Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware, malware or start-up problems


  • This topic is locked This topic is locked

#1
lundfish

lundfish

    Member

  • Member
  • PipPip
  • 15 posts
I have a computer that has 3 different user accounts for me and the kids. I do not use the computer that much but they do quite a bit and now when you start the computer it takes approximately 30 minutes to get to the point that you can get internet explorer or firefox up and running so that you can surf. they were using limewire and the like but I believe I have all of that music and files off the computer but expect that the slowness is related to something they have down loaded. in short the computer takes for ever to "start" up and once running is slower than it used to be. It is an old computer and is it better to try to remove issues or "wipe" the disc and start over?

OTL logfile created on: 9/16/2011 04:05:07 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 104.61 Mb Available Physical Memory | 23.43% Memory free
1.03 Gb Paging File | 0.45 Gb Available in Paging File | 43.28% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.02 Gb Total Space | 35.62 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.37% Space Free | Partition Type: FAT32

Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 15:59:51 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/09/14 21:16:01 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/14 21:14:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/09/14 21:13:37 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/08/17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/09/24 09:25:54 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 22:27:33 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 22:25:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/31 11:44:27 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/16 20:19:00 | 005,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
PRC - [2005/08/09 03:17:39 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/07/04 17:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/01/24 02:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/06 19:09:06 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8293dd00\mscorlib.dll
MOD - [2010/10/06 19:08:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_1f8934b7\system.drawing.dll
MOD - [2010/10/06 19:08:31 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1d640ef0\system.xml.dll
MOD - [2010/10/06 19:08:20 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5c45b2ca\system.windows.forms.dll
MOD - [2010/10/06 19:07:36 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_15ff4dca\system.dll
MOD - [2010/10/06 19:05:21 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/10/01 19:55:09 | 001,496,064 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2010/08/30 14:33:56 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
MOD - [2010/08/30 14:33:38 | 000,346,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
MOD - [2008/08/26 19:07:45 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008/08/26 19:07:43 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2008/08/26 19:07:41 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2008/08/26 19:06:33 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008/08/26 19:05:56 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2008/08/26 19:05:55 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2008/08/26 19:05:48 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2008/08/26 19:05:47 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2008/08/26 19:05:46 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008/08/26 19:05:46 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2008/08/26 19:05:46 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008/08/26 19:05:46 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2008/08/26 19:05:46 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008/08/26 19:05:44 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008/08/26 19:05:44 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008/08/26 19:05:43 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008/08/26 19:05:43 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008/08/26 19:05:42 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2008/08/26 19:05:42 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008/08/26 19:05:42 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008/08/26 19:01:38 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2008/08/26 19:01:38 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2008/08/26 19:01:37 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008/08/26 19:01:37 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2008/08/26 19:01:37 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2008/08/26 19:01:36 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2008/08/26 19:01:36 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2005/11/16 20:18:00 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
MOD - [2005/10/16 08:10:02 | 000,610,304 | ---- | M] () -- c:\windows\assembly\gac\hpodmres\3.0.0.0__a53cf5803f4c3827\hpodmres.dll
MOD - [2005/10/16 08:10:02 | 000,005,120 | ---- | M] () -- c:\windows\assembly\gac\hpodmres.resources\3.0.0.0_en_a53cf5803f4c3827\hpodmres.resources.dll
MOD - [2005/10/16 08:06:19 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2005/10/16 08:06:18 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2005/08/09 02:58:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/09 02:58:23 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/09 02:58:22 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/09 02:56:57 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2005/02/24 21:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2005/01/24 03:05:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2005/01/24 03:05:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2005/01/24 03:05:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2004/09/29 16:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 01:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54Gv42SVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/14 21:14:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/09/14 21:15:42 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/09/14 21:15:11 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/16 22:25:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2005/10/17 20:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/06/07 22:44:36 | 001,235,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/14 21:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/25 06:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Compaq_Owner\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/15 06:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/09/14 22:36:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/14 23:05:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:05:21 | 000,000,000 | ---D | M]

[2008/09/06 11:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2011/09/15 21:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions
[2009/11/29 13:06:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/01 19:55:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/15 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/06 15:33:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/15 06:24:09 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/09/14 22:36:42 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="4.906.030.003" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/14 22:38:25 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2008/12/13 20:28:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/14 22:38:26 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF

O1 HOSTS File: ([2008/07/26 14:32:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Popup-Blocker Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://install.char...bin/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish....fishActivia.cab (Snapfish Activia)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144116337031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532D7804-4A3A-4033-B29A-B32846B2B430}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 22:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\Shell - "" = AutoRun
O33 - MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\Shell\AutoRun\command - "" = K:\SecureDrive_Launcher.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 15:59:50 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/09/15 06:25:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/15 00:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Fearless
[2011/09/14 23:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\musica
[2011/09/14 22:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\YouTube Downloader
[2011/09/14 22:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Search Settings
[2011/09/14 22:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/09/14 22:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/09/14 22:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/09/14 22:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/09/14 22:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/14 22:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/09/14 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

========== Files - Modified Within 30 Days ==========

[2011/09/16 16:00:21 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/16 15:59:51 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/09/16 15:31:28 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/09/16 15:13:19 | 086,235,610 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/16 15:03:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/16 15:03:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/16 15:03:25 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2011/09/16 15:01:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/16 15:01:41 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 21:52:03 | 003,738,543 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Dev feat. The Cataracts - Dancing In The Dark.mp3
[2011/09/15 16:10:07 | 004,997,158 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Dev - In The Dark(2).mp3
[2011/09/15 16:08:02 | 004,997,158 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Dev - In The Dark.mp3
[2011/09/15 15:36:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/15 08:33:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/15 06:24:28 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/15 06:01:09 | 000,446,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 06:01:09 | 000,073,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/15 05:38:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 01:15:51 | 006,636,549 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\12. Taylor Swift - Haunted.mp3
[2011/09/15 01:15:50 | 007,055,840 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\11. Taylor Swift - Innocent.mp3
[2011/09/15 01:15:49 | 009,365,195 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\09. Taylor Swift - Enchanted.mp3
[2011/09/15 01:15:45 | 006,252,655 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\08. Taylor Swift - Never Grow Up.mp3
[2011/09/15 01:15:42 | 007,151,229 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\07. Taylor Swift - The Story Of Us.mp3
[2011/09/15 01:15:39 | 005,767,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\06. Taylor Swift - Mean.mp3
[2011/09/15 01:15:34 | 009,291,248 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\05. Taylor Swift - Dear John.mp3
[2011/09/15 01:15:30 | 006,154,940 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\04. Taylor Swift - Speak Now.mp3
[2011/09/15 01:15:29 | 007,396,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\03. Taylor Swift - Back To December.mp3
[2011/09/15 01:15:27 | 006,839,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\02. Taylor Swift - Sparks Fly.mp3
[2011/09/15 01:15:24 | 005,845,143 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\01. Taylor Swift - Mine.mp3
[2011/09/15 01:15:20 | 005,937,150 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\10. Taylor Swift - Better Than Revenge.mp3
[2011/09/15 01:15:19 | 006,989,578 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\08. Taylor Swift - The Story Of Us (US Version).mp3
[2011/09/15 01:15:17 | 007,761,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\07. Taylor Swift - BackTo December (US Version).mp3
[2011/09/15 01:15:13 | 006,103,891 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\06. Taylor Swift - Mine (US Version).mp3
[2011/09/15 01:15:11 | 005,114,323 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\05. Taylor Swift - Haunted (Acoustic).mp3
[2011/09/15 01:15:08 | 007,105,816 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\04. Taylor Swift - Back to December (Acoustic).mp3
[2011/09/15 01:15:04 | 007,360,581 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\03. Taylor Swift - Superman.mp3
[2011/09/15 01:15:00 | 005,810,263 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\02. Taylor Swift - If This Was A Movie.mp3
[2011/09/15 01:14:58 | 005,942,372 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\01. Taylor Swift - Ours.mp3
[2011/09/15 01:14:57 | 007,753,517 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\14. Taylor Swift - Long Live.mp3
[2011/09/15 01:14:56 | 009,009,615 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\13. Taylor Swift - Last Kiss.mp3
[2011/09/15 01:13:19 | 152,244,303 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Taylor Swift - Speak Now (Deluxe Edition).zip
[2011/09/15 01:07:28 | 066,989,261 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Taylor Swift.zip
[2011/09/15 00:42:15 | 025,441,405 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fearless(2).zip
[2011/09/14 23:12:04 | 052,217,299 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Tied Together With A Smile - Lyrics HQ.mp4
[2011/09/14 23:10:50 | 064,592,981 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Innocent - Lyrics HQ.mp4
[2011/09/14 23:09:52 | 037,039,890 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Invisible - Lyrics HQ.mp4
[2011/09/14 23:08:30 | 089,104,953 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Last Kiss - Lyrics HQ.mp4
[2011/09/14 23:07:14 | 098,543,727 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Enchanted - Lyrics HQ.mp4
[2011/09/14 23:06:44 | 098,244,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Dear John - Lyrics HQ.mp4
[2011/09/14 22:54:33 | 009,570,679 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\I'd Lie - Taylor Swift (with lyrics & download link!).flv
[2011/09/14 22:33:54 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/09/14 22:32:00 | 005,177,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\YouTubeDownloaderSetup33(3).exe
[2011/09/14 21:15:42 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/09/14 21:15:11 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/14 19:54:00 | 000,003,649 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg

========== Files Created - No Company Name ==========

[2011/09/15 16:09:39 | 004,997,158 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Dev - In The Dark(2).mp3
[2011/09/15 16:07:34 | 004,997,158 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Dev - In The Dark.mp3
[2011/09/15 16:04:46 | 003,738,543 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Dev feat. The Cataracts - Dancing In The Dark.mp3
[2011/09/15 00:59:45 | 066,989,261 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Taylor Swift.zip
[2011/09/15 00:57:00 | 152,244,303 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Taylor Swift - Speak Now (Deluxe Edition).zip
[2011/09/15 00:39:38 | 025,441,405 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Fearless(2).zip
[2011/09/14 23:08:31 | 052,217,299 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Tied Together With A Smile - Lyrics HQ.mp4
[2011/09/14 23:07:15 | 037,039,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Invisible - Lyrics HQ.mp4
[2011/09/14 23:06:47 | 064,592,981 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Innocent - Lyrics HQ.mp4
[2011/09/14 23:03:31 | 089,104,953 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Last Kiss - Lyrics HQ.mp4
[2011/09/14 23:01:21 | 098,244,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Dear John - Lyrics HQ.mp4
[2011/09/14 23:01:18 | 098,543,727 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Enchanted - Lyrics HQ.mp4
[2011/09/14 22:51:59 | 009,570,679 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\I'd Lie - Taylor Swift (with lyrics & download link!).flv
[2011/09/14 22:33:52 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/09/14 22:32:00 | 005,177,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\YouTubeDownloaderSetup33(3).exe
[2010/01/02 15:45:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/11/08 12:29:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/11/08 12:28:38 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/07/16 08:10:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/04 14:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/26 18:41:24 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/08/26 18:41:23 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/06/29 10:21:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/18 09:27:39 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2007/10/16 18:23:49 | 000,000,250 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/27 13:05:23 | 000,000,238 | ---- | C] () -- C:\WINDOWS\COLORFRM.INI
[2007/03/08 16:39:42 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/17 20:15:15 | 000,036,697 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/09/30 08:26:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/09/30 08:26:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2006/08/19 08:31:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/08 18:44:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/06/03 09:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/05/28 18:17:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/29 12:23:09 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI
[2006/01/29 10:05:16 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SSAW.INI
[2006/01/29 09:54:54 | 000,000,047 | ---- | C] () -- C:\WINDOWS\PWP.INI
[2006/01/21 09:39:19 | 000,000,173 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/01/21 09:21:32 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/21 09:20:08 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Preschol.ini
[2006/01/06 09:25:17 | 000,001,501 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/12/27 14:32:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/12/11 14:38:18 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/03 13:47:25 | 000,027,748 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/11/28 19:32:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2005/11/19 15:44:12 | 000,000,230 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/11/09 20:11:00 | 000,000,377 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/11/09 20:10:56 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2005/10/18 19:50:12 | 000,000,706 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/10/17 09:27:39 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/10/15 16:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/15 16:13:14 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/10/15 16:13:01 | 000,003,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/08/09 04:07:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 03:39:44 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/08/09 03:38:40 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/09 03:38:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/09 03:32:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 03:26:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 03:26:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 03:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 03:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 03:26:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 03:26:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 03:19:06 | 000,000,497 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/09 03:14:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/09 03:11:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/09 03:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/09 03:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/09 03:11:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/09 03:10:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/08/09 03:10:13 | 000,094,574 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/09 02:59:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/09 02:55:19 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/08/09 02:55:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/08/09 02:54:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 13:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/24 23:29:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/24 22:43:44 | 000,446,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/24 22:43:44 | 000,073,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/24 22:42:06 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/24 22:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/24 22:30:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 22:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/29 04:24:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/09/29 04:23:16 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/09/29 04:23:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/09/29 04:23:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/08/23 16:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/10 08:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/03/28 10:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/15 06:25:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/11/12 17:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/26 08:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/14 22:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009/03/15 12:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2005/12/11 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Common Files
[2007/05/14 19:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Expedia
[2006/09/01 17:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express
[2006/11/26 22:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ImgBurn
[2007/11/24 11:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2005/08/09 03:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2011/09/14 22:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Search Settings
[2005/10/17 18:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Snapfish
[2005/12/03 13:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/09/14 22:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\YouTube Downloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by lundfish, 16 September 2011 - 06:32 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello lundfish and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please download ResetDMS from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.vbs on your desktop

ResetDMS

Double click it to run it.

Step 2

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

Step 3

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>;*.local
    O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
    O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
    O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
    O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    O33 - MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\Shell - "" = AutoRun
    O33 - MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\Shell\AutoRun\command - "" = K:\SecureDrive_Launcher.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • How is your system after these steps? Any changes?
It would be helpful if you could post each log in separate post
  • 0

#3
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Maliprog, first I would like to thank you for your time to help me resolve my computer issues. upon completing the step you requested the computer is still very slow and the only difference I noticed is that the icons seem to load to the desktop quicker. The ability to then use/access the programs though is still very slow. Again I thank you for any help you provide and your time...Lundfish..

here is the OTL log:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d435b36-e506-11d9-9b78-e6b009352ae7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d435b36-e506-11d9-9b78-e6b009352ae7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d435b36-e506-11d9-9b78-e6b009352ae7}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88227d62-a605-11dc-94d3-0013d4b90970}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88227d62-a605-11dc-94d3-0013d4b90970}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88227d62-a605-11dc-94d3-0013d4b90970}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88227d62-a605-11dc-94d3-0013d4b90970}\ not found.
File K:\SecureDrive_Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amanda and Kaitlyn
->Temp folder emptied: 12262106 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Owner
->Temp folder emptied: 34089733 bytes
->Temporary Internet Files folder emptied: 5299431 bytes
->Java cache emptied: 93745 bytes
->FireFox cache emptied: 47567439 bytes
->Flash cache emptied: 26076 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: EMILY
->Temporary Internet Files folder emptied: 0 bytes

User: Emily.YOUR-27E1513D96
->Temp folder emptied: 52512484 bytes
->Temporary Internet Files folder emptied: 206265 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 54058911 bytes
->Flash cache emptied: 2915 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9615554 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39661024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 244.00 mb


[EMPTYFLASH]

User: All Users

User: Amanda and Kaitlyn
->Flash cache emptied: 0 bytes

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: EMILY

User: Emily.YOUR-27E1513D96
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.28.0 log created on 09212011_201753

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Amanda and Kaitlyn\Local Settings\Temp\Temporary Internet Files\Content.IE5\NY0ZVX4P\CAZEQLZV.aspx%3Fgclid%3DCIv9v72ThqUCFSg1gwodsw0FOA%26trans%3D1%26du%3D1%26ef_id%3DTNCY9gqoEEMAAH3foKUAAAxE%3A20101104025015%3As&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true not found!
File\Folder C:\Documents and Settings\Amanda and Kaitlyn\Local Settings\Temp\Temporary Internet Files\Content.IE5\IOG7DT41\6trans%3D1%26du%3D1%26ef_id%3D1350%3A3%3As_5651964874b348e4ac9007df450b2645_2540563925%3ATNCY9gqoEEMAAH3foKUAAAxE%3A20101102230422&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true not found!
File\Folder C:\Documents and Settings\Amanda and Kaitlyn\Local Settings\Temp\Temporary Internet Files\Content.IE5\8DIBOXQB\CAEQV79W.aspx%3Fgclid%3DCIv9v72ThqUCFSg1gwodsw0FOA%26trans%3D1%26du%3D1%26ef_id%3DTNCY9gqoEEMAAH3foKUAAAxE%3A20101104025015%3As&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true not found!

Registry entries deleted on Reboot...

Edited by lundfish, 21 September 2011 - 09:49 PM.

  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lundfish,

OK. Let's see if there is malware hidden somewhere.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • Combofix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#5
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the combofix log:
ComboFix 11-09-21.04 - Compaq_Owner 09/22/2011 8:50.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.153 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\HPBWSetup.exe.fe2aa224.ini
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\PostInstallExecuter.exe.3494ed78.ini
c:\documents and settings\Amanda and Kaitlyn\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.7009f0f2.ini
c:\documents and settings\Amanda and Kaitlyn\WINDOWS
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\ExpediaFareAlert.exe.6a0de156.ini.inuse
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\HPBWSetup.exe.fe2aa224.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqimvac.exe.290054de.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\HpqPhUnl.exe.e1eda619.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqpos.exe.2a8da59e.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqqpa.exe.5046474c.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqselsk.exe.a048b05c.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\lsburnwatcherUI.exe.869e22b.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\PostInstallExecuter.exe.3494ed78.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.7009f0f2.ini
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\HPBWSetup.exe.fe2aa224.ini
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\PostInstallExecuter.exe.3494ed78.ini
c:\documents and settings\Emily.YOUR-27E1513D96\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.7009f0f2.ini
c:\documents and settings\Emily.YOUR-27E1513D96\WINDOWS
c:\windows\dasetup.log
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
.
.
2011-09-22 16:03 . 2011-09-22 16:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
2011-09-22 03:17 . 2011-09-22 03:17 -------- d-----w- C:\_OTL
2011-09-15 13:25 . 2011-09-15 13:25 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-15 05:38 . 2011-09-19 06:12 -------- d-----w- c:\program files\Common Files\Spigot
2011-09-15 05:36 . 2011-09-15 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-09-15 04:50 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-15 04:49 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-15 04:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-09-15 04:44 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-09 09:12 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-15 02:54 . 2005-08-09 10:39 3649 -c--a-w- c:\windows\viassary-hp.reg
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-09 180269]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...90&ver=9.0.914" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
S2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 05:35]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 05:35]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-52AEBC18-F252-4B0C-B3E1-724537D9F873 - c:\program files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe
AddRemove-Compaq Game Console - c:\program files\WildTangent\Apps\hpuninstall.exe
AddRemove-EC103FAC-9610-4651-BD68-CCEA97C7AB02 - c:\program files\WildTangent\Apps\GameChannel\Games\EC103FAC-9610-4651-BD68-CCEA97C7AB02\Uninstall.exe
AddRemove-HashTab Shell Extension - c:\documents and settings\Compaq_Owner\Desktop\$$mm\HashTab Shell Extension\uninst.exe
AddRemove-ImgBurn - c:\documents and settings\Compaq_Owner\Desktop\$$mm\ImgBurn\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-22 09:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\sm56hlpr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\ALCXMNTR.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
**************************************************************************
.
Completion time: 2011-09-22 09:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-22 16:19
.
Pre-Run: 39,148,380,160 bytes free
Post-Run: 39,121,432,576 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EECBCCD7FD9DA22889DD1932B212DDD5
  • 0

#6
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here is the tdsskiller log:
2011/09/22 09:24:19.0046 1052 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 09:24:19.0609 1052 ================================================================================
2011/09/22 09:24:19.0609 1052 SystemInfo:
2011/09/22 09:24:19.0609 1052
2011/09/22 09:24:19.0609 1052 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/22 09:24:19.0609 1052 Product type: Workstation
2011/09/22 09:24:19.0609 1052 ComputerName: YOUR-27E1513D96
2011/09/22 09:24:19.0609 1052 UserName: Compaq_Owner
2011/09/22 09:24:19.0609 1052 Windows directory: C:\WINDOWS
2011/09/22 09:24:19.0609 1052 System windows directory: C:\WINDOWS
2011/09/22 09:24:19.0609 1052 Processor architecture: Intel x86
2011/09/22 09:24:19.0609 1052 Number of processors: 1
2011/09/22 09:24:19.0609 1052 Page size: 0x1000
2011/09/22 09:24:19.0609 1052 Boot type: Normal boot
2011/09/22 09:24:19.0609 1052 ================================================================================
2011/09/22 09:24:21.0062 1052 Initialize success
2011/09/22 09:24:26.0796 0440 ================================================================================
2011/09/22 09:24:26.0796 0440 Scan started
2011/09/22 09:24:26.0796 0440 Mode: Manual;
2011/09/22 09:24:26.0796 0440 ================================================================================
2011/09/22 09:24:28.0953 0440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 09:24:29.0328 0440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/22 09:24:30.0062 0440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 09:24:30.0515 0440 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/22 09:24:30.0781 0440 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 09:24:30.0937 0440 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/09/22 09:24:31.0562 0440 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/09/22 09:24:31.0921 0440 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/09/22 09:24:32.0234 0440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/22 09:24:32.0828 0440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 09:24:32.0984 0440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 09:24:33.0312 0440 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/22 09:24:33.0562 0440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 09:24:33.0906 0440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 09:24:34.0062 0440 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/09/22 09:24:34.0203 0440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 09:24:34.0406 0440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/22 09:24:34.0625 0440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/22 09:24:34.0781 0440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 09:24:34.0937 0440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 09:24:35.0750 0440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 09:24:35.0937 0440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 09:24:36.0125 0440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 09:24:36.0296 0440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 09:24:36.0484 0440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/22 09:24:36.0781 0440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/22 09:24:37.0015 0440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 09:24:37.0218 0440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/22 09:24:37.0375 0440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 09:24:37.0531 0440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/22 09:24:37.0703 0440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 09:24:37.0890 0440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 09:24:38.0000 0440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 09:24:38.0171 0440 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/09/22 09:24:38.0328 0440 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/22 09:24:38.0484 0440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 09:24:38.0671 0440 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/09/22 09:24:38.0843 0440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/22 09:24:39.0093 0440 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/22 09:24:39.0234 0440 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/22 09:24:39.0406 0440 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/22 09:24:39.0562 0440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 09:24:40.0000 0440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 09:24:40.0171 0440 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/22 09:24:40.0375 0440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 09:24:40.0703 0440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/22 09:24:40.0859 0440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/22 09:24:41.0000 0440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 09:24:41.0171 0440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 09:24:41.0328 0440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/22 09:24:41.0500 0440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 09:24:41.0656 0440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 09:24:41.0828 0440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 09:24:42.0000 0440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 09:24:42.0171 0440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 09:24:42.0343 0440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 09:24:42.0500 0440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 09:24:42.0875 0440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/22 09:24:43.0031 0440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 09:24:43.0171 0440 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/22 09:24:43.0343 0440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 09:24:43.0500 0440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/22 09:24:43.0703 0440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 09:24:43.0984 0440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 09:24:44.0156 0440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 09:24:44.0359 0440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 09:24:44.0515 0440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 09:24:44.0687 0440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 09:24:44.0843 0440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 09:24:45.0000 0440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 09:24:45.0140 0440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 09:24:45.0328 0440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 09:24:45.0500 0440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/22 09:24:45.0656 0440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/22 09:24:45.0812 0440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/22 09:24:45.0984 0440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 09:24:46.0156 0440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/22 09:24:46.0328 0440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/22 09:24:46.0531 0440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/22 09:24:46.0703 0440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 09:24:46.0921 0440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 09:24:47.0125 0440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 09:24:47.0296 0440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/22 09:24:47.0453 0440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/22 09:24:47.0625 0440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/22 09:24:47.0812 0440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/22 09:24:47.0968 0440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 09:24:48.0125 0440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/22 09:24:48.0281 0440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 09:24:48.0562 0440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 09:24:48.0734 0440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/22 09:24:49.0796 0440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/22 09:24:49.0968 0440 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/22 09:24:50.0140 0440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/22 09:24:50.0296 0440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 09:24:50.0453 0440 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/22 09:24:51.0281 0440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/22 09:24:51.0437 0440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/22 09:24:51.0625 0440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/22 09:24:51.0812 0440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/22 09:24:51.0968 0440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/22 09:24:52.0140 0440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 09:24:52.0312 0440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 09:24:52.0468 0440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/22 09:24:52.0656 0440 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/09/22 09:24:52.0812 0440 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/22 09:24:53.0015 0440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 09:24:53.0187 0440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/22 09:24:53.0390 0440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 09:24:53.0734 0440 smserial (0c81c75a42a4e920a91a8bb729b10449) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/09/22 09:24:54.0046 0440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 09:24:54.0218 0440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 09:24:54.0406 0440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 09:24:54.0609 0440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 09:24:54.0781 0440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 09:24:55.0468 0440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 09:24:55.0671 0440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/22 09:24:55.0859 0440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 09:24:56.0015 0440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 09:24:56.0187 0440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/22 09:24:56.0546 0440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 09:24:56.0890 0440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 09:24:57.0125 0440 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/22 09:24:57.0296 0440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/22 09:24:57.0468 0440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/22 09:24:57.0640 0440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 09:24:57.0812 0440 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/22 09:24:57.0984 0440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/22 09:24:58.0140 0440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/22 09:24:58.0296 0440 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 09:24:58.0453 0440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/22 09:24:58.0609 0440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 09:24:58.0765 0440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/22 09:24:58.0921 0440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/22 09:24:59.0125 0440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 09:24:59.0312 0440 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/22 09:24:59.0625 0440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 09:24:59.0890 0440 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/22 09:25:00.0078 0440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/22 09:25:00.0250 0440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/22 09:25:00.0437 0440 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2011/09/22 09:25:00.0640 0440 zumbus (21a96535dd0a118d5663e5adc5c90f9e) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/09/22 09:25:00.0703 0440 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
2011/09/22 09:25:00.0750 0440 Boot (0x1200) (a305fd3c91e5bb7a5a7591d1a9c48c8c) \Device\Harddisk0\DR0\Partition0
2011/09/22 09:25:00.0765 0440 Boot (0x1200) (32f153baea12e0934b7381d00c05fb65) \Device\Harddisk0\DR0\Partition1
2011/09/22 09:25:00.0781 0440 ================================================================================
2011/09/22 09:25:00.0781 0440 Scan finished
2011/09/22 09:25:00.0781 0440 ================================================================================
2011/09/22 09:25:00.0812 1056 Detected object count: 0
2011/09/22 09:25:00.0812 1056 Actual detected object count: 0
  • 0

#7
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
and finally the aswmbr log. the computer seems to still take the same time to reboot as it rebooted during the combo fix run. also if it mattered the avg virus protection would not "turn off" and the only way to get it to stop running was to uninstall:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-22 09:27:23
-----------------------------
09:27:23.953 OS Version: Windows 5.1.2600 Service Pack 3
09:27:23.953 Number of processors: 1 586 0x2F00
09:27:23.953 ComputerName: YOUR-27E1513D96 UserName: Compaq_Owner
09:27:24.250 Initialize success
09:33:32.906 AVAST engine defs: 11092200
09:33:55.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
09:33:55.843 Disk 0 Vendor: ST380011A 8.11 Size: 76319MB BusType: 3
09:33:57.859 Disk 0 MBR read successfully
09:33:57.859 Disk 0 MBR scan
09:33:57.953 Disk 0 unknown MBR code
09:33:57.968 Disk 0 scanning sectors +156296385
09:33:58.046 Disk 0 scanning C:\WINDOWS\system32\drivers
09:34:11.296 Service scanning
09:34:14.406 Modules scanning
09:34:56.750 Disk 0 trace - called modules:
09:34:56.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:34:56.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d77030]
09:34:56.765 3 CLASSPNP.SYS[f757cfd7] -> nt!IofCallDriver -> \Device\00000060[0x84d4ae78]
09:34:57.296 5 ACPI.sys[f73f3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x84d78880]
09:34:58.921 AVAST engine scan C:\WINDOWS
09:35:21.593 AVAST engine scan C:\WINDOWS\system32
09:37:20.140 AVAST engine scan C:\WINDOWS\system32\drivers
09:37:35.296 AVAST engine scan C:\Documents and Settings\Compaq_Owner
09:44:31.250 AVAST engine scan C:\Documents and Settings\All Users
09:44:48.656 Scan finished successfully
09:45:38.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
09:45:38.281 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR log.txt"
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lundfish,

After this step restart your system and test it. Get back to me with results.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#9
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
computer on start up seems faster..I would say that the "load" time for programs to load and to be able to start a separate program (such as firefox) has been cut by at least 50%.
here is the kapersky log:

Status: Deleted (events: 3)
9/23/2011 12:04:28:PM Deleted adware not-a-virus:AdWare.Win32.MyWay.j D:\I386\Apps\APP01255\src\HPSummer2005.exe Medium
9/23/2011 12:04:28:PM Deleted adware not-a-virus:AdWare.Win32.MyWay.j D:\I386\Apps\APP01255\src\HPSummer2005.exe//WiseSFXDropper Medium
9/23/2011 12:04:28:PM Deleted adware not-a-virus:AdWare.Win32.MyWay.j D:\I386\Apps\APP01255\src\HPSummer2005.exe//WiseSFXDropper//WISE0016.BIN Medium

Edited by lundfish, 23 September 2011 - 01:17 PM.

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lundfish,

Nice to hear that. We'll now do some system maintains and try to speed it a little.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

Advertisements


#11
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have done the above steps. the computer seems to be running the same or perhaps a little slower than it was at the previous step but still much better than it was.......It could be the same speed....
  • 0

#12
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
after a reboot I do not think it is any slower that it was at the previous step.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lundfish,

Let's do some scans.

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • OTL log
It would be helpful if you could post each log in separate post
  • 0

#14
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
her are the logs. this computer has been off for a couple days and upon start up it seemed to take a while for the computer to be useable. not as long as when 1st started but the hard drive seemed to have quite a bit of "chattering" going on. not sure if that means anything but felt I should post current status.
mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/27/2011 07:10:58 PM
mbam-log-2011-09-27 (19-10-56).txt

Scan type: Quick scan
Objects scanned: 203481
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
lundfish

lundfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL log:

OTL logfile created on: 9/27/2011 07:14:59 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 170.94 Mb Available Physical Memory | 38.29% Memory free
1.03 Gb Paging File | 0.69 Gb Available in Paging File | 67.44% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.02 Gb Total Space | 36.32 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.38% Space Free | Partition Type: FAT32

Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 15:59:51 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/16 20:19:00 | 005,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
PRC - [2005/08/09 03:17:39 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/07/04 17:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/01/24 02:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/06 19:09:06 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8293dd00\mscorlib.dll
MOD - [2010/10/06 19:08:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_1f8934b7\system.drawing.dll
MOD - [2010/10/06 19:08:31 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1d640ef0\system.xml.dll
MOD - [2010/10/06 19:08:20 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5c45b2ca\system.windows.forms.dll
MOD - [2010/10/06 19:07:36 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_15ff4dca\system.dll
MOD - [2010/10/06 19:05:21 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2008/08/26 19:07:45 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008/08/26 19:07:43 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2008/08/26 19:07:41 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2008/08/26 19:06:33 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008/08/26 19:05:56 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2008/08/26 19:05:55 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2008/08/26 19:05:48 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2008/08/26 19:05:47 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2008/08/26 19:05:46 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008/08/26 19:05:46 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2008/08/26 19:05:46 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008/08/26 19:05:46 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2008/08/26 19:05:46 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008/08/26 19:05:44 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008/08/26 19:05:44 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008/08/26 19:05:43 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008/08/26 19:05:43 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008/08/26 19:05:42 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2008/08/26 19:05:42 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008/08/26 19:05:42 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008/08/26 19:01:38 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2008/08/26 19:01:38 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2008/08/26 19:01:37 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008/08/26 19:01:37 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2008/08/26 19:01:37 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2008/08/26 19:01:36 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2008/08/26 19:01:36 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2005/11/16 20:18:00 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll
MOD - [2005/10/16 08:10:02 | 000,610,304 | ---- | M] () -- c:\windows\assembly\gac\hpodmres\3.0.0.0__a53cf5803f4c3827\hpodmres.dll
MOD - [2005/10/16 08:10:02 | 000,005,120 | ---- | M] () -- c:\windows\assembly\gac\hpodmres.resources\3.0.0.0_en_a53cf5803f4c3827\hpodmres.resources.dll
MOD - [2005/10/16 08:06:19 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2005/10/16 08:06:18 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2005/08/09 02:58:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/09 02:58:23 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/09 02:58:22 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/09 02:56:57 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2005/02/24 21:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2005/01/24 03:05:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2005/01/24 03:05:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2005/01/24 03:05:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2005/01/24 03:05:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2004/09/29 16:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 01:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54Gv42SVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2005/10/17 20:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/06/07 22:44:36 | 001,235,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/14 21:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/25 06:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.babylo...rp&AF=18322&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 23:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/24 10:05:23 | 000,000,000 | ---D | M]

[2008/09/06 11:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2011/09/27 19:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions
[2009/11/29 13:06:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/01 19:55:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zormi0xx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/24 10:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/06 15:33:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/24 10:05:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/12/13 20:28:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/24 08:17:29 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/09/22 09:03:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Popup-Blocker Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F35CE83E-9EBF-40D5-AE87-53F982389740} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://install.char...bin/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish....fishActivia.cab (Snapfish Activia)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144116337031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532D7804-4A3A-4033-B29A-B32846B2B430}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 22:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 19:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 18:59:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/27 18:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/27 18:52:15 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/24 10:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/24 08:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2011/09/24 08:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/09/24 08:15:29 | 003,417,571 | ---- | C] (Puran Software ) -- C:\Documents and Settings\Compaq_Owner\Desktop\PuranDefragFreeSetup.exe
[2011/09/24 08:11:49 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Compaq_Owner\Desktop\StartUpLite.exe
[2011/09/23 15:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Temp
[2011/09/22 09:26:31 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2011/09/22 09:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
[2011/09/22 08:46:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/22 08:43:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/22 08:43:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/22 08:43:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/22 08:43:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/22 08:18:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/22 08:14:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 08:11:43 | 004,223,304 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/09/21 20:17:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/16 15:59:50 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/09/15 06:25:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/14 23:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\musica
[2011/09/14 22:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/09/14 22:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

========== Files - Modified Within 30 Days ==========

[2011/09/27 19:11:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 19:00:09 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 18:59:45 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/09/27 18:52:55 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/27 18:41:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/27 18:40:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 18:40:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 18:40:21 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 08:17:19 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Puran Defrag.lnk
[2011/09/24 08:15:50 | 003,417,571 | ---- | M] (Puran Software ) -- C:\Documents and Settings\Compaq_Owner\Desktop\PuranDefragFreeSetup.exe
[2011/09/24 08:11:50 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Compaq_Owner\Desktop\StartUpLite.exe
[2011/09/23 12:03:55 | 000,000,102 | -HS- | M] () -- C:\WINDOWS\0929751drv.spi
[2011/09/23 09:17:00 | 097,696,336 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\setup_11.0.0.1245.x01_2011_09_23_19_11.exe
[2011/09/22 09:45:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2011/09/22 09:26:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2011/09/22 09:22:38 | 001,386,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.zip
[2011/09/22 09:03:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/22 08:46:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/22 08:33:45 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/22 08:12:06 | 004,223,304 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/09/21 19:07:36 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\resetdma.vbs
[2011/09/16 15:59:51 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/09/15 15:36:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/15 06:24:28 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/15 06:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 06:01:09 | 000,446,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 06:01:09 | 000,073,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/15 01:15:51 | 006,636,549 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\12. Taylor Swift - Haunted.mp3
[2011/09/15 01:15:50 | 007,055,840 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\11. Taylor Swift - Innocent.mp3
[2011/09/15 01:15:49 | 009,365,195 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\09. Taylor Swift - Enchanted.mp3
[2011/09/15 01:15:45 | 006,252,655 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\08. Taylor Swift - Never Grow Up.mp3
[2011/09/15 01:15:42 | 007,151,229 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\07. Taylor Swift - The Story Of Us.mp3
[2011/09/15 01:15:39 | 005,767,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\06. Taylor Swift - Mean.mp3
[2011/09/15 01:15:34 | 009,291,248 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\05. Taylor Swift - Dear John.mp3
[2011/09/15 01:15:30 | 006,154,940 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\04. Taylor Swift - Speak Now.mp3
[2011/09/15 01:15:29 | 007,396,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\03. Taylor Swift - Back To December.mp3
[2011/09/15 01:15:27 | 006,839,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\02. Taylor Swift - Sparks Fly.mp3
[2011/09/15 01:15:24 | 005,845,143 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\01. Taylor Swift - Mine.mp3
[2011/09/15 01:15:20 | 005,937,150 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\10. Taylor Swift - Better Than Revenge.mp3
[2011/09/15 01:15:19 | 006,989,578 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\08. Taylor Swift - The Story Of Us (US Version).mp3
[2011/09/15 01:15:17 | 007,761,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\07. Taylor Swift - BackTo December (US Version).mp3
[2011/09/15 01:15:13 | 006,103,891 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\06. Taylor Swift - Mine (US Version).mp3
[2011/09/15 01:15:11 | 005,114,323 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\05. Taylor Swift - Haunted (Acoustic).mp3
[2011/09/15 01:15:08 | 007,105,816 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\04. Taylor Swift - Back to December (Acoustic).mp3
[2011/09/15 01:15:04 | 007,360,581 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\03. Taylor Swift - Superman.mp3
[2011/09/15 01:15:00 | 005,810,263 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\02. Taylor Swift - If This Was A Movie.mp3
[2011/09/15 01:14:58 | 005,942,372 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\01. Taylor Swift - Ours.mp3
[2011/09/15 01:14:57 | 007,753,517 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\14. Taylor Swift - Long Live.mp3
[2011/09/15 01:14:56 | 009,009,615 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\13. Taylor Swift - Last Kiss.mp3
[2011/09/14 23:12:04 | 052,217,299 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Tied Together With A Smile - Lyrics HQ.mp4
[2011/09/14 23:10:50 | 064,592,981 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Innocent - Lyrics HQ.mp4
[2011/09/14 23:09:52 | 037,039,890 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Invisible - Lyrics HQ.mp4
[2011/09/14 23:08:30 | 089,104,953 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Last Kiss - Lyrics HQ.mp4
[2011/09/14 23:07:14 | 098,543,727 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Enchanted - Lyrics HQ.mp4
[2011/09/14 23:06:44 | 098,244,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Dear John - Lyrics HQ.mp4
[2011/09/14 22:54:33 | 009,570,679 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\I'd Lie - Taylor Swift (with lyrics & download link!).flv
[2011/09/14 19:54:00 | 000,003,649 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/27 19:00:09 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/24 08:17:19 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Puran Defrag.lnk
[2011/09/23 12:03:55 | 000,000,102 | -HS- | C] () -- C:\WINDOWS\0929751drv.spi
[2011/09/23 09:05:51 | 097,696,336 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\setup_11.0.0.1245.x01_2011_09_23_19_11.exe
[2011/09/22 09:45:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2011/09/22 09:22:32 | 001,386,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.zip
[2011/09/22 08:43:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/22 08:43:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/22 08:43:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/22 08:43:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/22 08:43:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/21 19:07:32 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\resetdma.vbs
[2011/09/14 23:08:31 | 052,217,299 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Tied Together With A Smile - Lyrics HQ.mp4
[2011/09/14 23:07:15 | 037,039,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Invisible - Lyrics HQ.mp4
[2011/09/14 23:06:47 | 064,592,981 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Innocent - Lyrics HQ.mp4
[2011/09/14 23:03:31 | 089,104,953 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Last Kiss - Lyrics HQ.mp4
[2011/09/14 23:01:21 | 098,244,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Dear John - Lyrics HQ.mp4
[2011/09/14 23:01:18 | 098,543,727 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Taylor Swift - Enchanted - Lyrics HQ.mp4
[2011/09/14 22:51:59 | 009,570,679 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\I'd Lie - Taylor Swift (with lyrics & download link!).flv
[2010/01/02 15:45:06 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/11/08 12:29:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/11/08 12:28:38 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/05/04 14:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/26 18:41:24 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/08/26 18:41:23 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/06/29 10:21:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/18 09:27:39 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2007/10/16 18:23:49 | 000,000,250 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/27 13:05:23 | 000,000,238 | ---- | C] () -- C:\WINDOWS\COLORFRM.INI
[2007/03/08 16:39:42 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/17 20:15:15 | 000,036,697 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/09/30 08:26:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/09/30 08:26:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2006/08/19 08:31:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/08 18:44:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/06/03 09:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/05/28 18:17:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/01/29 12:23:09 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Disney's Magic Artist.INI
[2006/01/29 10:05:16 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SSAW.INI
[2006/01/29 09:54:54 | 000,000,047 | ---- | C] () -- C:\WINDOWS\PWP.INI
[2006/01/21 09:39:19 | 000,000,173 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/01/21 09:21:32 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/21 09:20:08 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Preschol.ini
[2006/01/06 09:25:17 | 000,001,501 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/12/27 14:32:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/12/11 14:38:18 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/03 13:47:25 | 000,027,748 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/11/28 19:32:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2005/11/19 15:44:12 | 000,000,230 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/11/09 20:11:00 | 000,000,377 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/11/09 20:10:56 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2005/10/18 19:50:12 | 000,000,706 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/10/17 09:27:39 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/10/15 16:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/15 16:13:14 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/10/15 16:13:01 | 000,003,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/08/09 04:07:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 03:38:40 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/09 03:38:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/09 03:32:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 03:26:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 03:26:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 03:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 03:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 03:26:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 03:26:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 03:19:06 | 000,000,497 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/09 03:14:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/09 03:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/09 03:11:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/09 03:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/09 03:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/09 03:11:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/09 03:10:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/08/09 03:10:13 | 000,094,574 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/09 02:59:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/09 02:55:19 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/08/09 02:55:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/08/09 02:54:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 13:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/24 23:29:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/24 22:43:44 | 000,446,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/24 22:43:44 | 000,073,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/24 22:42:06 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/24 22:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/24 22:30:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 22:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/29 04:24:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/09/29 04:23:16 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/09/29 04:23:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/09/29 04:23:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/08/23 16:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/09/15 06:25:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/11/12 17:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/26 08:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/15 12:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2005/12/11 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Common Files
[2007/05/14 19:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Expedia
[2006/09/01 17:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express
[2006/11/26 22:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ImgBurn
[2007/11/24 11:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2005/08/09 03:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2005/10/17 18:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Snapfish
[2005/12/03 13:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP