392 ----a-w- c:\windows\system32\dllcache\OLD1A0.tmp
2011-07-05 03:46 . 2001-08-17 19:19 553984 ----a-w- c:\windows\system32\dllcache\OLD19C.tmp
2011-07-05 03:46 . 2001-08-17 19:19 584448 ----a-w- c:\windows\system32\dllcache\OLD198.tmp
2011-07-05 03:46 . 2001-08-17 19:11 20160 ----a-w- c:\windows\system32\dllcache\OLD194.tmp
2011-07-05 03:46 . 2001-08-17 20:53 7424 ----a-w- c:\windows\system32\dllcache\OLD190.tmp
2011-07-05 03:43 . 2004-08-04 13:00 7168 ----a-w- c:\windows\system32\dllcache\OLD150.tmp
2011-07-05 03:43 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD14C.tmp
2011-07-05 03:43 . 2008-04-14 00:12 16437 ----a-w- c:\windows\system32\dllcache\OLD140.tmp
2011-07-05 03:43 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD13C.tmp
2011-07-05 03:42 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\OLD138.tmp
2011-07-05 03:40 . 2004-08-04 13:00 7680 ----a-w- c:\windows\system32\dllcache\OLD11C.tmp
2011-07-05 03:40 . 2008-04-14 00:11 829440 ----a-w- c:\windows\system32\dllcache\OLD118.tmp
2011-07-05 03:40 . 2004-08-04 13:00 169984 ----a-w- c:\windows\system32\dllcache\OLD114.tmp
2011-07-05 03:40 . 2008-04-14 00:12 30720 ----a-w- c:\windows\system32\dllcache\OLD10A.tmp
2011-07-05 03:40 . 2004-08-04 13:00 5632 ----a-w- c:\windows\system32\dllcache\OLD102.tmp
2011-07-04 22:58 . 2004-08-04 13:00 49664 ----a-w- c:\windows\system32\dllcache\OLD196.tmp
2011-07-04 22:58 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\dllcache\OLD18E.tmp
2011-07-04 22:58 . 2001-08-17 19:11 46112 ----a-w- c:\windows\system32\dllcache\OLD192.tmp
2011-07-04 22:56 . 2004-08-04 13:00 7168 ----a-w- c:\windows\system32\dllcache\OLD134.tmp
2011-07-04 22:56 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD131.tmp
2011-07-04 22:56 . 2008-04-14 00:12 32827 ----a-w- c:\windows\system32\dllcache\OLD12D.tmp
2011-07-04 22:56 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\OLD12A.tmp
2011-07-04 22:56 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD123.tmp
2011-07-04 22:54 . 2008-04-14 00:11 13312 ----a-w- c:\windows\system32\dllcache\OLD110.tmp
2011-07-04 22:54 . 2004-08-04 13:00 19968 ----a-w- c:\windows\system32\dllcache\OLD10C.tmp
2011-07-04 22:54 . 2004-08-04 13:00 7680 ----a-w- c:\windows\system32\dllcache\OLD108.tmp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 06:50 . 2011-06-12 02:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 20:05 . 2011-01-04 11:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-08 06:40 . 2011-03-31 07:30 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-08 06:40 . 2011-03-28 06:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-07 02:52 . 2011-01-04 04:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-01-04 04:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 17:31 . 2011-03-28 06:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-02 15:31 . 2005-08-17 01:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-08-17 01:00 151552 ----a-w- c:\windows\system32\schannel(2).dll
2011-04-29 16:19 . 2005-08-17 01:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-08-17 01:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-08-17 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-08-17 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-08-17 01:00 385024 ----a-w- c:\windows\system32\html.iec
2011-03-18 17:53 . 2011-03-28 07:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-15 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-02-19 160592]
"cdloader"="c:\documents and settings\Cara-Leigh\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-12 200704]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-12 03:51 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
2005-08-12 03:21 200704 ----a-w- c:\acer\ePM\epm-dm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
2005-03-15 18:03 2893824 ----a-w- c:\acer\ePM\ePM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-08-19 03:38 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-08 03:59 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-08 04:02 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-08-19 09:28 462848 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 13:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-06-08 04:03 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 21:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"MySql"=2 (0x2)
"Awmcnkh"=3 (0x3)
"AdobeVersionCue"=3 (0x3)
"Adobe LM Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Cara-Leigh\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Cara-Leigh\\Application Data\\mjusbsp\\magicJack.exe"=
.
R1 MpKsld6b77242;MpKsld6b77242;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82A62AC3-DC81-4C60-B4EE-0728111B3CE8}\MpKsld6b77242.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [2009-11-06 44032]
R3 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys [2009-11-06 17536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Awmcnkh;Awmcnkh; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKsl833fa071;MpKsl833fa071;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{492ADD5A-EB22-4B2D-94E1-837CD9AD05ED}\MpKsl833fa071.sys [x]
S1 MpKsl84909350;MpKsl84909350;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{492ADD5A-EB22-4B2D-94E1-837CD9AD05ED}\MpKsl84909350.sys [x]
S1 MpKslba35388e;MpKslba35388e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37F712D8-8783-46BD-A910-7D430C1EABC8}\MpKslba35388e.sys [2011-07-21 28752]
S1 MpKslbbaff3a5;MpKslbbaff3a5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{492ADD5A-EB22-4B2D-94E1-837CD9AD05ED}\MpKslbbaff3a5.sys [x]
S1 MpKsle066b9fa;MpKsle066b9fa;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{492ADD5A-EB22-4B2D-94E1-837CD9AD05ED}\MpKsle066b9fa.sys [x]
S1 MpKslfc44d46c;MpKslfc44d46c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{492ADD5A-EB22-4B2D-94E1-837CD9AD05ED}\MpKslfc44d46c.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-06-20 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBA35388E
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 00:53]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 00:53]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009Core1cc42b91d66d244.job
- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-11 00:53]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009UA.job
- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-11 00:53]
.
2011-07-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-07-21 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{A66A6A00-5E7B-4145-A922-2DD292CA2173}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AdobeVersionCue - c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 14:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySql]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\l3codeca.acm
.
Completion time: 2011-07-21 14:04:27
ComboFix-quarantined-files.txt 2011-07-21 21:04
.
Pre-Run: 23,757,103,104 bytes free
Post-Run: 23,987,363,840 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DAF963D49647BEA54987C1B95F77A87F

I don't know if it has helped my computer or not. I haven't tried to download or remove any programs yet.
  • 0

#10
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
My internet connection went down again and nothing would restore it so I had to do ANOTHER System Restore today. I only have one more restore point left so this can't continue. My phone runs through the internet as well so I really need to get this fixed immediately.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When your internet goes down what error does windows give you ?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield
c:\program files\Hotspot Shield

Driver::
Awmcnkh



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#12
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
When my internet goes down it just disappears. When I try to reconnect it will say there are no wireless networks in range although there are quite a few (secured, of course) besides mine. I'll try to repair the connection but it doesn't work. The wireless network will show it is disconnected and firewalled.

I downloaded SpiceWorks awhile ago but have removed it since it is too advanced for me. Each time I do a System Restore, it shows up on my desktop again and I don't believe it ever was completely removed from my system. Is that bad? Same thing for MalwareBytes. I'm trying not to have too many antivirus and spyware/adware protection programs on my computer at once. What do you recommend I use?

Here's the ComboFix Log:

ComboFix 11-07-22.02 - Cara-Leigh 07/22/2011 11:29:45.1.1 - x86
Running from: c:\documents and settings\Cara-Leigh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cara-Leigh\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_634011522610932500_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_634013069090151250_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_634035703068897500_png.png
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_634042697207335000_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_634145806210121250_png.png
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_Buttons2_xml-133-Classic-634299450358443750_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_52_156_CT1561552_Images_Buttons2_xml-14-Classic-634312452655962500_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_equalizer_dead_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Equalizer_GIF.GIF
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Error_GIF.GIF
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Loading_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_dn_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_over_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_dn_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_over_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_dn_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_over_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_dn_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_over_gif.gif
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_MarketPlace_38_7c8_38d90168-4865-44fe-93ba-80690d2957c8_Appearance_634020023777803753_png.png
c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Hotspot_Shield\CacheIcons\http___storage_conduit_com_MarketPlace_5e_f6_5e04a9ca-1ee8-48ef-b228-3046a569ecf6_Images_634071755582635000_png.png
c:\program files\Hotspot Shield
c:\program files\Hotspot Shield\HssIE\HssIE.dll_24599
c:\windows\isRS-000.tmp
c:\windows\system32\autorun.ini
c:\windows\Uninstall.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Awmcnkh
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 04:03 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17555CF5-D32C-4CD0-9D07-3DBED6E443B3}\mpengine.dll
2011-07-22 03:52 . 2011-07-22 04:45 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-22 03:43 . 2011-07-22 03:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-22 03:08 . 2011-07-22 03:08 -------- d-----w- c:\windows\system32\FxsTmp
2011-07-22 03:08 . 2011-07-22 03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 21:35 . 2011-07-22 03:09 -------- d-----w- C:\RECYCLER(2)
2011-07-21 18:04 . 2011-07-21 18:31 -------- d-----w- c:\windows\LastGood(5)
2011-07-14 03:18 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 02:57 . 2011-07-22 03:35 -------- d-----w- c:\program files\Spiceworks
2011-07-12 02:56 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\tjnet
2011-07-12 02:56 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\magicJack
2011-07-12 02:56 . 2011-07-22 04:08 -------- d-----w- c:\documents and settings\Cara-Leigh\Application Data\mjusbsp
2011-07-12 02:47 . 2011-07-12 02:47 -------- d-----w- c:\program files\SpeedItup Free
2011-07-12 00:53 . 2004-08-04 13:00 29184 ----a-w- c:\windows\system32\dllcache\OLD173.tmp
2011-07-12 00:53 . 2004-08-04 13:00 10240 ----a-w- c:\windows\system32\dllcache\OLD16F.tmp
2011-07-12 00:53 . 2001-08-17 19:12 97354 ----a-w- c:\windows\system32\dllcache\OLD16B.tmp
2011-07-12 00:53 . 2008-04-14 00:11 369664 ----a-w- c:\windows\system32\dllcache\OLD167.tmp
2011-07-12 00:52 . 2008-04-14 00:11 331264 ----a-w- c:\windows\system32\dllcache\OLD163.tmp
2011-07-12 00:52 . 2001-08-18 05:36 45056 ----a-w- c:\windows\system32\dllcache\OLD15F.tmp
2011-07-12 00:52 . 2008-04-14 00:11 108544 ----a-w- c:\windows\system32\dllcache\OLD15B.tmp
2011-07-12 00:52 . 2001-08-17 20:47 6272 ----a-w- c:\windows\system32\dllcache\OLD157.tmp
2011-07-12 00:52 . 2004-08-04 05:31 36224 ----a-w- c:\windows\system32\dllcache\OLD153.tmp
2011-07-12 00:52 . 2001-08-17 19:11 16969 ----a-w- c:\windows\system32\dllcache\OLD14F.tmp
2011-07-12 00:52 . 2001-08-17 20:49 26624 ----a-w- c:\windows\system32\dllcache\OLD14B.tmp
2011-07-12 00:52 . 2001-08-17 19:11 27678 ----a-w- c:\windows\system32\dllcache\OLD147.tmp
2011-07-12 00:52 . 2001-08-18 05:37 24576 ----a-w- c:\windows\system32\dllcache\OLD143.tmp
2011-07-12 00:52 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\dllcache\OLD13F.tmp
2011-07-12 00:51 . 2004-08-04 13:00 49664 ----a-w- c:\windows\system32\dllcache\OLD13B.tmp
2011-07-12 00:51 . 2001-08-17 19:11 46112 ----a-w- c:\windows\system32\dllcache\OLD137.tmp
2011-07-12 00:51 . 2004-08-04 13:00 6144 ----a-w- c:\windows\system32\dllcache\OLD132.tmp
2011-07-12 00:51 . 2004-08-04 05:32 10880 ----a-w- c:\windows\system32\dllcache\OLD12E.tmp
2011-07-12 00:51 . 2008-04-14 00:11 29696 ----a-w- c:\windows\system32\dllcache\OLD128.tmp
2011-07-12 00:45 . 2011-07-12 02:32 -------- d-----w- c:\windows\LastGood(4)
2011-07-11 22:52 . 2011-07-11 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hsswpr
2011-07-11 20:02 . 2011-07-12 02:56 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Conduit
2011-07-08 21:15 . 2011-07-08 21:15 -------- d-----w- c:\documents and settings\Cara-Leigh\Application Data\DDMSettings
2011-07-08 21:04 . 2011-07-12 02:58 -------- d-----w- c:\program files\DivX
2011-07-08 21:01 . 2011-07-12 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-07-08 07:31 . 2011-07-08 07:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-07-08 06:58 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-08 06:53 . 2011-07-08 06:53 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-08 06:41 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-08 06:41 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-08 06:41 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-08 06:41 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-08 06:41 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-08 06:41 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-08 06:41 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-08 06:41 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-08 06:40 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-08 06:40 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-08 06:35 . 2011-07-08 06:35 -------- d-----w- c:\program files\Lavasoft
2011-07-08 02:17 . 2001-08-17 20:50 17152 ----a-w- c:\windows\system32\dllcache\OLD1700.tmp
2011-07-08 02:16 . 2001-08-18 05:37 116736 ----a-w- c:\windows\system32\dllcache\OLD166E.tmp
2011-07-08 02:15 . 2004-08-04 13:00 9216 ----a-w- c:\windows\system32\dllcache\OLD1595.tmp
2011-07-08 02:14 . 2001-08-18 05:36 61440 ----a-w- c:\windows\system32\dllcache\OLD1514.tmp
2011-07-08 02:13 . 2010-12-09 13:42 2148864 ----a-w- c:\windows\system32\dllcache\OLD14DA.tmp
2011-07-05 03:45 . 2001-08-17 21:55 38400 ----a-w- c:\windows\system32\dllcache\OLD170.tmp
2011-07-05 03:45 . 2008-04-13 17:46 48128 ----a-w- c:\windows\system32\dllcache\OLD16C.tmp
2011-07-05 03:45 . 2008-04-13 17:40 12288 ----a-w- c:\windows\system32\dllcache\OLD168.tmp
2011-07-05 03:45 . 2001-08-17 19:48 148352 ----a-w- c:\windows\system32\dllcache\OLD164.tmp
2011-07-05 03:45 . 2001-08-17 21:55 689216 ----a-w- c:\windows\system32\dllcache\OLD160.tmp
2011-07-05 03:45 . 2001-08-17 20:28 762780 ----a-w- c:\windows\system32\dllcache\OLD15C.tmp
2011-07-05 03:45 . 2004-08-04 13:00 11264 ----a-w- c:\windows\system32\dllcache\OLD158.tmp
2011-07-05 03:45 . 2004-08-04 13:00 53248 ----a-w- c:\windows\system32\dllcache\OLD154.tmp
2011-07-05 03:43 . 2004-08-04 13:00 7168 ----a-w- c:\windows\system32\dllcache\OLD150.tmp
2011-07-05 03:43 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD14C.tmp
2011-07-05 03:43 . 2008-04-14 00:12 16437 ----a-w- c:\windows\system32\dllcache\OLD140.tmp
2011-07-05 03:43 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD13C.tmp
2011-07-05 03:42 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\OLD138.tmp
2011-07-05 03:40 . 2004-08-04 13:00 7680 ----a-w- c:\windows\system32\dllcache\OLD11C.tmp
2011-07-05 03:40 . 2008-04-14 00:11 829440 ----a-w- c:\windows\system32\dllcache\OLD118.tmp
2011-07-05 03:40 . 2004-08-04 13:00 169984 ----a-w- c:\windows\system32\dllcache\OLD114.tmp
2011-07-05 03:40 . 2008-04-14 00:12 30720 ----a-w- c:\windows\system32\dllcache\OLD10A.tmp
2011-07-05 03:40 . 2004-08-04 13:00 5632 ----a-w- c:\windows\system32\dllcache\OLD102.tmp
2011-07-05 03:36 . 2011-07-05 04:17 -------- d-----w- c:\windows\LastGood(3)
2011-07-04 22:56 . 2004-08-04 13:00 7168 ----a-w- c:\windows\system32\dllcache\OLD134.tmp
2011-07-04 22:56 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD131.tmp
2011-07-04 22:56 . 2008-04-14 00:12 32827 ----a-w- c:\windows\system32\dllcache\OLD12D.tmp
2011-07-04 22:56 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\OLD12A.tmp
2011-07-04 22:56 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD123.tmp
2011-07-04 22:54 . 2008-04-14 00:11 13312 ----a-w- c:\windows\system32\dllcache\OLD110.tmp
2011-07-04 22:54 . 2004-08-04 13:00 19968 ----a-w- c:\windows\system32\dllcache\OLD10C.tmp
2011-07-04 22:54 . 2004-08-04 13:00 7680 ----a-w- c:\windows\system32\dllcache\OLD108.tmp
2011-07-04 22:53 . 2011-07-04 23:26 -------- d-----w- c:\windows\LastGood(2)
2011-07-04 22:41 . 2011-07-04 22:41 -------- d-----w- c:\documents and settings\Cara-Leigh\Application Data\Intel
2011-07-04 22:40 . 2011-07-04 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2011-07-04 06:17 . 2011-07-08 08:31 -------- d-----w- c:\documents and settings\Cara-Leigh\Application Data\SpeedItUp
2011-07-04 03:27 . 2011-07-08 07:31 -------- d-----w- c:\program files\Surf Canyon
2011-07-04 03:27 . 2011-07-04 03:27 -------- d-----w- c:\program files\W3i
2011-07-04 03:27 . 2011-07-04 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2011-07-04 03:27 . 2011-07-08 07:31 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-06-29 02:00 . 2011-07-08 03:28 -------- d-----w- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\AskToolbar
2011-06-29 02:00 . 2011-07-08 03:28 -------- d-----w- c:\program files\Ask.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 06:50 . 2011-06-12 02:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 20:05 . 2011-01-04 11:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-08 06:40 . 2011-03-31 07:30 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-08 06:40 . 2011-03-28 06:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-07 02:52 . 2011-01-04 04:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-01-04 04:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 17:31 . 2011-03-28 06:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-02 15:31 . 2005-08-17 01:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-08-17 01:00 151552 ----a-w- c:\windows\system32\schannel(2).dll
2011-04-29 16:19 . 2005-08-17 01:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-08-17 01:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-08-17 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-08-17 01:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-08-17 01:00 385024 ----a-w- c:\windows\system32\html.iec
2011-03-18 17:53 . 2011-03-28 07:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-15 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-02-19 160592]
"cdloader"="c:\documents and settings\Cara-Leigh\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-06-22 2408448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-12 200704]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2011-06-29 66912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-12 03:51 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
2005-08-12 03:21 200704 ----a-w- c:\acer\ePM\epm-dm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
2005-03-15 18:03 2893824 ----a-w- c:\acer\ePM\ePM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-08-19 03:38 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-08 03:59 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-08 04:02 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-08-19 09:28 462848 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 13:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-06-08 04:03 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 21:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"MySql"=2 (0x2)
"Awmcnkh"=3 (0x3)
"AdobeVersionCue"=3 (0x3)
"Adobe LM Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Cara-Leigh\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spiceworks\\httpd\\bin\\spiceworks-httpd.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Documents and Settings\\Cara-Leigh\\Application Data\\mjusbsp\\magicJack.exe"=
.
R1 MpKslbbaff3a5;MpKslbbaff3a5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{492ADD5A-EB22-4B2D-94E1-837CD9AD05ED}\MpKslbbaff3a5.sys [x]
R1 MpKsld6b77242;MpKsld6b77242;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82A62AC3-DC81-4C60-B4EE-0728111B3CE8}\MpKsld6b77242.sys [x]
R1 MpKslfc78f957;MpKslfc78f957;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17555CF5-D32C-4CD0-9D07-3DBED6E443B3}\MpKslfc78f957.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-06-20 15232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [2009-11-06 44032]
R3 RtsUIr;Realtek IR Driver;c:\windows\system32\DRIVERS\RtsUIr.sys [2009-11-06 17536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 00:53]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 00:53]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009Core1cc42b91d66d244.job
- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-11 00:53]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009UA.job
- c:\documents and settings\Cara-Leigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-11 00:53]
.
2011-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-07-22 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-07-22 c:\windows\Tasks\User_Feed_Synchronization-{A66A6A00-5E7B-4145-A922-2DD292CA2173}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySql]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Spiceworks\bin\spicetray.exe
c:\windows\System32\SCardSvr.exe
.
**************************************************************************
.
Completion time: 2011-07-22 11:51:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 18:51
ComboFix2.txt 2011-07-21 21:04
.
Pre-Run: 22,405,435,392 bytes free
Post-Run: 22,479,888,384 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 58EB22DC09B07085622F47B2488E269D
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this can you now try to download a programme

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /flushdns /c
    c:\windows\system32\dllcache\OLD173.tmp
    c:\windows\system32\dllcache\OLD16F.tmp
    c:\windows\system32\dllcache\OLD16B.tmp
    c:\windows\system32\dllcache\OLD167.tmp
    c:\windows\system32\dllcache\OLD163.tmp
    c:\windows\system32\dllcache\OLD15F.tmp
    c:\windows\system32\dllcache\OLD15B.tmp
    c:\windows\system32\dllcache\OLD157.tmp
    c:\windows\system32\dllcache\OLD153.tmp
    c:\windows\system32\dllcache\OLD14F.tmp
    c:\windows\system32\dllcache\OLD14B.tmp
    c:\windows\system32\dllcache\OLD147.tmp
    c:\windows\system32\dllcache\OLD13F.tmp
    c:\windows\system32\dllcache\OLD143.tmp
    c:\windows\system32\dllcache\OLD13B.tmp
    c:\windows\system32\dllcache\OLD137.tmp
    c:\windows\system32\dllcache\OLD132.tmp
    c:\windows\system32\dllcache\OLD12E.tmp
    c:\windows\system32\dllcache\OLD128.tmp
    c:\windows\system32\dllcache\OLD1700.tmp
    c:\windows\system32\dllcache\OLD166E.tmp
    c:\windows\system32\dllcache\OLD1595.tmp
    c:\windows\system32\dllcache\OLD1514.tmp
    c:\windows\system32\dllcache\OLD14DA.tmp
    c:\windows\system32\dllcache\OLD170.tmp
    c:\windows\system32\dllcache\OLD16C.tmp
    c:\windows\system32\dllcache\OLD168.tmp
    c:\windows\system32\dllcache\OLD164.tmp
    c:\windows\system32\dllcache\OLD160.tmp
    c:\windows\system32\dllcache\OLD15C.tmp
    c:\windows\system32\dllcache\OLD158.tmp
    c:\windows\system32\dllcache\OLD154.tmp
    c:\windows\system32\dllcache\OLD150.tmp
    c:\windows\system32\dllcache\OLD14C.tmp
    c:\windows\system32\dllcache\OLD140.tmp
    c:\windows\system32\dllcache\OLD13C.tmp
    c:\windows\system32\dllcache\OLD138.tmp
    c:\windows\system32\dllcache\OLD11C.tmp
    c:\windows\system32\dllcache\OLD118.tmp
    c:\windows\system32\dllcache\OLD114.tmp
    c:\windows\system32\dllcache\OLD10A.tmp
    c:\windows\system32\dllcache\OLD102.tmp
    c:\windows\system32\dllcache\OLD134.tmp
    c:\windows\system32\dllcache\OLD131.tmp
    c:\windows\system32\dllcache\OLD12D.tmp
    c:\windows\system32\dllcache\OLD12A.tmp
    c:\windows\system32\dllcache\OLD123.tmp
    c:\windows\system32\dllcache\OLD110.tmp
    c:\windows\system32\dllcache\OLD10C.tmp
    c:\windows\system32\dllcache\OLD108.tmp
    c:\program files\Free Offers from Freeze.com


    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
peta.grrl

peta.grrl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Does this mean my computer should be fixed now?


OTL logfile created on: 7/22/2011 1:20:53 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Cara-Leigh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 335.62 Mb Available Physical Memory | 33.10% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.87 Gb Total Space | 27.54 Gb Free Space | 61.37% Space Free | Partition Type: NTFS
Drive D: | 45.35 Gb Total Space | 45.23 Gb Free Space | 99.73% Space Free | Partition Type: NTFS
Drive F: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.59 Mb Total Space | 17.12 Mb Free Space | 97.31% Space Free | Partition Type: FAT

Computer Name: DRSLAPTOP | User Name: Cara-Leigh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 23:19:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/29 16:13:48 | 000,273,760 | ---- | M] (Spiceworks, Inc.) -- C:\Program Files\Spiceworks\bin\spicetray.exe
PRC - [2011/06/22 13:34:50 | 002,408,448 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/26 15:06:06 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/02/18 21:45:23 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/11 20:21:00 | 000,200,704 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2004/10/08 15:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 23:19:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/08 15:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySql)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/06/06 20:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Disabled | Stopped] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:53:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C61F8A4-E8F8-4427-8B27-4F924468A1AD}\MpKsle99e748f.sys -- (MpKsle99e748f)
DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2009/11/06 02:25:58 | 000,044,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUCcid.sys -- (RSUSBCCID)
DRV - [2009/11/06 02:25:58 | 000,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUIr.sys -- (RtsUIr)
DRV - [2009/01/21 08:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/30 17:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/30 16:16:58 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/06/30 16:16:06 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/06/30 16:16:02 | 000,716,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/07 19:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/01/14 16:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/10 16:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/16 13:06:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/07/19 14:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.ca/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/21 20:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 19:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/11 19:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Extensions
[2011/07/11 19:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions
[2011/07/11 19:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/07/11 19:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions\[email protected]
[2011/07/11 19:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cara-Leigh\Application Data\Mozilla\Firefox\Profiles\2xhauns0.default\extensions\[email protected]
[2011/07/11 19:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2011/07/22 12:57:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1293144173619 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1293144229119 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 18:39:24 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/03 10:04:35 | 000,027,992 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 10:04:35 | 000,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 10:04:35 | 000,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 10:04:35 | 000,728,816 | R--- | M] (magicJack L.P.) - F:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 12:59:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/22 12:57:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/22 11:27:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/22 10:41:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/22 10:41:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/22 10:41:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/22 10:41:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/22 10:41:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cara-Leigh\Start Menu\Programs\Administrative Tools
[2011/07/22 10:36:13 | 004,153,604 | R--- | C] (Swearware) -- C:\Documents and Settings\Cara-Leigh\Desktop\ComboFix.exe
[2011/07/21 20:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Start Menu\Programs\Spiceworks
[2011/07/21 20:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 20:08:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2011/07/21 20:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 14:35:00 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2011/07/21 11:04:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(5)
[2011/07/18 16:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/18 15:35:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/15 23:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\work at home
[2011/07/11 23:19:24 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
[2011/07/11 19:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spiceworks
[2011/07/11 19:57:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cara-Leigh\Recent
[2011/07/11 19:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\tjnet
[2011/07/11 19:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\magicJack
[2011/07/11 19:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp
[2011/07/11 19:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedItup Free
[2011/07/11 19:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedItup Free
[2011/07/11 17:45:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(4)
[2011/07/11 16:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\tjnet(2)
[2011/07/11 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\Sun
[2011/07/11 15:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hsswpr
[2011/07/11 13:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\Conduit
[2011/07/11 11:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp(2)
[2011/07/08 23:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Laser Printing
[2011/07/08 14:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\DDMSettings
[2011/07/08 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/07/08 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/07/08 00:31:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/07/07 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/07 23:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/07 23:41:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/07 23:41:57 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/07 23:41:51 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/07 23:41:51 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/07 23:41:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/07 23:41:50 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/07 23:41:50 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/07 23:41:49 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/07 23:40:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/07 23:40:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/07 23:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/07/07 23:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/07/04 20:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(3)
[2011/07/04 15:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2011/07/04 15:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Chipset_Intel_6.3.0.1007_XPx86
[2011/07/04 15:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\Intel
[2011/07/04 15:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011/07/04 15:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Desktop\Wireless_Intel_9.0.3.9_XPx86
[2011/07/03 23:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Application Data\SpeedItUp
[2011/07/03 20:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2011/07/03 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2011/07/03 20:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/07/03 20:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater
[2011/06/28 19:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\AskToolbar
[2011/06/28 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

========== Files - Modified Within 30 Days ==========

[2011/07/22 13:31:27 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A66A6A00-5E7B-4145-A922-2DD292CA2173}.job
[2011/07/22 13:30:15 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/07/22 13:21:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009UA.job
[2011/07/22 13:20:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/22 13:15:25 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 13:15:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/22 13:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 13:14:37 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/22 12:58:17 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/22 12:57:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/22 12:57:14 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/22 11:27:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/22 10:36:22 | 004,153,604 | R--- | M] (Swearware) -- C:\Documents and Settings\Cara-Leigh\Desktop\ComboFix.exe
[2011/07/21 22:31:52 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\jodi's website.url
[2011/07/21 21:08:00 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\magicJack.lnk
[2011/07/21 20:54:15 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/21 20:54:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/21 19:56:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009Core1cc42b91d66d244.job
[2011/07/20 20:32:08 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Product Catalogue BC Liquor Stores.url
[2011/07/20 20:19:25 | 000,000,409 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Cannot remove or download programs, computer very slow! - Geeks to Go Forums.url
[2011/07/19 17:56:27 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Webster's Dictionary & Thesaurus.url
[2011/07/18 22:39:24 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\PENTAX Optio E90 Black 10.1.url
[2011/07/18 22:35:09 | 000,002,086 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/15 16:28:21 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 23:31:33 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Visa Gift Card FAQs - RBC Royal Bank.url
[2011/07/14 22:38:48 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Win a 2011 Dodge Challenger SXT Plus.url
[2011/07/14 19:25:23 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Dis.Chq. Dts.url
[2011/07/13 13:25:42 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\RBC.url
[2011/07/13 00:05:16 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Retired, Semi-Retired or Homemakers.url
[2011/07/11 23:19:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cara-Leigh\Desktop\OTL.exe
[2011/07/11 20:25:57 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/11 20:25:57 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/11 19:34:03 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 16:22:17 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Self-Service Support.url
[2011/07/11 12:54:44 | 000,280,620 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Bad audio quality.pdf
[2011/07/08 00:31:55 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2011/07/07 23:40:57 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/07 23:40:56 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/07/07 23:35:36 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/07/07 23:09:44 | 000,001,668 | ---- | M] () -- C:\WINDOWS\System32\.ini
[2011/07/07 20:34:52 | 001,008,488 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_52_000169f0.dmp
[2011/07/07 20:34:44 | 001,008,817 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_40_00013db0.dmp
[2011/07/07 20:34:18 | 001,009,889 | ---- | M] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_15_0000dc65.dmp
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 22:52:18 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Win a trip around the World with Sofitel.url
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/27 17:32:56 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Dollar Store ad.rtf
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2011/07/22 10:41:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/22 10:41:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/22 10:41:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/22 10:41:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/22 10:41:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/21 22:31:52 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\jodi's website.url
[2011/07/21 21:08:00 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\magicJack.lnk
[2011/07/21 13:48:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/21 13:48:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/21 11:00:25 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/20 20:32:08 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Product Catalogue BC Liquor Stores.url
[2011/07/20 20:19:25 | 000,000,409 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Cannot remove or download programs, computer very slow! - Geeks to Go Forums.url
[2011/07/19 17:56:26 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Webster's Dictionary & Thesaurus.url
[2011/07/17 23:05:55 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\PENTAX Optio E90 Black 10.1.url
[2011/07/15 16:28:21 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 23:33:31 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4006041411-1818442623-1130046000-1009Core1cc42b91d66d244.job
[2011/07/14 22:38:48 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Win a 2011 Dodge Challenger SXT Plus.url
[2011/07/11 19:33:15 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/07/11 19:33:15 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/07/11 19:33:15 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/07/11 19:33:14 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/07/11 19:33:14 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/07/11 19:33:14 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/07/11 19:33:14 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/07/11 19:33:14 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/07/11 19:33:14 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/07/11 19:33:14 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/07/11 19:33:14 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/07/11 19:33:14 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/07/11 19:33:14 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/07/11 19:33:13 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/07/11 19:33:13 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2011/07/11 19:33:13 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/07/11 19:33:13 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/07/11 19:33:13 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2011/07/11 19:33:13 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/07/11 19:33:13 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2011/07/11 17:38:27 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 16:22:17 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Self-Service Support.url
[2011/07/11 12:54:39 | 000,280,620 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Bad audio quality.pdf
[2011/07/08 00:31:55 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2011/07/07 23:59:26 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/07/07 23:58:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/07 23:54:00 | 000,002,086 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/07 23:53:25 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/07 23:41:59 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/07 23:35:36 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/07/07 23:09:44 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/07/07 20:34:52 | 001,008,488 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_52_000169f0.dmp
[2011/07/07 20:34:44 | 001,008,817 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_40_00013db0.dmp
[2011/07/07 20:34:15 | 001,009,889 | ---- | C] () -- C:\WINDOWS\System32\AAWService__2011_07_07_20_34_15_0000dc65.dmp
[2011/07/04 22:52:18 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Win a trip around the World with Sofitel.url
[2011/07/04 13:24:36 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Desktop\Retired, Semi-Retired or Homemakers.url
[2011/06/27 17:32:56 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\My Documents\Dollar Store ad.rtf
[2011/04/20 23:40:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 23:40:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/28 00:01:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cara-Leigh\Local Settings\Application Data\housecall.guid.cache
[2011/03/27 23:59:51 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/03/27 22:42:04 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/01/03 23:42:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2009/08/20 00:13:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/19 23:49:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/04/03 12:06:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006/05/18 04:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/05/18 04:40:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2006/05/18 04:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2006/05/17 15:12:41 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ppserial.ini
[2006/05/17 15:09:14 | 000,000,588 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/19 16:56:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/16 18:58:19 | 000,000,225 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/08/16 18:58:19 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/08/16 18:37:28 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/16 18:36:33 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/16 18:29:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/08/16 18:23:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
[2005/08/16 18:23:49 | 000,000,750 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2005/08/16 18:23:25 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/16 18:23:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2005/08/16 18:22:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 18:14:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 18:13:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 18:08:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 18:07:48 | 002,373,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 18:00:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 18:00:45 | 000,456,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 18:00:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 18:00:45 | 000,075,200 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 18:00:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 18:00:44 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 18:00:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 18:00:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 18:00:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 18:00:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 18:00:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 18:00:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/08/09 21:34:56 | 000,002,772 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[2005/04/27 12:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 12:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/25 21:48:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/06/29 03:21:22 | 000,126,976 | ---- | C] () -- C:\WINDOWS\MKICON.EXE

========== LOP Check ==========

[2011/01/30 21:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/07/07 23:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/28 04:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/28 23:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/01/30 21:40:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/31 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2011/04/28 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2011/07/11 15:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hsswpr
[2011/03/29 00:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2011/02/11 12:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2011/05/19 19:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/01/04 04:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2011/03/27 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/20 23:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011/04/28 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/01/24 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011/02/18 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/01/22 23:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/06/18 23:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/03 20:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/05/06 00:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Alawar
[2011/04/15 15:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Artogon
[2011/01/30 23:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\AVG
[2011/01/30 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\AVG10
[2011/03/27 22:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\CheckPoint
[2011/07/08 14:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\DDMSettings
[2011/02/23 00:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Dekovir
[2011/06/14 22:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Dream Aquarium
[2011/05/31 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Elephant Games
[2011/05/06 00:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Fugazo
[2011/04/29 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Fuzzy Bug Interactive
[2011/01/13 22:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\G-HeadGames
[2011/01/07 11:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Gaijin Ent
[2011/02/11 11:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\GameMill Entertainment
[2011/03/17 15:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Keyword Strategy Studio Pro
[2011/02/11 12:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\LittleGamesCompany
[2011/01/04 04:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Merscom
[2011/07/21 21:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp
[2011/07/11 19:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\mjusbsp(2)
[2011/03/29 23:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Namco
[2011/01/24 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\PoBros
[2011/07/08 01:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\SpeedItUp
[2011/04/14 22:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Stellarium
[2011/04/01 22:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Uniblue
[2011/01/06 07:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\Watchtower
[2011/02/13 22:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cara-Leigh\Application Data\WhiteBirdsProductions
[2011/07/22 12:57:14 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/22 13:20:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/22 13:30:15 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/07/22 13:31:27 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A66A6A00-5E7B-4145-A922-2DD292CA2173}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9720EBEF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21433CE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:207C4C79
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23834E1E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD26EF3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP