Yesterday I received a file with a virus. My Anti-Virus program picked it up and I assumed it had taken care of the problem. To be sure I ran the AV again and then downloaded Malware Bytes and ran the program. It picked up several:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Adware.Casino) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\cleopatras palace\Install.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\documents and settings\todd_w\local settings\Temp\5606.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
Once I ran Malware Bytes I could not access any of the search engines in any brower, Chrome, FF and IE.
I have performed three instructional operations on the web to solve the problem to no avail. A couple of them pointed me to the host file in /system32/drivers/etc and I thought I had found the issue. At the bottom of the host file contained:
74.55.76.230 www.google-analytics.com.
74.55.76.230 ad-emea.doubleclick.net.
74.55.76.230 www.statcounter.com.
178.250.45.15 www.google-analytics.com.
178.250.45.15 ad-emea.doubleclick.net.
178.250.45.15 www.statcounter.com.
Removing them didn't make any difference
My OTL log file as the instructions for posting suggested:
OTL logfile created on: 10/11/2011 3:39:14 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\This_PC
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1005.78 Mb Total Physical Memory | 225.22 Mb Available Physical Memory | 22.39% Memory free
2.36 Gb Paging File | 1.61 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 151.11 Gb Total Space | 73.40 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
Computer Name: TODD | User Name: todd_w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/11 15:17:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\This_PC\OTL.exe
PRC - [2011/09/30 11:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/29 07:06:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/14 15:04:59 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\todd_w\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/02/18 14:04:44 | 001,827,616 | ---- | M] (Glance Networks, Inc.) -- C:\Program Files\Glance26\Glance.exe
PRC - [2010/09/23 10:41:16 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/09/23 10:41:16 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/09/23 10:41:16 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2009/09/15 10:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/05/01 15:15:21 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/11/12 22:41:42 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/12 21:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/03/14 06:50:18 | 001,423,360 | ---- | M] (ES-Computing) -- C:\Program Files\EditPlus 2\editplus.exe
PRC - [2007/03/12 19:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/06/15 00:00:56 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/05/11 18:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/05/11 18:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/09 22:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/01/31 00:11:48 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2004/01/02 20:25:36 | 000,110,592 | ---- | M] () -- C:\syam\system_monitor\DMCentralMgr.exe
PRC - [2004/01/02 20:23:52 | 000,110,592 | ---- | M] () -- C:\syam\jetty\DMWebSrv.exe
PRC - [2003/10/18 05:21:36 | 000,024,673 | ---- | M] () -- C:\syam\java\bin\java.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/11 15:14:09 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/11 15:14:09 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/11 09:54:50 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/11 09:54:50 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/30 11:11:39 | 000,309,304 | ---- | M] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\Locales\en-US.dll
MOD - [2011/09/29 07:06:34 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/21 18:26:27 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll
MOD - [2010/11/08 11:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/11/04 20:37:28 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
MOD - [2010/11/04 20:36:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
MOD - [2010/11/04 20:08:15 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2010/11/04 20:08:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
MOD - [2010/11/04 20:07:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
MOD - [2010/11/04 20:06:07 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
MOD - [2010/11/04 20:05:55 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
MOD - [2010/11/04 20:05:03 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
MOD - [2010/11/04 20:04:19 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
MOD - [2010/11/04 19:59:49 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/11/04 19:59:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2010/11/04 19:36:55 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_003b1c7a\mscorlib.dll
MOD - [2010/09/27 08:48:02 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/19 15:23:08 | 000,969,480 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2009/09/15 10:22:06 | 000,115,008 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/01 15:15:21 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/05/01 15:15:20 | 000,357,768 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/14 06:49:56 | 000,032,256 | ---- | M] () -- C:\Program Files\EditPlus 2\eppshell.dll
MOD - [2006/06/15 00:00:08 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2006/06/14 23:58:52 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2006/06/13 23:45:56 | 000,039,936 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WxEtsEula.dll
MOD - [2006/05/14 00:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2004/01/02 20:30:30 | 000,049,152 | ---- | M] () -- C:\syam\system_monitor\lib\Wrapper.dll
MOD - [2004/01/02 20:30:30 | 000,049,152 | ---- | M] () -- C:\syam\jetty\lib\Wrapper.dll
MOD - [2004/01/02 20:25:36 | 000,110,592 | ---- | M] () -- C:\syam\system_monitor\DMCentralMgr.exe
MOD - [2004/01/02 20:23:52 | 000,110,592 | ---- | M] () -- C:\syam\jetty\DMWebSrv.exe
MOD - [2003/10/18 05:21:38 | 001,208,442 | ---- | M] () -- C:\syam\java\bin\client\jvm.dll
MOD - [2003/10/18 05:21:38 | 000,057,445 | ---- | M] () -- C:\syam\java\bin\verify.dll
MOD - [2003/10/18 05:21:38 | 000,053,356 | ---- | M] () -- C:\syam\java\bin\zip.dll
MOD - [2003/10/18 05:21:38 | 000,020,582 | ---- | M] () -- C:\syam\java\bin\rmi.dll
MOD - [2003/10/18 05:21:36 | 000,098,411 | ---- | M] () -- C:\syam\java\bin\java.dll
MOD - [2003/10/18 05:21:36 | 000,057,447 | ---- | M] () -- C:\syam\java\bin\net.dll
MOD - [2003/10/18 05:21:36 | 000,028,783 | ---- | M] () -- C:\syam\java\bin\hpi.dll
MOD - [2003/10/18 05:21:36 | 000,024,673 | ---- | M] () -- C:\syam\java\bin\java.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (LMS) Intel®
SRV - File not found [Auto | Stopped] -- -- (DataSvr)
SRV - File not found [Auto | Stopped] -- -- (A1Monitor81011202355)
SRV - [2011/09/21 18:26:27 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/08 11:57:12 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\todd_w\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/15 10:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/08/20 15:34:24 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/05/01 15:15:21 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/11/12 21:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/12 19:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/06/03 02:30:56 | 000,389,120 | ---- | M] (Wave Systems Corp) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/05/12 00:45:14 | 000,184,320 | ---- | M] (SyAM Software, Inc.) [Auto | Stopped] -- C:\syam\system_monitor\agent\smaagent.exe -- (SMAgent)
SRV - [2006/05/11 18:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/03/09 22:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/01/02 20:25:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\syam\system_monitor\DMCentralMgr.exe -- (DMCentralMgr)
SRV - [2004/01/02 20:23:52 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\syam\jetty\DMWebSrv.exe -- (DMWebSrv)
========== Driver Services (SafeList) ==========
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/13 09:56:28 | 000,034,080 | ---- | M] (Glance Networks, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\glancedrv.sys -- (glancedrv)
DRV - [2009/03/28 14:45:24 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2009/02/25 05:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/04/14 13:02:17 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/10/18 19:32:16 | 000,011,648 | ---- | M] (SerComm) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lknucmp.sys -- (LKNUCMP)
DRV - [2006/10/18 19:32:10 | 000,011,136 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhst.sys -- (lknuhst)
DRV - [2006/10/18 19:32:04 | 000,037,248 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhub.sys -- (LKNUHUB)
DRV - [2006/10/02 19:41:34 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/01 07:43:56 | 000,043,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/05/26 02:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/19 18:14:00 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2006/02/28 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/12/02 12:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/08/24 21:47:56 | 000,004,096 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\syam\system_monitor\agent\drivers\Caniodrvr.sys -- (caniodrvr)
DRV - [2002/02/20 03:34:18 | 000,072,576 | ---- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {5F260DF0-AE97-4f7c-96FE-BC87D4FBC422}:3.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...3&gct=&gc=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@glance.net/GlanceClient: C:\Program Files\Glance26\npglance.dll (Glance Networks, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 07:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 07:06:36 | 000,000,000 | ---D | M]
[2008/12/13 17:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Extensions
[2011/10/09 19:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions
[2010/10/22 08:22:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/22 08:22:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 17:01:23 | 000,000,000 | ---D | M] (RSS Validator) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\{5F260DF0-AE97-4f7c-96FE-BC87D4FBC422}
[2011/09/01 15:07:33 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2011/09/01 15:07:32 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/03/08 08:39:51 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/09/01 15:07:45 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\[email protected]
[2011/08/21 14:05:59 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\[email protected]
[2011/02/21 13:41:51 | 000,000,000 | ---D | M] ("Pencil") -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\[email protected]
[2010/01/06 16:48:32 | 000,000,000 | ---D | M] ("WebScan") -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\extensions\[email protected]
[2009/03/08 14:06:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\todd_w\Application Data\Mozilla\Firefox\Profiles\qa6c2cqd.default\searchplugins\ask.xml
[2011/10/09 19:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 16:26:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/17 16:26:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/17 16:26:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://toolbar.ask.c...rchTerms}&crm=1
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
O1 HOSTS File: ([2011/10/11 15:35:36 | 000,000,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: :: localhost #[IPv6]
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IE DevToolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Auto Auto EPSON Stylus Photo RX600 on Stuffsites on JUDY-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX600 on JUDY-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX600 on JUDYNB] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto Network EPSON Stylus Photo RX... on LOGANDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [CacheFP] C:\Program Files\Wave Systems Corp\Authentication Manager\CacheFP.exe ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper® Corporation)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Epson] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PSDiagnosticM] C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Remote Console] C:\syam\system_monitor\agent\winvnc.exe (RealVNC Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TurboTax 2008] K:\TurboTax 2008\TurboTax 2008 Installer.exe File not found
O4 - HKLM..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe File not found
O4 - HKCU..\Run: [19BE8C9F4AE8F4D58127F4E190BB612E5D621DF4._service_run] C:\Documents and Settings\todd_w\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk = C:\Program Files\Glance26\Glance.exe (Glance Networks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\todd_w\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\todd_w\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\todd_w\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/03/20 17:37:57 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/03/20 17:37:57 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/03/20 17:37:57 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/03/20 17:37:57 | 000,000,000 | ---D | M]
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} https://photos.ritea...PhotoOnline.cab (Rite Aid One Hour Photo Online Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A8EAB1-E1DA-442C-ABB3-D0FC29102493}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD9D7F87-409C-45BA-B1E7-769787C49C9A}: DhcpNameServer = 24.247.24.53 24.247.15.53
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - AppInit_DLLs: (wxvault.dll) -C:\WINDOWS\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\todd_w\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\todd_w\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/02 18:23:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/22 18:48:45 | 000,045,015 | ---- | M] () - C:\auto_news.jpg -- [ NTFS ]
O33 - MountPoints2\{0dd2c0ab-cebd-11de-b8f9-001676d3aa61}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{1ba38c53-ee2d-11dd-b8c4-001676d3aa61}\Shell - "" = AutoRun
O33 - MountPoints2\{1ba38c53-ee2d-11dd-b8c4-001676d3aa61}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ba38c53-ee2d-11dd-b8c4-001676d3aa61}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{2074ed5b-1b4f-11de-b8cd-001676d3aa61}\Shell\AutoRun\command - "" = J:\.\EncryptionTool\MaxtorEncryption.exe
O33 - MountPoints2\{321f2d93-d72b-11db-b84b-0006251a0668}\Shell - "" = AutoRun
O33 - MountPoints2\{321f2d93-d72b-11db-b84b-0006251a0668}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{321f2d93-d72b-11db-b84b-0006251a0668}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/10/11 09:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\todd_w\Application Data\SUPERAntiSpyware.com
[2011/10/11 09:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/11 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/11 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/11 08:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\todd_w\Desktop\HostsXpert
[2011/10/10 13:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\todd_w\Application Data\Malwarebytes
[2011/10/10 13:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 13:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/10 13:53:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/10 13:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/07 09:37:04 | 000,000,000 | ---D | C] -- C:\evo_phone
[2011/10/05 16:38:53 | 000,034,080 | ---- | C] (Glance Networks, Inc) -- C:\WINDOWS\System32\drivers\glancedrv.sys
[2011/10/05 16:38:53 | 000,033,824 | ---- | C] (Glance Networks, Inc) -- C:\WINDOWS\System32\glancedrv.dll
[2011/10/05 16:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Glance26
[2011/10/05 16:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glance
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/11 15:36:30 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-731781172-1896487735-3647571899-1005UA.job
[2011/10/11 15:35:36 | 000,000,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/11 15:13:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 15:12:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 10:55:54 | 000,001,866 | -H-- | M] () -- C:\Documents and Settings\todd_w\My Documents\Default.rdp
[2011/10/11 10:46:40 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\todd_w\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/11 09:54:13 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/11 08:46:44 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\todd_w\Desktop\HostsXpert.zip
[2011/10/11 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TODD-todd_w.job
[2011/10/10 21:36:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-731781172-1896487735-3647571899-1005Core.job
[2011/10/10 13:53:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 10:54:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\prvlcl.dat
[2011/10/10 10:48:25 | 000,001,392 | -HS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/10 10:00:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Internet Explorer.job
[2011/10/10 08:43:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/05 16:38:57 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Glance.lnk
[2011/10/05 16:38:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
[2011/10/05 09:40:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/10/05 09:40:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/10/05 04:40:48 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\todd_w\Desktop\Google Chrome.lnk
[2011/10/05 04:40:48 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\todd_w\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/01 13:53:12 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\PUTTY.RND
[2011/09/28 05:08:00 | 001,499,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/19 11:44:27 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\etc\*.tmp files -> C:\WINDOWS\System32\drivers\etc\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/11 10:46:40 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\todd_w\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/11 09:54:13 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/11 08:46:44 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\todd_w\Desktop\HostsXpert.zip
[2011/10/10 13:53:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/05 16:38:57 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Glance.lnk
[2011/10/05 16:38:57 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk
[2011/10/05 09:40:59 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/10/05 09:40:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/07/27 07:00:09 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/06 13:40:20 | 000,153,593 | ---- | C] () -- C:\Program Files\Dreamweaver CS5 Read Me.pdf
[2010/12/06 13:40:15 | 013,973,940 | ---- | C] () -- C:\Program Files\Dreamweaver CS5 Help.pdf
[2010/11/04 20:09:12 | 000,322,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/23 08:16:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\prvlcl.dat
[2010/07/23 11:03:59 | 000,037,202 | ---- | C] () -- C:\Documents and Settings\todd_w\Application Data\Comma Separated Values (DOS).ADR
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/02/17 14:07:17 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/11/21 12:56:34 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2009/10/28 10:32:37 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/10/28 10:32:37 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/10/28 10:31:39 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/10/28 10:31:39 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/10/28 10:31:38 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/26 08:45:30 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/07/22 11:08:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/06/03 18:19:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\todd_w\Application Data\$_hpcst$.hpc
[2008/06/02 15:51:07 | 000,004,825 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2008/03/26 15:41:28 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008/03/10 10:19:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\PUTTY.RND
[2007/12/12 12:19:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.todd_w.ini
[2007/10/11 20:23:48 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\smtpvn2.dll
[2007/08/09 13:58:22 | 000,943,104 | ---- | C] () -- C:\WINDOWS\System32\semtempl.dll
[2007/08/09 13:58:22 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\arcdll.dll
[2007/08/09 13:58:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\hashfunc.dll
[2007/05/10 11:36:44 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/23 10:22:32 | 000,001,277 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/04/23 10:15:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/03/27 09:00:04 | 000,037,188 | ---- | C] () -- C:\Documents and Settings\todd_w\Application Data\Microsoft Excel.ADR
[2007/03/26 17:18:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/03/21 04:09:35 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/21 04:09:35 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\fusioncache.dat
[2007/03/21 04:09:35 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\todd_w\Local Settings\Application Data\.user_keys.dat
[2007/03/20 17:29:30 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/03/20 17:27:29 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONRX600.ini
[2007/03/20 16:52:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/03 15:30:24 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2006/10/03 15:16:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/03 15:15:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/10/03 15:15:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/10/03 15:15:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/10/03 15:14:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/10/03 15:14:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/10/03 15:12:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/10/03 15:12:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/10/02 21:31:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/02 21:09:11 | 000,000,426 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/02 19:30:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\key_registry.dat
[2006/10/02 19:25:24 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/10/02 19:25:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/10/02 18:39:45 | 000,348,880 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/10/02 18:39:45 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4618.dll
[2006/10/02 18:25:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/02 18:21:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/02 14:18:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/02 14:17:15 | 001,499,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/15 00:00:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/06/14 23:58:52 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/06/08 17:08:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/06/08 16:56:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/06/08 16:55:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/06/08 16:55:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/06/08 16:55:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/06/08 16:54:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/06/08 16:54:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/06/08 16:54:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/06/08 16:54:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/06/08 16:53:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/06/08 16:53:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2006/06/02 17:43:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/02/28 15:00:00 | 000,491,512 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 15:00:00 | 000,088,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/09/20 20:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/03/07 20:30:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/03/07 20:30:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/03/07 20:30:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/03/07 20:30:46 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/03/07 20:30:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/03/07 20:30:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/03/07 20:30:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/03/07 20:30:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2004/07/21 22:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 21:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2002/04/19 21:03:52 | 000,004,514 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/04/19 21:03:48 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1999/11/15 04:29:18 | 000,155,702 | ---- | C] () -- C:\WINDOWS\System32\Win2Kinstall.exe
[1999/11/05 01:44:28 | 000,155,728 | ---- | C] () -- C:\WINDOWS\System32\win2kuninst.exe
[1999/05/16 23:08:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\InstDrv.exe
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2011/03/15 08:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/20 15:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/06/22 09:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/06/30 10:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySecureBackup
[2010/12/14 09:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/11/23 14:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL_old
[2009/10/31 13:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/12/06 13:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2006/10/02 19:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/07/15 09:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Artisteer
[2009/09/15 12:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Dimdim
[2009/10/31 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Downloaded Installations
[2011/10/11 15:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Dropbox
[2010/12/02 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\EditPlus 2
[2007/04/26 23:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\EPSON
[2007/08/14 09:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\FileMaker
[2009/03/08 08:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Foxit
[2009/10/26 08:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\gpdf2swf
[2007/03/20 17:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Leadertech
[2011/07/08 11:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Mikogo
[2009/10/19 23:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Moyea
[2009/07/29 06:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\MySecureBackup
[2011/10/01 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Nitro PDF
[2010/12/23 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Notepad++
[2007/04/30 16:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Opera
[2006/10/02 19:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\SampleView
[2008/05/28 15:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\SmartDraw
[2008/10/08 19:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Snapfish
[2011/03/07 11:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\SQL Maestro Group
[2010/12/28 14:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\TeamViewer
[2009/12/25 10:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\VirtualStore
[2011/10/10 10:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Wave Systems Corp
[2010/11/24 17:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\todd_w\Application Data\Wireshark
[2011/10/10 10:00:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Internet Explorer.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/08/20 15:54:59 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2010/04/07 14:24:50 | 000,035,374 | ---- | M] () -- C:\ASLog.txt
[2009/11/23 13:11:13 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2006/10/02 18:23:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/22 18:48:45 | 000,045,015 | ---- | M] () -- C:\auto_news.jpg
[2008/01/21 13:59:58 | 004,114,932 | ---- | M] () -- C:\bm-20-unix.zip
[2008/01/22 12:51:27 | 004,112,544 | ---- | M] () -- C:\bm-20-win.zip
[2007/05/14 21:57:09 | 002,992,091 | ---- | M] () -- C:\bm1-3-7a_VvK_OLD_BM.zip
[2007/03/21 04:09:25 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/06/15 16:51:14 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2006/10/02 18:23:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/02 18:23:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/26 08:57:58 | 009,867,062 | ---- | M] () -- C:\ioncube_encoder5_6.5.zip
[2007/11/26 08:58:53 | 004,804,194 | ---- | M] () -- C:\ipfoundry_3.0.zip
[2008/01/15 10:17:44 | 002,824,792 | ---- | M] () -- C:\Joomla_1.0.12-Stable-Full_Package.zip
[2006/10/02 18:23:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/04 11:45:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/09/23 15:28:00 | 001,128,071 | ---- | M] () -- C:\orchidLinks_fullSource_2007.09.22.zip
[2011/10/11 15:12:31 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2007/09/20 12:13:14 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008/10/08 15:49:11 | 003,263,957 | ---- | M] () -- C:\phpMyAdmin-3.0.0-all-languages.zip
[2007/10/16 06:52:00 | 001,690,758 | ---- | M] () -- C:\powerClassifieds_2007.10.15.zip
[2007/09/23 15:23:00 | 002,057,781 | ---- | M] () -- C:\powerClassifieds_fullSource_2007.09.22.zip
[2007/03/25 09:42:55 | 002,620,138 | ---- | M] () -- C:\Scan_folder.zip
[2007/02/28 22:58:24 | 000,000,813 | R--- | M] () -- C:\setup.iss
[2008/02/07 12:44:55 | 000,000,186 | ---- | M] () -- C:\setup.log
[2009/06/17 19:05:39 | 000,005,120 | -HS- | M] () -- C:\Thumbs.db
[2008/10/22 13:57:57 | 000,681,784 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB914440-v12-x86-ENU.exe
[2007/03/20 17:37:27 | 000,000,146 | ---- | M] () -- C:\YServer.txt
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/02/28 08:00:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2010/01/14 19:26:21 | 000,001,674 | -H-- | M] () -- C:\Documents and Settings\todd_w\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2010/04/02 05:50:48 | 013,973,940 | ---- | M] () -- C:\Program Files\Dreamweaver CS5 Help.pdf
[2010/04/02 05:50:48 | 000,153,593 | ---- | M] () -- C:\Program Files\Dreamweaver CS5 Read Me.pdf
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/10/02 14:16:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/10/02 14:16:29 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/10/02 14:16:29 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-05 00:08:53
< End of report >
Thanks in advance