Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC Anti-spyware 2010 infection

Started by sspeed , Aug 24 2009 10:27 PM

Please log in to reply

#16
kahdah

Posted 26 August 2009 - 04:33 PM

GeekU Teacher

Retired Staff
15,822 posts

Does ComboFix clear it out?

Not entirely some more will have to be done to fully remove what you have.

Just post the log after you return and we will continue.

#17
sspeed

Posted 26 August 2009 - 08:00 PM

Member

Topic Starter
Member
18 posts

Here's the Combofix!

ComboFix 09-08-25.05 - Administrator 08/26/2009 8:40.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.658 [GMT -6:00]
Running from: c:\documents and settings\All Users\Desktop\larry\kahdah.exe
AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\\setup.exe
c:\windows\Installer\2c370f.msi
c:\windows\Installer\2db139.msp
c:\windows\system\oeminfo.ini
c:\windows\system32\gunzip.exe
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\nerocheck.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 13:04 . 2009-08-26 13:05 117760 ----a-w- c:\documents and settings\Administrator.SCORPIO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 13:03 . 2009-08-26 13:03 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Application Data\SUPERAntiSpyware.com
2009-08-26 05:31 . 2009-08-26 06:17 117760 ----a-w- c:\documents and settings\larry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\larry\Application Data\SUPERAntiSpyware.com
2009-08-26 05:14 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-26 05:14 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-26 05:14 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-26 05:14 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-26 05:14 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-26 05:14 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-26 05:14 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-26 05:14 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-26 05:14 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-26 05:13 . 2009-08-26 05:13 -------- d-----w- c:\program files\Alwil Software
2009-08-26 04:36 . 2009-08-26 04:36 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Local Settings\Application Data\Symantec
2009-08-26 04:35 . 2009-08-26 04:35 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Application Data\Malwarebytes
2009-08-25 23:35 . 2009-08-25 23:35 -------- d-----w- c:\documents and settings\harry\Local Settings\Application Data\LogMeIn
2009-08-25 23:35 . 2009-08-25 23:35 -------- d-----w- c:\documents and settings\harry\Local Settings\Application Data\Symantec
2009-08-25 23:26 . 2009-08-25 23:26 -------- d-----w- c:\documents and settings\harry\Application Data\Malwarebytes
2009-08-25 23:25 . 2009-08-25 23:25 -------- d--h--w- c:\windows\PIF
2009-08-25 22:46 . 2009-08-12 10:23 -------- d-sh--w- c:\documents and settings\Administrator.SCORPIO\IETldCache
2009-08-25 19:38 . 2009-08-25 19:38 46080 ----a-w- C:\Win32kDiag.exe
2009-08-25 04:37 . 2009-08-25 04:37 152576 ----a-w- c:\documents and settings\larry\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-25 04:30 . 2009-08-25 04:30 -------- d-sh--w- c:\documents and settings\larry\IECompatCache
2009-08-25 04:30 . 2009-08-25 04:30 -------- d-sh--w- c:\documents and settings\larry\PrivacIE
2009-08-25 01:23 . 2003-03-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-25 01:23 . 2003-03-31 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-25 00:14 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-25 00:08 . 2009-08-25 00:08 -------- d-----w- c:\documents and settings\larry\Local Settings\Application Data\Mozilla
2009-08-24 23:48 . 2009-08-24 23:48 -------- d-----w- c:\documents and settings\larry\Application Data\Malwarebytes
2009-08-24 14:08 . 2009-08-24 14:08 -------- d-----w- C:\reg
2009-08-24 14:06 . 2009-08-24 14:05 96082 ----a-w- C:\Registry.zip
2009-08-24 12:42 . 2009-08-24 12:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-24 12:42 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-24 12:40 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 12:40 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 05:13 . 2009-08-24 05:15 -------- d-s---w- C:\scott
2009-08-24 04:22 . 2009-08-24 04:22 -------- d-----w- c:\program files\Trend Micro
2009-08-24 04:01 . 2009-08-24 12:36 -------- d-----w- C:\Spybot - Search & Destroy
2009-08-24 03:43 . 2009-08-24 12:22 178 ----a-w- c:\windows\system\hpsysdrv.DAT
2009-08-24 03:42 . 2009-08-26 05:25 -------- d-----w- c:\windows\security
2009-08-24 00:42 . 2009-08-25 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 00:42 . 2009-08-24 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 23:32 . 2009-08-24 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-23 21:45 . 2009-08-23 21:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-23 20:47 . 2009-08-23 20:47 -------- d-----w- c:\program files\EASEUS
2009-08-23 20:05 . 2004-10-17 03:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll
2009-08-23 20:05 . 2006-04-17 17:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
2009-08-23 20:05 . 2009-08-23 20:39 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2009-08-12 22:09 . 2009-07-10 13:27 1315328 -c--a-w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 10:23 . 2009-08-12 10:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-12 10:20 . 2008-07-06 12:06 89088 -c--a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-12 10:20 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-08-12 10:20 . 2008-07-06 10:50 597504 -c--a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-12 10:20 . 2009-08-12 10:21 -------- d-----w- C:\8d48e82a740189462d0f31659bde
2009-08-12 10:20 . 2008-07-06 12:06 575488 -c--a-w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-12 10:20 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-08-12 10:20 . 2008-07-06 12:06 1676288 -c--a-w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-12 10:20 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-08-12 10:19 . 2009-08-26 04:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c--a-w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 01:49 . 2009-08-03 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Fellowes
2009-08-03 01:49 . 2009-08-03 01:49 -------- d-----w- c:\program files\Fellowes
2009-07-28 17:38 . 2009-07-28 17:38 -------- d-----w- C:\Dell922

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 06:00 . 2008-09-25 23:28 -------- d-----w- c:\program files\LogMeIn
2009-08-26 05:31 . 2006-03-15 05:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-26 05:09 . 2003-04-10 10:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-26 05:09 . 2006-02-20 17:09 -------- d-----w- c:\program files\Symantec
2009-08-26 05:09 . 2006-02-20 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-26 05:09 . 2006-02-20 17:08 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-26 04:56 . 2004-03-18 16:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-08-25 23:37 . 2009-01-24 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-25 16:29 . 2004-03-18 17:52 -------- d-----w- c:\program files\AWS
2009-08-25 16:28 . 2004-03-31 01:51 -------- d-----w- c:\program files\Data Caching
2009-08-25 04:38 . 2008-12-30 14:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-25 04:38 . 2004-03-18 20:16 -------- d-----w- c:\program files\Java
2009-08-24 12:41 . 2004-05-26 02:45 -------- d-----w- c:\program files\Lavasoft
2009-08-24 12:36 . 2004-03-18 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 12:35 . 2007-10-23 02:28 -------- d-----w- c:\program files\Common Files\Apple
2009-08-24 12:33 . 2007-09-28 13:12 -------- d-----w- c:\program files\FoxyTunes
2009-08-24 12:29 . 2006-03-05 16:51 -------- d-----w- c:\program files\SimpleCenter
2009-08-24 12:29 . 2006-03-05 16:51 -------- d--h--w- c:\program files\Zero G Registry
2009-08-24 03:51 . 2004-06-17 23:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 20:47 . 2003-04-10 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 23:01 . 2009-01-18 01:09 -------- d-----w- c:\program files\Dl_cats
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 01:50 . 2004-03-18 20:21 -------- d-----w- c:\program files\Winamp
2009-07-22 14:21 . 2009-07-22 14:21 -------- d-----w- c:\documents and settings\Melissa\Application Data\Canneverbe_Limited
2009-07-17 19:01 . 2004-03-18 17:10 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 16:08 . 2003-04-10 10:18 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-24 02:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 14:30 . 2009-07-01 14:30 -------- d-----w- c:\documents and settings\Melissa\Application Data\Macrovision
2009-06-30 17:40 . 2009-06-30 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-06-29 03:43 . 2003-04-10 10:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-03-18 17:11 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-03-18 17:12 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-03-18 17:12 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-03-18 17:10 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 16:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 00:52 . 2009-06-01 00:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2005-10-18 23:08 . 2005-09-15 17:20 0 ---ha-w- c:\program files\Common Files\MSN
2005-09-10 02:55 . 2007-01-21 00:19 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-10 02:55 . 2007-01-21 00:19 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-10 02:55 . 2007-01-21 00:19 37766164 ----a-w- c:\program files\Data1.cab
1994-09-23 22:50 . 2002-11-24 19:12 350 ----a-w- c:\program files\MIDIBASE.MID
1994-09-23 22:49 . 2002-11-24 19:12 568 ----a-w- c:\program files\MIDIEX.MID
2008-09-25 22:57 . 2008-09-25 22:57 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-09-25 22:57 . 2008-09-25 22:57 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\Alcxmntr.exe [2004-09-07 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 02:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/25/2009 11:14 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 astnscsi;astnscsi;c:\program files\Voyetra\AudioStation 6\astnscsi.exe [12/23/2003 12:36 PM 208464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/25/2009 11:14 PM 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [9/25/2008 5:28 PM 47640]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 12192]
S2 gupdate1c9cacc1cf6e244;Google Update Service (gupdate1c9cacc1cf6e244);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 8:17 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 8:49 AM 1029456]
S2 mrtRate;mrtRate; [x]
S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe --> \\?\c:\systemroot\system32\msihost.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 3:10 PM 32512]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [3/21/2004 8:32 PM 14924]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [3/30/2004 7:35 PM 18304]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\system32\drivers\SDSTOR2K.SYS [3/30/2004 7:51 PM 37781]
S3 vdev;VPN-1 SecureClient Virtual Ethernet Adapter;c:\windows\system32\drivers\vdev.sys [3/21/2004 8:20 PM 16396]
S3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys --> c:\windows\system32\DRIVERS\VisorUsb.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/4/2005 7:11 AM 848896]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 22:06]

2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{1F4D8BA3-8613-4383-87A3-48D9CED4365D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{3FD8393A-D3D5-4AE6-99E0-E808167D356E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

2009-08-26 c:\windows\Tasks\User_Feed_Synchronization-{CF37CA84-8129-4FDC-8345-23E2695B77FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
Notify-NavLogon - (no file)

.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://srch-qus8.hpwis.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://kingsoopers.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,8e,3f,20,6f,55,9e,42,a9,0b,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,8e,3f,20,6f,55,9e,42,a9,0b,4e,\

[HKEY_USERS\S-1-5-21-4176020971-612729734-1821085249-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,c0,54,a7,12,1b,91,45,81,a7,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,c0,54,a7,12,1b,91,45,81,a7,3e,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18D6E519-4C27-E4AD-074C5D1F171B40FB}\{8D7A772B-93EE-6905-4C751BA1B544AFC9}\{7029C73E-0020-BA9C-F3FADF03D99AF0E6}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D891502B-DC36-B293-121D9D2985957827}\{239EA7E9-C7D1-EF13-CC952A60F4AD7A0B}\{9E7939D5-CFE3-7B10-257B198232E2E5B7}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2F43379-985D-E7AE-2F5BD6B18999A07F}\{64C9A7C2-676E-3AEC-13AF6B278F65FD89}\{7B815B3C-162E-096A-EBEBEFD33B1AE416}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2009-08-26 9:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 15:06

Pre-Run: 38,136,254,464 bytes free
Post-Run: 38,218,629,120 bytes free

293 --- E O F --- 2009-08-26 14:54

#18
kahdah

Posted 27 August 2009 - 06:10 AM

GeekU Teacher

Retired Staff
15,822 posts

1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
Windows MSI
mrtRate


RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-4176020971-612729734-1821085249-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18D6E519-4C27-E4AD-074C5D1F171B40FB}\{8D7A772B-93EE-6905-4C751BA1B544AFC9}\{7029C73E-0020-BA9C-F3FADF03D99AF0E6}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D891502B-DC36-B293-121D9D2985957827}\{239EA7E9-C7D1-EF13-CC952A60F4AD7A0B}\{9E7939D5-CFE3-7B10-257B198232E2E5B7}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2F43379-985D-E7AE-2F5BD6B18999A07F}\{64C9A7C2-676E-3AEC-13AF6B278F65FD89}\{7B815B3C-162E-096A-EBEBEFD33B1AE416}*]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

Combofix.txt

=============

#19
sspeed

Posted 27 August 2009 - 07:33 AM

Member

Topic Starter
Member
18 posts

ComboFix 09-08-25.05 - Administrator 08/27/2009 7:10.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.603 [GMT -6:00]
Running from: c:\documents and settings\Administrator.SCORPIO\Desktop\kahdah.exe
Command switches used :: c:\documents and settings\All Users\Desktop\cfscript.txt
AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRTRATE
-------\Legacy_WINDOWS_MSI
-------\Service_mrtRate
-------\Service_Windows MSI

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 02:03 . 2009-08-27 02:03 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Local Settings\Application Data\LogMeIn
2009-08-26 13:04 . 2009-08-26 13:05 117760 ----a-w- c:\documents and settings\Administrator.SCORPIO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 13:03 . 2009-08-26 13:03 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Application Data\SUPERAntiSpyware.com
2009-08-26 05:31 . 2009-08-26 06:17 117760 ----a-w- c:\documents and settings\larry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\larry\Application Data\SUPERAntiSpyware.com
2009-08-26 05:14 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-26 05:14 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-26 05:14 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-26 05:14 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-26 05:14 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-26 05:14 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-26 05:14 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-26 05:14 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-26 05:14 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-26 05:13 . 2009-08-26 05:13 -------- d-----w- c:\program files\Alwil Software
2009-08-26 04:36 . 2009-08-26 04:36 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Local Settings\Application Data\Symantec
2009-08-26 04:35 . 2009-08-26 04:35 -------- d-----w- c:\documents and settings\Administrator.SCORPIO\Application Data\Malwarebytes
2009-08-25 23:35 . 2009-08-25 23:35 -------- d-----w- c:\documents and settings\harry\Local Settings\Application Data\LogMeIn
2009-08-25 23:35 . 2009-08-25 23:35 -------- d-----w- c:\documents and settings\harry\Local Settings\Application Data\Symantec
2009-08-25 23:26 . 2009-08-25 23:26 -------- d-----w- c:\documents and settings\harry\Application Data\Malwarebytes
2009-08-25 23:25 . 2009-08-25 23:25 -------- d--h--w- c:\windows\PIF
2009-08-25 22:46 . 2009-08-12 10:23 -------- d-sh--w- c:\documents and settings\Administrator.SCORPIO\IETldCache
2009-08-25 19:38 . 2009-08-25 19:38 46080 ----a-w- C:\Win32kDiag.exe
2009-08-25 04:37 . 2009-08-25 04:37 152576 ----a-w- c:\documents and settings\larry\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-25 04:30 . 2009-08-25 04:30 -------- d-sh--w- c:\documents and settings\larry\IECompatCache
2009-08-25 04:30 . 2009-08-25 04:30 -------- d-sh--w- c:\documents and settings\larry\PrivacIE
2009-08-25 01:23 . 2003-03-31 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-25 01:23 . 2003-03-31 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-08-25 00:14 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-25 00:08 . 2009-08-25 00:08 -------- d-----w- c:\documents and settings\larry\Local Settings\Application Data\Mozilla
2009-08-24 23:48 . 2009-08-24 23:48 -------- d-----w- c:\documents and settings\larry\Application Data\Malwarebytes
2009-08-24 14:08 . 2009-08-24 14:08 -------- d-----w- C:\reg
2009-08-24 14:06 . 2009-08-24 14:05 96082 ----a-w- C:\Registry.zip
2009-08-24 12:42 . 2009-08-24 12:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-24 12:42 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-24 12:40 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 12:40 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 05:13 . 2009-08-24 05:15 -------- d-s---w- C:\scott
2009-08-24 04:22 . 2009-08-24 04:22 -------- d-----w- c:\program files\Trend Micro
2009-08-24 04:01 . 2009-08-24 12:36 -------- d-----w- C:\Spybot - Search & Destroy
2009-08-24 03:43 . 2009-08-24 12:22 178 ----a-w- c:\windows\system\hpsysdrv.DAT
2009-08-24 03:42 . 2009-08-26 05:25 -------- d-----w- c:\windows\security
2009-08-24 00:42 . 2009-08-25 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 00:42 . 2009-08-24 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 23:32 . 2009-08-24 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-23 21:45 . 2009-08-23 21:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-23 20:47 . 2009-08-23 20:47 -------- d-----w- c:\program files\EASEUS
2009-08-23 20:05 . 2004-10-17 03:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll
2009-08-23 20:05 . 2006-04-17 17:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll
2009-08-23 20:05 . 2009-08-23 20:39 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2009-08-12 22:09 . 2009-07-10 13:27 1315328 -c--a-w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 10:23 . 2009-08-12 10:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-12 10:20 . 2008-07-06 12:06 89088 -c--a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-12 10:20 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-08-12 10:20 . 2008-07-06 10:50 597504 -c--a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-12 10:20 . 2009-08-12 10:21 -------- d-----w- C:\8d48e82a740189462d0f31659bde
2009-08-12 10:20 . 2008-07-06 12:06 575488 -c--a-w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-12 10:20 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-08-12 10:20 . 2008-07-06 12:06 1676288 -c--a-w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-12 10:20 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-08-12 10:19 . 2009-08-26 04:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c--a-w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 01:49 . 2009-08-03 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Fellowes
2009-08-03 01:49 . 2009-08-03 01:49 -------- d-----w- c:\program files\Fellowes
2009-07-28 17:38 . 2009-07-28 17:38 -------- d-----w- C:\Dell922

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 06:05 . 2008-09-25 23:28 -------- d-----w- c:\program files\LogMeIn
2009-08-27 00:38 . 2009-01-24 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-26 05:31 . 2006-03-15 05:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-26 05:09 . 2003-04-10 10:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-26 05:09 . 2006-02-20 17:09 -------- d-----w- c:\program files\Symantec
2009-08-26 05:09 . 2006-02-20 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-26 05:09 . 2006-02-20 17:08 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-26 04:56 . 2004-03-18 16:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-08-25 16:29 . 2004-03-18 17:52 -------- d-----w- c:\program files\AWS
2009-08-25 16:28 . 2004-03-31 01:51 -------- d-----w- c:\program files\Data Caching
2009-08-25 04:38 . 2008-12-30 14:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-25 04:38 . 2004-03-18 20:16 -------- d-----w- c:\program files\Java
2009-08-24 12:41 . 2004-05-26 02:45 -------- d-----w- c:\program files\Lavasoft
2009-08-24 12:36 . 2004-03-18 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 12:35 . 2007-10-23 02:28 -------- d-----w- c:\program files\Common Files\Apple
2009-08-24 12:33 . 2007-09-28 13:12 -------- d-----w- c:\program files\FoxyTunes
2009-08-24 12:29 . 2006-03-05 16:51 -------- d-----w- c:\program files\SimpleCenter
2009-08-24 12:29 . 2006-03-05 16:51 -------- d--h--w- c:\program files\Zero G Registry
2009-08-24 03:51 . 2004-06-17 23:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 20:47 . 2003-04-10 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 23:01 . 2009-01-18 01:09 -------- d-----w- c:\program files\Dl_cats
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 01:50 . 2004-03-18 20:21 -------- d-----w- c:\program files\Winamp
2009-07-22 14:21 . 2009-07-22 14:21 -------- d-----w- c:\documents and settings\Melissa\Application Data\Canneverbe_Limited
2009-07-17 19:01 . 2004-03-18 17:10 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 16:08 . 2003-04-10 10:18 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-24 02:32 915456 ------w- c:\windows\system32\wininet.dll
2009-07-01 14:30 . 2009-07-01 14:30 -------- d-----w- c:\documents and settings\Melissa\Application Data\Macrovision
2009-06-30 17:40 . 2009-06-30 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-06-29 03:43 . 2003-04-10 10:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-03-18 17:11 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-03-18 17:12 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-03-18 17:12 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-03-18 17:10 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 16:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 00:52 . 2009-06-01 00:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2005-10-18 23:08 . 2005-09-15 17:20 0 ---ha-w- c:\program files\Common Files\MSN
2005-09-10 02:55 . 2007-01-21 00:19 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-10 02:55 . 2007-01-21 00:19 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-10 02:55 . 2007-01-21 00:19 37766164 ----a-w- c:\program files\Data1.cab
1994-09-23 22:50 . 2002-11-24 19:12 350 ----a-w- c:\program files\MIDIBASE.MID
1994-09-23 22:49 . 2002-11-24 19:12 568 ----a-w- c:\program files\MIDIEX.MID
2008-09-25 22:57 . 2008-09-25 22:57 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-09-25 22:57 . 2008-09-25 22:57 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-26_14.55.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-27 13:18 . 2009-08-27 13:18 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
+ 2009-08-27 13:17 . 2009-08-27 13:17 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\Alcxmntr.exe [2004-09-07 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 02:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/25/2009 11:14 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 astnscsi;astnscsi;c:\program files\Voyetra\AudioStation 6\astnscsi.exe [12/23/2003 12:36 PM 208464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/25/2009 11:14 PM 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [9/25/2008 5:28 PM 47640]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 12192]
S2 gupdate1c9cacc1cf6e244;Google Update Service (gupdate1c9cacc1cf6e244);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 8:17 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 8:49 AM 1029456]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 3:10 PM 32512]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [3/21/2004 8:32 PM 14924]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [3/30/2004 7:35 PM 18304]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\system32\drivers\SDSTOR2K.SYS [3/30/2004 7:51 PM 37781]
S3 vdev;VPN-1 SecureClient Virtual Ethernet Adapter;c:\windows\system32\drivers\vdev.sys [3/21/2004 8:20 PM 16396]
S3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys --> c:\windows\system32\DRIVERS\VisorUsb.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/4/2005 7:11 AM 848896]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 22:06]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://srch-qus8.hpwis.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://kingsoopers.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 07:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18D6E519-4C27-E4AD-074C5D1F171B40FB}\{8D7A772B-93EE-6905-4C751BA1B544AFC9}\{7029C73E-0020-BA9C-F3FADF03D99AF0E6}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D891502B-DC36-B293-121D9D2985957827}\{239EA7E9-C7D1-EF13-CC952A60F4AD7A0B}\{9E7939D5-CFE3-7B10-257B198232E2E5B7}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2F43379-985D-E7AE-2F5BD6B18999A07F}\{64C9A7C2-676E-3AEC-13AF6B278F65FD89}\{7B815B3C-162E-096A-EBEBEFD33B1AE416}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(784)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
.
**************************************************************************
.
Completion time: 2009-08-27 7:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 13:30
ComboFix2.txt 2009-08-26 15:06

Pre-Run: 38,190,620,672 bytes free
Post-Run: 38,126,923,776 bytes free

274 --- E O F --- 2009-08-26 14:54

#20
kahdah

Posted 27 August 2009 - 11:58 AM

GeekU Teacher

Retired Staff
15,822 posts

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

Click on the update tab then click on Check for updates.
If an update is found, it will download and install the latest version.
Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

#21
sspeed

Posted 27 August 2009 - 09:34 PM

Member

Topic Starter
Member
18 posts

Here's the Malware log...

Malwarebytes' Anti-Malware 1.40
Database version: 2708
Windows 5.1.2600 Service Pack 3

8/27/2009 8:54:50 PM
mbam-log-2009-08-27 (20-54-50).txt

Scan type: Quick Scan
Objects scanned: 127164
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Win32kDiag.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#22
sspeed

Posted 28 August 2009 - 06:32 AM

Member

Topic Starter
Member
18 posts

Friday, August 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 28, 2009 05:43:18
Records in database: 2694561

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\
X:\
Z:\

Scan statistics
Objects scanned 131935
Threats found 1
Infected objects found 2
Suspicious objects found 0
Scan duration 06:46:11

File name Threat Threats count
C:\Documents and Settings\scott\Desktop\work hard drive\copy\scripts\scripts.zip Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

C:\Documents and Settings\scott\Desktop\work hard drive\copy\scripts\Siebel\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1

Selected area has been scanned.

#23
kahdah

Posted 28 August 2009 - 07:00 AM

GeekU Teacher

Retired Staff
15,822 posts

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

#24
sspeed

Posted 28 August 2009 - 10:59 AM

Member

Topic Starter
Member
18 posts

OTL logfile created on: 8/28/2009 10:54:18 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\All Users\Desktop\larry
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.36 Mb Total Physical Memory | 552.69 Mb Available Physical Memory | 57.61% Memory free
1.51 Gb Paging File | 1.19 Gb Available in Paging File | 78.40% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.44 Gb Total Space | 35.40 Gb Free Space | 32.95% Space Free | Partition Type: NTFS
Drive D: | 4.33 Gb Total Space | 0.77 Gb Free Space | 17.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCORPIO
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe (Voyetra Turtle Beach, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
PRC - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\All Users\Desktop\larry\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AAWService [On_Demand | Stopped]) -- c:\program files\lavasoft\ad-aware\aawservice.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (astnscsi [Auto | Running]) -- C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe (Voyetra Turtle Beach, Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License [Disabled | Stopped]) -- C:\WINDOWS\System32\crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Diskeeper [Auto | Running]) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (dlbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (gupdate1c9cacc1cf6e244 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
SRV - (LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (RioMSC [On_Demand | Stopped]) -- C:\WINDOWS\System32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (TivoBeacon2 [Disabled | Stopped]) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (x10nets [On_Demand | Stopped]) -- C:\Program Files\Voyetra\AudioStation 6\x10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (avcgbdr [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\avcgbdr.sys (Adaptec, Inc.)
DRV - (avcgbfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\avcgbfl.sys (Adaptec, Inc)
DRV - (dvd43llh [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (E1000 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (EGATHDRV [Auto | Running]) -- C:\WINDOWS\System32\EGATHDRV.SYS (IBM Corporation)
DRV - (fasttx2k [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaInfo.sys (LogMeIn, Inc.)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (netrcacm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\netrcacm.sys (Thomson Inc.)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (OMVA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\OMVA.sys (Check Point Software Technologies)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PolarUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PolarUSB.sys (Polar Electro)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (radpms [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\radpms.sys (LogMeIn, Inc.)
DRV - (RIOXDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RIOXDRV.sys (SONICblue Inc.)
DRV - (ROOTUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ROOTUSB.sys ()
DRV - (S3Psddr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SDSTOR2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SDSTOR2K.SYS (SanDisk Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ser2pl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (vdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vdev.sys (Check Point Software Technologies Ltd.)
DRV - (VisorUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\visorusb.dll ()
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 3A E0 3A 92 27 CA 01 [binary data]
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 22:38:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/24 18:08:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 17:59:35 | 00,000,000 | ---D | M]

[2009/08/24 22:38:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 17:59:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 22:38:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/16 17:59:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 17:59:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/09/09 00:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/24 22:38:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 17:59:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2005/07/06 23:36:30 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/12/06 09:49:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/12/06 09:49:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/12/06 09:49:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/25 16:57:43 | 02,641,920 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2005/07/06 23:36:22 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/25 16:57:43 | 00,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2008/09/25 16:57:43 | 00,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2009/06/26 08:02:31 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/26 08:02:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/26 08:02:31 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/26 08:02:31 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/26 08:02:31 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/26 08:02:31 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/26 08:02:31 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Legal Notice
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = This is not a public system. Anyone attempting to logon should expect no expectation of privacy. By clicking OK below and attempting to login, you authorize this IP address to access the IP address where you originate from. Thanks!
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...38064.377349537 (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://kingsoopers.p...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 10.1.1.3 68.87.85.98 68.87.69.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aero.tsi.awd
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 03:49:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/27 21:48:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Sun
[2009/08/27 21:47:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Macromedia
[2009/08/27 07:22:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/08/27 07:17:58 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/26 20:03:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Local Settings\Application Data\LogMeIn
[2009/08/26 09:05:13 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/26 09:05:13 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/26 09:05:13 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/26 09:05:13 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/26 09:05:13 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/26 09:05:13 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/26 09:05:13 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/26 09:05:13 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/26 09:05:13 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/26 09:05:13 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/26 09:05:13 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/26 09:05:13 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/26 09:05:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/26 09:05:13 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/26 09:05:13 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/26 09:05:13 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/26 09:05:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/26 09:05:12 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/26 09:05:12 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/26 09:05:12 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/26 09:05:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/26 09:05:12 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/26 09:05:12 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/26 09:05:12 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/26 09:05:12 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/26 09:05:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/26 09:05:12 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/26 09:05:12 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/26 09:05:12 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/26 09:05:12 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/26 09:05:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/26 09:05:12 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/26 09:05:12 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/26 09:05:12 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/26 09:05:12 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/26 09:05:12 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/26 09:05:12 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/26 09:05:12 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/26 09:05:12 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/26 09:05:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/26 09:05:12 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/26 09:05:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/26 09:05:12 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/26 09:05:12 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/26 09:05:12 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/26 09:05:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/26 09:05:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/26 09:05:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\MsPMSNSv.dll
[2009/08/26 09:05:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/26 09:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/26 09:05:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/26 09:05:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/26 09:05:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/26 09:05:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/26 09:05:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/26 09:05:12 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/26 09:05:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/26 09:05:12 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/26 09:05:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/26 09:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/26 08:39:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/26 08:39:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/26 08:39:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/26 08:39:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/26 08:39:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/26 08:39:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/26 08:39:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/26 08:39:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 08:32:05 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Administrator.SCORPIO\Desktop\avenger.exe
[2009/08/26 08:31:11 | 03,184,867 | R--- | C] () -- C:\Documents and Settings\Administrator.SCORPIO\Desktop\kahdah.exe
[2009/08/26 07:03:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\SUPERAntiSpyware.com
[2009/08/26 06:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\larry
[2009/08/25 23:31:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/25 23:31:20 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/25 23:31:13 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/25 23:14:36 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/25 23:14:36 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/25 23:14:35 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/25 23:14:34 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/25 23:14:32 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/25 23:14:31 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/25 23:14:30 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/25 23:14:30 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/25 23:14:30 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/25 23:14:01 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/25 23:14:01 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/25 23:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/25 22:36:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Local Settings\Application Data\Symantec
[2009/08/25 22:35:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Malwarebytes
[2009/08/25 22:30:31 | 00,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2009/08/25 17:25:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/25 16:46:44 | 01,695,320 | -H-- | C] () -- C:\Documents and Settings\Administrator.SCORPIO\Local Settings\Application Data\IconCache.db
[2009/08/25 16:46:44 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Microsoft
[2009/08/25 16:46:44 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.SCORPIO\My Documents\My Pictures
[2009/08/25 16:46:44 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.SCORPIO\My Documents\My Music
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\My Documents\My eBooks
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Local Settings\Application Data\Microsoft
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Local Settings\Application Data\Adobe
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Symantec
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Sonic
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\SampleView
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Real
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\InterTrust
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\interMute
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Identities
[2009/08/25 16:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.SCORPIO\Application Data\Adobe
[2009/08/25 06:29:49 | 00,003,216 | ---- | C] () -- C:\kaspersky.html
[2009/08/24 22:38:39 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 22:38:39 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 22:38:39 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 22:38:39 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 19:23:42 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/24 19:23:42 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/24 18:14:06 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/24 08:08:29 | 00,000,000 | ---D | C] -- C:\reg
[2009/08/24 08:06:43 | 00,096,082 | ---- | C] () -- C:\Registry.zip
[2009/08/24 06:42:16 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/24 06:42:15 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/24 06:40:55 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 06:40:53 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/24 06:40:51 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:13:50 | 00,000,000 | --SD | C] -- C:\scott
[2009/08/23 22:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/23 22:01:37 | 00,000,000 | ---D | C] -- C:\Spybot - Search & Destroy
[2009/08/23 21:54:20 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/23 21:44:44 | 00,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 21:43:06 | 00,000,178 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/08/23 21:42:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/08/23 21:03:28 | 00,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2009/08/23 20:58:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/23 18:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 18:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/23 17:32:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/23 15:45:15 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\ESQULzxspectrum
[2009/08/23 14:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2009/08/23 14:05:13 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2009/08/23 14:05:12 | 01,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\PhoenixDll.dll
[2009/08/23 14:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2009/08/17 20:36:29 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amelia sleep.m3u
[2009/08/12 22:03:25 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/12 16:09:22 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 16:09:17 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/12 04:20:32 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/12 04:20:32 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/12 04:20:32 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/12 04:20:31 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/12 04:20:31 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/12 04:20:31 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/12 04:20:31 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/12 04:20:31 | 00,000,000 | ---D | C] -- C:\8d48e82a740189462d0f31659bde
[2009/08/12 04:19:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/05 03:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/02 19:50:38 | 00,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaFACE 4.2 Advanced Mode.lnk
[2009/08/02 19:50:38 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaFACE 4.2 Design Wizard.lnk
[2009/08/02 19:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2009/08/02 19:49:22 | 00,000,000 | ---D | C] -- C:\Program Files\Fellowes
[2008/12/05 20:18:37 | 00,000,800 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/05 18:47:48 | 00,048,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ROOTUSB.sys
[2008/08/20 19:45:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2008/08/20 19:45:54 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2008/08/20 19:45:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2008/08/20 19:45:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2008/08/20 19:45:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2008/08/20 19:45:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2008/08/20 19:45:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2008/08/20 19:45:52 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2008/08/20 19:45:52 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2008/08/20 19:45:51 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2008/08/20 19:45:49 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2008/02/28 15:30:08 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/12/31 16:01:30 | 00,007,573 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/11 22:22:28 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/03/15 18:13:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/08 15:50:23 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/08 15:50:23 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/08 15:50:22 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/08 15:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/08 15:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/08 15:50:22 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/08 06:51:50 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/03/09 16:46:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2006/03/09 16:41:52 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2006/01/07 13:30:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/30 20:44:43 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/30 20:44:43 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/10/30 13:41:07 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/02 15:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/14 19:01:03 | 00,000,438 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2005/01/17 16:12:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/01/13 11:19:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/24 13:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/12 00:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/07 17:41:44 | 00,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2004/05/24 18:04:56 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/05/24 18:03:20 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/05/24 18:01:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/05/24 18:00:48 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/03/30 19:51:04 | 00,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2004/03/30 19:51:04 | 00,001,233 | ---- | C] () -- C:\WINDOWS\Sdcache.ini
[2004/03/30 19:50:59 | 00,002,974 | ---- | C] () -- C:\WINDOWS\System32\SDUSBPDR.INI
[2004/03/21 21:54:22 | 00,495,104 | ---- | C] () -- C:\WINDOWS\System32\mp3tsshx.dll
[2004/03/21 20:32:05 | 00,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2004/03/18 22:14:25 | 00,000,177 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2004/03/18 21:58:46 | 00,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2004/03/18 21:58:44 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2004/03/18 15:15:32 | 00,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2004/03/18 14:59:58 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 16:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/08/18 18:56:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/08/18 18:56:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/04/10 05:10:20 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 05:08:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 05:08:01 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 05:07:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 04:59:52 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 04:53:45 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 04:16:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 04:06:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 04:06:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 04:05:46 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 03:53:32 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 03:37:43 | 00,000,449 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 03:37:23 | 00,000,823 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/04/10 03:37:19 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/10 01:08:18 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:08:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/01/30 08:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2002/05/24 09:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 09:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/23 06:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\utildll.dll
[1999/06/01 12:34:08 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\PcdrSystemInformation.dll
[1999/06/01 12:33:34 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[2009/08/28 10:26:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/28 06:29:39 | 00,003,216 | ---- | M] () -- C:\kaspersky.html
[2009/08/27 20:57:08 | 00,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 20:56:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 07:20:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/27 07:19:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/26 08:30:38 | 03,184,867 | R--- | M] () -- C:\Documents and Settings\Administrator.SCORPIO\Desktop\kahdah.exe
[2009/08/25 23:31:20 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/25 23:14:36 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/25 23:14:30 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/25 17:49:42 | 00,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/25 17:41:07 | 00,408,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/25 17:41:07 | 00,064,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/24 22:38:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/24 22:38:16 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 22:38:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 22:38:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 22:38:16 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 19:36:13 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 16:45:23 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\ESQULzxspectrum
[2009/08/24 08:05:46 | 00,096,082 | ---- | M] () -- C:\Registry.zip
[2009/08/24 06:42:15 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/24 06:22:23 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/08/24 06:22:16 | 00,000,178 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/08/23 17:03:50 | 00,000,606 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/08/23 13:25:22 | 00,000,177 | ---- | M] () -- C:\WINDOWS\Winamp.ini
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/19 17:01:15 | 00,000,800 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/08/19 04:05:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 20:36:29 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amelia sleep.m3u
[2009/08/17 10:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 10:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 10:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 10:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 10:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 10:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 10:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 10:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 10:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/12 04:38:45 | 00,505,638 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/06 09:47:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 19:50:38 | 00,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaFACE 4.2 Advanced Mode.lnk
[2009/08/02 19:50:38 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaFACE 4.2 Design Wizard.lnk
[2009/08/02 19:44:20 | 00,000,438 | ---- | M] () -- C:\WINDOWS\CDFACE32.INI
[2009/07/29 18:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 18:04:37 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1004 bytes -> C:\Program Files\Common Files\MSN:rqBoZuYEYBPSzrNzf09
< End of report >

#25
kahdah

Posted 28 August 2009 - 12:16 PM

GeekU Teacher

Retired Staff
15,822 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/08/24 16:45:23 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\ESQULzxspectrum

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Also let me know how things are running after that.

#26
sspeed

Posted 28 August 2009 - 12:36 PM

Member

Topic Starter
Member
18 posts

========== OTL ==========
C:\WINDOWS\System32\ESQULzxspectrum moved successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.0.10.7 log created on 08282009_123609

#27
sspeed

Posted 28 August 2009 - 01:11 PM

Member

Topic Starter
Member
18 posts

All processes killed
========== OTL ==========
File C:\WINDOWS\System32\ESQULzxspectrum not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator

User: Administrator.SCORPIO
->Temp folder emptied: 77744066 bytes
File delete failed. C:\Documents and Settings\Administrator.SCORPIO\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 340614 bytes
->Java cache emptied: 127985 bytes

User: All Users

User: atron
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: harry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: larry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5537862 bytes
->Java cache emptied: 13553522 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Melissa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: scott
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_534.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 33251 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 92.92 mb

OTL by OldTimer - Version 3.0.10.7 log created on 08282009_123657

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_534.dat moved successfully.

Registry entries deleted on Reboot...

#28
kahdah

Posted 29 August 2009 - 05:32 AM

GeekU Teacher

Retired Staff
15,822 posts

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Also let me know how things are running after that.

#29
sspeed

Posted 30 August 2009 - 10:41 AM

Member

Topic Starter
Member
18 posts

OTL logfile created on: 8/30/2009 10:46:11 AM - Run 4
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\scott.AERO\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.36 Mb Total Physical Memory | 649.68 Mb Available Physical Memory | 67.72% Memory free
1.51 Gb Paging File | 1.08 Gb Available in Paging File | 71.34% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.44 Gb Total Space | 35.59 Gb Free Space | 33.12% Space Free | Partition Type: NTFS
Drive D: | 4.33 Gb Total Space | 0.77 Gb Free Space | 17.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 111.78 Gb Total Space | 24.42 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Drive X: | 2.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Y: | 698.64 Gb Total Space | 421.75 Gb Free Space | 60.37% Space Free | Partition Type: NTFS

Computer Name: SCORPIO
Current User Name: scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe (Voyetra Turtle Beach, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe ()
PRC - C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\scott.AERO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AAWService [On_Demand | Stopped]) -- c:\program files\lavasoft\ad-aware\aawservice.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (astnscsi [Auto | Running]) -- C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe (Voyetra Turtle Beach, Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Crypkey License [Disabled | Stopped]) -- C:\WINDOWS\System32\crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Diskeeper [Auto | Running]) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (dlbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (gupdate1c9cacc1cf6e244 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
SRV - (LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (RioMSC [On_Demand | Stopped]) -- C:\WINDOWS\System32\RioMSC.exe (Digital Networks North America, Inc.)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (TivoBeacon2 [Disabled | Stopped]) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (UPHClean [Auto | Running]) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (x10nets [On_Demand | Stopped]) -- C:\Program Files\Voyetra\AudioStation 6\x10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (avcgbdr [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\avcgbdr.sys (Adaptec, Inc.)
DRV - (avcgbfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\avcgbfl.sys (Adaptec, Inc)
DRV - (dvd43llh [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (E1000 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (EGATHDRV [Auto | Running]) -- C:\WINDOWS\System32\EGATHDRV.SYS (IBM Corporation)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaInfo.sys (LogMeIn, Inc.)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (netrcacm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\netrcacm.sys (Thomson Inc.)
DRV - (NetworkX [System | Running]) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (OMVA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\OMVA.sys (Check Point Software Technologies)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PolarUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PolarUSB.sys (Polar Electro)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (radpms [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\radpms.sys (LogMeIn, Inc.)
DRV - (RIOXDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RIOXDRV.sys (SONICblue Inc.)
DRV - (ROOTUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ROOTUSB.sys ()
DRV - (S3Psddr [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SDSTOR2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SDSTOR2K.SYS (SanDisk Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ser2pl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (vdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vdev.sys (Check Point Software Technologies Ltd.)
DRV - (VisorUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\visorusb.dll ()
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sites.google....chine.com/home/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sites.google....chine.com/home/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.blogger.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 22:38:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/24 18:08:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 17:59:35 | 00,000,000 | ---D | M]

[2009/08/29 16:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scott.AERO\Application Data\mozilla\Extensions
[2009/08/29 16:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scott.AERO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 16:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scott.AERO\Application Data\mozilla\Firefox\Profiles\tqj5us7n.default\extensions
[2009/08/24 22:38:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 17:59:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 22:38:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/16 17:59:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 17:59:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/09/09 00:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/24 22:38:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/16 17:59:30 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2005/07/06 23:36:30 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/12/06 09:49:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/12/06 09:49:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/12/06 09:49:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/25 16:57:43 | 02,641,920 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2005/07/06 23:36:22 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/25 16:57:43 | 00,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2008/09/25 16:57:43 | 00,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2009/06/26 08:02:31 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/26 08:02:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/26 08:02:31 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/26 08:02:31 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/26 08:02:31 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/26 08:02:31 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/26 08:02:31 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\scott.AERO\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Legal Notice
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = This is not a public system. Anyone attempting to logon should expect no expectation of privacy. By clicking OK below and attempting to login, you authorize this IP address to access the IP address where you originate from. Thanks!
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...38064.377349537 (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://kingsoopers.p...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 10.1.1.3 68.87.85.98 68.87.69.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aero.tsi.awd
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 03:49:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/30 10:38:18 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scott.AERO\Desktop\OTL.exe
[2009/08/29 16:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Mozilla
[2009/08/29 16:44:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Mozilla
[2009/08/29 14:35:18 | 00,096,976 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/29 14:34:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Apple Computer
[2009/08/29 11:33:20 | 00,002,333 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\Google Chrome.lnk
[2009/08/29 11:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Temp
[2009/08/29 11:31:23 | 00,000,988 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-261478967-682003330-1111UA.job
[2009/08/29 11:31:23 | 00,000,936 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-261478967-682003330-1111Core.job
[2009/08/29 11:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Google
[2009/08/29 11:29:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Macromedia
[2009/08/29 11:17:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\SUPERAntiSpyware.com
[2009/08/28 18:06:09 | 01,695,320 | -H-- | C] () -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\IconCache.db
[2009/08/28 18:06:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\scott.AERO\Application Data\Microsoft
[2009/08/28 18:06:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\scott.AERO\My Documents\My Pictures
[2009/08/28 18:06:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\scott.AERO\My Documents\My Music
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\My Documents\My eBooks
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Microsoft
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\Adobe
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Symantec
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Sonic
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\SampleView
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Real
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\InterTrust
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\interMute
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Identities
[2009/08/28 18:06:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Application Data\Adobe
[2009/08/28 17:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2009/08/28 12:37:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/28 12:36:09 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/27 07:22:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/08/27 07:17:58 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/26 09:05:13 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/26 09:05:13 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/26 09:05:13 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/26 09:05:13 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/26 09:05:13 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/26 09:05:13 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/26 09:05:13 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/26 09:05:13 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/26 09:05:13 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/26 09:05:13 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/26 09:05:13 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/26 09:05:13 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/26 09:05:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/26 09:05:13 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/26 09:05:13 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/26 09:05:13 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/26 09:05:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/26 09:05:12 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/26 09:05:12 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/26 09:05:12 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/26 09:05:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/26 09:05:12 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/26 09:05:12 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/26 09:05:12 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/26 09:05:12 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/26 09:05:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/26 09:05:12 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/26 09:05:12 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/26 09:05:12 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/26 09:05:12 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/26 09:05:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/26 09:05:12 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/26 09:05:12 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/26 09:05:12 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/26 09:05:12 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/26 09:05:12 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/26 09:05:12 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/26 09:05:12 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/26 09:05:12 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/26 09:05:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/26 09:05:12 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/26 09:05:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/26 09:05:12 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/26 09:05:12 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/26 09:05:12 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/26 09:05:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/26 09:05:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/26 09:05:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\MsPMSNSv.dll
[2009/08/26 09:05:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/26 09:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/26 09:05:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/26 09:05:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/26 09:05:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/26 09:05:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/26 09:05:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/26 09:05:12 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/26 09:05:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/26 09:05:12 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/26 09:05:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/26 09:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/26 08:39:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/26 08:39:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/26 08:39:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/26 08:39:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/26 08:39:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/26 08:39:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/26 08:39:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/26 08:39:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 06:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\larry
[2009/08/25 23:31:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/25 23:31:20 | 00,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/25 23:31:13 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/25 23:14:36 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/25 23:14:36 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/25 23:14:35 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/25 23:14:34 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/25 23:14:32 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/25 23:14:31 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/25 23:14:30 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/25 23:14:30 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/25 23:14:30 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/25 23:14:01 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/25 23:14:01 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/25 23:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/25 22:30:31 | 00,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2009/08/25 17:25:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/25 06:29:49 | 00,003,216 | ---- | C] () -- C:\kaspersky.html
[2009/08/24 22:38:39 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 22:38:39 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 22:38:39 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 22:38:39 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 19:23:42 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/24 19:23:42 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/24 18:14:06 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/24 08:11:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Desktop\reg
[2009/08/24 08:08:29 | 00,000,000 | ---D | C] -- C:\reg
[2009/08/24 08:06:43 | 00,096,082 | ---- | C] () -- C:\Registry.zip
[2009/08/24 07:51:10 | 00,003,147 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\scorpio.bat
[2009/08/24 07:51:10 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\clean.bat
[2009/08/24 06:42:16 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/24 06:42:15 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/24 06:40:55 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 06:40:53 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/24 06:40:51 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 23:13:50 | 00,000,000 | --SD | C] -- C:\scott
[2009/08/23 22:22:26 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\HijackThis.lnk
[2009/08/23 22:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/23 21:54:20 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/23 21:44:44 | 00,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 21:43:06 | 00,000,178 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/08/23 21:42:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/08/23 21:09:27 | 00,748,344 | ---- | C] (Sysinternals) -- C:\Documents and Settings\scott.AERO\Desktop\Filemon.exe
[2009/08/23 21:09:21 | 00,707,384 | ---- | C] (Sysinternals) -- C:\Documents and Settings\scott.AERO\Desktop\Regmon.exe
[2009/08/23 21:09:04 | 00,271,346 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\Regmon.zip
[2009/08/23 21:08:32 | 00,285,554 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\FileMon.zip
[2009/08/23 21:05:58 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\scott.AERO\Desktop\mbam-setup (1).exe
[2009/08/23 21:03:28 | 00,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2009/08/23 20:58:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/23 20:47:18 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\scott.AERO\Desktop\procexp.exe
[2009/08/23 20:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scott.AERO\Desktop\temp
[2009/08/23 19:54:40 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\scott.AERO\Desktop\spybotsd162.exe
[2009/08/23 18:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 18:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/23 17:32:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/23 16:58:48 | 00,002,182 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\deletes.bat
[2009/08/23 14:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2009/08/23 14:05:13 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2009/08/23 14:05:12 | 01,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\PhoenixDll.dll
[2009/08/23 14:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2009/08/23 13:18:53 | 06,062,072 | ---- | C] (Stellar Information Systems Ltd ) -- C:\Documents and Settings\scott.AERO\Desktop\StellarPhoenixWindowsDataRecovery-Setup.exe
[2009/08/23 11:59:14 | 10,800,3328 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\clonezilla-live-1.2.2-26.iso
[2009/08/20 06:48:05 | 00,012,640 | ---- | C] () -- C:\Documents and Settings\scott.AERO\Desktop\WLMContacts.csv
[2009/08/17 20:36:29 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amelia sleep.m3u
[2008/12/05 20:18:37 | 00,000,800 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/05 18:47:48 | 00,048,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ROOTUSB.sys
[2008/08/20 19:45:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2008/08/20 19:45:54 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2008/08/20 19:45:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2008/08/20 19:45:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2008/08/20 19:45:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2008/08/20 19:45:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2008/08/20 19:45:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2008/08/20 19:45:52 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2008/08/20 19:45:52 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2008/08/20 19:45:51 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2008/08/20 19:45:49 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2008/02/28 15:30:08 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/12/31 16:01:30 | 00,007,573 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/11 22:22:28 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/03/15 18:13:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/08 15:50:23 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/08 15:50:23 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/08 15:50:22 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/08 15:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/08 15:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/08 15:50:22 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/08 06:51:50 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2006/03/09 16:46:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2006/03/09 16:41:52 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2006/01/07 13:30:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/30 20:44:43 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/30 20:44:43 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/10/30 13:41:07 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/02 15:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/14 19:01:03 | 00,000,438 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2005/01/17 16:12:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/01/13 11:19:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/24 13:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/12 00:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/07 17:41:44 | 00,000,281 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2004/05/24 18:04:56 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/05/24 18:03:20 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/05/24 18:01:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/05/24 18:00:48 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/03/30 19:51:04 | 00,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2004/03/30 19:51:04 | 00,001,233 | ---- | C] () -- C:\WINDOWS\Sdcache.ini
[2004/03/30 19:50:59 | 00,002,974 | ---- | C] () -- C:\WINDOWS\System32\SDUSBPDR.INI
[2004/03/21 21:54:22 | 00,495,104 | ---- | C] () -- C:\WINDOWS\System32\mp3tsshx.dll
[2004/03/21 20:32:05 | 00,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2004/03/18 22:14:25 | 00,000,177 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2004/03/18 21:58:46 | 00,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2004/03/18 21:58:44 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2004/03/18 15:15:32 | 00,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2004/03/18 14:59:58 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/23 16:43:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/08/18 18:56:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/08/18 18:56:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/04/10 05:10:20 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 05:08:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 05:08:01 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 05:07:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 04:59:52 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 04:53:45 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 04:16:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 04:06:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 04:06:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 04:05:46 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 03:53:32 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 03:37:43 | 00,000,449 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 03:37:23 | 00,000,823 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/04/10 03:37:19 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/10 01:08:18 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:08:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/01/30 08:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2002/05/24 09:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 09:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/23 06:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\utildll.dll
[1999/06/01 12:34:08 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\PcdrSystemInformation.dll
[1999/06/01 12:33:34 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 14 Days ==========

[2009/08/30 10:36:01 | 00,000,988 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-261478967-682003330-1111UA.job
[2009/08/30 01:39:00 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/30 01:31:59 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/29 21:41:32 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/29 14:35:18 | 00,096,976 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/29 11:36:00 | 00,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-261478967-682003330-1111Core.job
[2009/08/29 11:33:20 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\Google Chrome.lnk
[2009/08/28 18:06:12 | 00,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/28 18:00:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/28 06:29:39 | 00,003,216 | ---- | M] () -- C:\kaspersky.html
[2009/08/27 23:39:47 | 00,475,136 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\new.pst
[2009/08/27 07:20:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/27 07:19:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/25 23:31:20 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/25 23:14:36 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/25 23:14:30 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/25 17:49:42 | 00,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/25 17:41:07 | 00,408,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/25 17:41:07 | 00,064,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/24 22:38:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/24 22:38:16 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 22:38:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 22:38:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 22:38:16 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 19:36:13 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 18:09:21 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott.AERO\Desktop\OTL.exe
[2009/08/24 08:05:46 | 00,096,082 | ---- | M] () -- C:\Registry.zip
[2009/08/24 07:59:46 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\clean.bat
[2009/08/24 06:42:15 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/24 06:22:23 | 00,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2009/08/24 06:22:16 | 00,000,178 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/08/23 22:22:26 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\HijackThis.lnk
[2009/08/23 21:09:04 | 00,271,346 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\Regmon.zip
[2009/08/23 21:08:32 | 00,285,554 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\FileMon.zip
[2009/08/23 21:05:59 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\scott.AERO\Desktop\mbam-setup (1).exe
[2009/08/23 19:54:44 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\scott.AERO\Desktop\spybotsd162.exe
[2009/08/23 19:15:02 | 00,002,182 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\deletes.bat
[2009/08/23 17:20:43 | 00,003,147 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\scorpio.bat
[2009/08/23 17:03:50 | 00,000,606 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2009/08/23 13:25:22 | 00,000,177 | ---- | M] () -- C:\WINDOWS\Winamp.ini
[2009/08/23 13:18:55 | 06,062,072 | ---- | M] (Stellar Information Systems Ltd ) -- C:\Documents and Settings\scott.AERO\Desktop\StellarPhoenixWindowsDataRecovery-Setup.exe
[2009/08/23 12:01:15 | 10,800,3328 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\clonezilla-live-1.2.2-26.iso
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/21 22:00:54 | 00,001,910 | -H-- | M] () -- C:\Documents and Settings\scott.AERO\My Documents\Default.rdp
[2009/08/20 06:48:07 | 00,012,640 | ---- | M] () -- C:\Documents and Settings\scott.AERO\Desktop\WLMContacts.csv
[2009/08/19 17:01:15 | 00,000,800 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/08/19 04:05:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 20:36:29 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amelia sleep.m3u
[2009/08/17 10:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 10:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 10:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 10:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 10:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 10:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 10:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 10:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 10:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
< End of report >

Edited by sspeed, 30 August 2009 - 10:47 AM.