Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unknown/ Vista Unable to Update/ Slow Preformance [Solved]

Started by Niki McKnight , Feb 16 2010 02:27 PM

This topic is locked

#1
Niki McKnight

Posted 16 February 2010 - 02:27 PM

Member

Member
63 posts

@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@

Hi!

I posted under the Vista forum, though another member suggested I come here and post. I read and followed the instruction provided within the cleaning guide...

My pc specs are:

HP a6313w / 2GB memory / 32 bit
Windows Vista Home Premium, (bah!)
NVIDIA GeForce 6150SE nForce 430
AMD Athlon 64 X2 Dual Core Processor 5000+ 2.60 GHz
Main HD is 288GB, with 168GB free

Yet my system gobbles up resources and freezes, even when only running a few small aps... I thought perhaps it was a driver or compatibility issues, that I thought I could fix by installing SP1 & SP2, though I cannot. I believe I FINALLY removed all the carnage from "Malware Defense", though my system hasn't been the same...

I can't update SP1, (or any other updates)... I have downloaded and tried to apply the "Update Readiness" tool... Though, this requires that "windows update service" be enabled. BUT, when I enable the update service:
I get a command prompt box and an error box that pops up every 10 seconds or so. The error says:
"C:\Windows\system32\wuauclt.exe The NTVDM CPU has encountered an illegal instruction." Once I close it, it pops up again shortly there after. And the "Update Readiness" tool reports:
"Some updates were not installed
Hotfix for Windows KB947821"
I've searched and searched, but I cannot find a solution... I would be so grateful for any help, regarding this issue....

Thank-you heaps in advance...=~)

Cheers ~Niki

(Wow, this is a lot of information... OTL text file, Extra text file, Gmer files and then the Malwarebytes log....)

@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@

OTL TXT FILE

OTL logfile created on: 2/16/2010 1:08:51 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Nichole\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 169.04 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 146.47 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 979.63 Mb Free Space | 99.86% Space Free | Partition Type: FAT

Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/16 10:32:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\OTL.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/11/04 17:00:14 | 002,334,856 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/28 07:49:34 | 004,378,624 | ---- | M] (Gabest) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
PRC - [2008/05/16 09:53:36 | 000,495,616 | ---- | M] () -- C:\Program Files\Hypersight\hypersight.exe
PRC - [2008/01/20 03:04:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/02 08:20:20 | 001,183,744 | ---- | M] (JC&MB) -- C:\Program Files\Quicknote\quicknote.exe
PRC - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2006/11/10 07:12:08 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\shellmon.exe
PRC - [2006/11/10 07:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1200618788\ee\aolsoftware.exe
PRC - [2003/05/15 19:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

========== Modules (SafeList) ==========

MOD - [2010/02/16 10:32:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ZUOKFHK)
SRV - File not found [Disabled | Stopped] -- -- (WYQRBOLFZL)
SRV - File not found [On_Demand | Stopped] -- -- (DCIGACCIFT)
SRV - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/08/24 17:19:18 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/19 20:27:49 | 000,000,024 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\iptools.INI -- (IPTools)
SRV - [2007/11/23 11:16:22 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/23 10:04:39 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/10/18 10:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 03:42:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 05:37:56 | 000,000,000 | ---D | M]

[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/15 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/17 19:42:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2370)
[2009/07/22 02:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/19 14:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/02/05 07:18:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/15 22:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/24 08:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/10/15 04:53:11 | 001,140,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB} - C:\Program Files\Light Downloader\ldmie2.dll ()
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe ()
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe (JC&MB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Light Downloader - C:\Program Files\Light Downloader\dlall.htm ()
O8 - Extra context menu item: Download selected with Light Downloader - C:\Program Files\Light Downloader\dlselected.htm ()
O8 - Extra context menu item: Download with Light Downloader - C:\Program Files\Light Downloader\dllink.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 4810 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262300281720 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.167.10 67.142.167.11
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 10:58:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bdd04120-cc3b-11dc-aa3c-001e8c40986c}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd04120-cc3b-11dc-aa3c-001e8c40986c}\Shell\AutoRun\command - "" = K:\Imageviewer.exe -- File not found
O33 - MountPoints2\{c051a9b8-c717-11dc-a646-001e8c40986c}\Shell - "" = AutoRun
O33 - MountPoints2\{c051a9b8-c717-11dc-a646-001e8c40986c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2007/10/23 02:45:40 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 06:18:47 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/16 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/15 17:52:56 | 000,000,000 | ---D | C] -- C:\Multimedia Files
[2010/02/15 17:52:56 | 000,000,000 | ---D | C] -- \Multimedia Files
[2010/02/15 17:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft GIF Animator
[2010/02/14 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\17yearsold
[2010/02/14 20:10:30 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\me46
[2010/02/12 03:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/02/12 01:59:04 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\Virus
[2010/02/12 01:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/02/10 18:30:30 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\ICONS 2010
[2010/02/10 00:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\VocoderGUI
[2010/02/10 00:08:25 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/10 00:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Power Sound Editor Free
[2010/02/10 00:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/09 04:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/02/09 04:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/02/06 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/02/06 12:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LightDownloader.COM
[2010/02/06 12:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Light Downloader
[2010/02/06 10:39:39 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/02/06 03:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2010/02/06 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\FAVORITE PROGRAMS
[2010/02/05 18:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2010/02/05 04:23:32 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\NEW PSP 2010 UNUSED
[2010/02/05 03:01:21 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2010/02/05 03:01:19 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\Favorites_Q_Dir
[2010/02/05 03:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Q-Dir
[2010/02/05 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2010/02/05 01:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\UltraExplorer
[2010/02/04 04:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2008/01/20 21:45:01 | 000,824,216 | ---- | C] (PC Pitstop LLC ) -- C:\Program Files\diskmd-setup-1052.exe
[2008/01/20 21:44:26 | 000,846,008 | ---- | C] (Duality Software ) -- C:\Program Files\alarm clocksetupdsc160r.exe
[2008/01/20 21:44:03 | 004,279,120 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWire PRO 4.12.6.exe
[2008/01/20 21:43:55 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2008/01/20 05:45:35 | 000,703,122 | R--- | C] (JAM Software ) -- C:\Program Files\TreeSizeSetup.exe
[2008/01/20 00:38:09 | 000,773,497 | ---- | C] (Cro-Code Software ) -- C:\Program Files\tls_setup.exe
[21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/16 13:10:23 | 006,553,600 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat
[2010/02/16 12:38:53 | 000,716,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/16 12:38:53 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/16 12:38:53 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/16 12:35:46 | 000,000,294 | ---- | M] () -- C:\Windows\win.ini
[2010/02/16 12:35:34 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/02/16 12:34:48 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/16 12:34:48 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/16 12:34:39 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/16 12:34:39 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/16 12:34:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/16 12:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/16 11:49:20 | 000,001,896 | ---- | M] () -- C:\Users\Nichole\Documents\ark.text
[2010/02/16 10:27:06 | 000,007,340 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2010/02/16 09:18:47 | 000,001,073 | ---- | M] () -- C:\Users\Nichole\Desktop\Spybot - Search & Destroy.lnk
[2010/02/16 07:14:52 | 001,779,746 | ---- | M] () -- C:\Users\Nichole\Documents\GOODBYEHOOTERS.wmv
[2010/02/16 05:40:35 | 000,035,840 | ---- | M] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 00:05:52 | 000,007,944 | ---- | M] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2010/02/15 21:59:54 | 000,025,641 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2010/02/15 01:29:03 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2010/02/14 21:25:37 | 002,093,834 | ---- | M] () -- C:\Users\Nichole\Documents\17yearsold.zip
[2010/02/14 20:10:30 | 000,064,160 | ---- | M] () -- C:\Users\Nichole\Documents\me46.zip
[2010/02/14 19:34:58 | 000,508,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/12 01:13:22 | 000,208,080 | ---- | M] () -- C:\Users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/10 15:42:42 | 000,001,882 | ---- | M] () -- C:\Users\Nichole\Desktop\HijackThis.lnk
[2010/02/10 15:04:37 | 000,589,824 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/02/10 15:02:58 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/02/10 15:02:58 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/02/10 11:33:04 | 000,005,097 | ---- | M] () -- C:\Users\Nichole\Documents\My Favorite Theme.theme
[2010/02/10 06:22:48 | 006,553,600 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat_previous
[2010/02/10 03:48:50 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/02/10 00:45:06 | 000,000,834 | ---- | M] () -- C:\Users\Nichole\Desktop\Zerius Vocoder.lnk
[2010/02/10 00:08:19 | 000,001,825 | ---- | M] () -- C:\Users\Nichole\Desktop\Power Sound Editor Free.lnk
[2010/02/09 18:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 18:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 18:56:25 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/09 04:30:40 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/02/09 04:30:31 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/02/09 04:30:05 | 000,001,400 | ---- | M] () -- C:\Users\Nichole\Desktop\DivX Movies.lnk
[2010/02/08 20:37:53 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/02/06 13:14:31 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/02/06 12:21:00 | 000,000,771 | ---- | M] () -- C:\Users\Nichole\Desktop\Light Downloader.lnk
[2010/02/06 10:39:39 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/02/06 08:07:54 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:07:54 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 08:07:54 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/05 21:46:31 | 012,513,280 | ---- | M] () -- C:\ProgramData\sandra.mda
[2010/02/05 18:08:34 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2010c.lnk
[2010/02/05 15:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/05 15:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/05 15:00:05 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TM.blf
[2010/02/05 12:52:50 | 000,175,897 | ---- | M] () -- C:\Users\Nichole\Documents\pspbrwse.jbf
[2010/02/05 03:01:19 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\Q-Dir.lnk
[2010/02/04 03:28:32 | 000,011,114 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2010/02/04 03:28:32 | 000,010,240 | ---- | M] () -- C:\Users\Nichole\Documents\Recommendation.wps
[21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/16 11:49:20 | 000,001,896 | ---- | C] () -- C:\Users\Nichole\Documents\ark.text
[2010/02/16 09:18:47 | 000,001,073 | ---- | C] () -- C:\Users\Nichole\Desktop\Spybot - Search & Destroy.lnk
[2010/02/16 07:14:08 | 001,779,746 | ---- | C] () -- C:\Users\Nichole\Documents\GOODBYEHOOTERS.wmv
[2010/02/14 21:23:20 | 002,093,834 | ---- | C] () -- C:\Users\Nichole\Documents\17yearsold.zip
[2010/02/14 20:10:24 | 000,064,160 | ---- | C] () -- C:\Users\Nichole\Documents\me46.zip
[2010/02/12 03:01:26 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\kernel.sys
[2010/02/10 14:52:16 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/02/10 14:52:16 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/02/10 11:33:04 | 000,005,097 | ---- | C] () -- C:\Users\Nichole\Documents\My Favorite Theme.theme
[2010/02/10 00:45:06 | 000,000,834 | ---- | C] () -- C:\Users\Nichole\Desktop\Zerius Vocoder.lnk
[2010/02/10 00:08:19 | 000,001,825 | ---- | C] () -- C:\Users\Nichole\Desktop\Power Sound Editor Free.lnk
[2010/02/09 04:30:40 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/02/09 04:30:31 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/02/09 04:30:05 | 000,001,400 | ---- | C] () -- C:\Users\Nichole\Desktop\DivX Movies.lnk
[2010/02/06 12:21:00 | 000,000,771 | ---- | C] () -- C:\Users\Nichole\Desktop\Light Downloader.lnk
[2010/02/06 08:08:55 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:08:55 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 08:08:55 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/06 03:54:39 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 03:54:39 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 03:54:39 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{332d1be1-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/05 18:08:34 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2010c.lnk
[2010/02/05 18:08:31 | 012,513,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/02/05 03:01:19 | 000,001,616 | ---- | C] () -- C:\Users\Public\Desktop\Q-Dir.lnk
[2010/02/05 03:01:07 | 000,025,641 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010/02/04 18:07:34 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/04 18:07:33 | 000,524,288 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/04 18:07:33 | 000,065,536 | -HS- | C] () -- C:\Users\Nichole\ntuser.dat{89af7bdc-10bf-11df-93b1-00038a000015}.TM.blf
[2010/02/04 16:37:48 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/03 07:28:39 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/01/09 00:42:28 | 000,002,131 | ---- | C] () -- \aaw7boot.log
[2009/12/30 02:48:12 | 000,000,675 | ---- | C] () -- C:\Windows\System32\NewNamekrl32mainweq.dll
[2009/12/29 05:23:18 | 000,000,036 | ---- | C] () -- C:\Users\Nichole\AppData\Local\housecall.guid.cache
[2009/12/24 17:01:35 | 001,703,968 | ---- | C] () -- C:\Program Files\VirtualDub-1.9.7.zip
[2009/11/24 21:54:35 | 000,000,028 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/27 14:41:07 | 000,002,560 | ---- | C] () -- \stub.log
[2009/09/27 13:51:53 | 000,000,000 | ---- | C] () -- \Log.txt
[2009/08/04 04:37:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/04 04:36:53 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/07/18 22:41:59 | 000,000,268 | -H-- | C] () -- \sqmdata07.sqm
[2009/07/18 22:41:59 | 000,000,244 | -H-- | C] () -- \sqmnoopt07.sqm
[2009/05/10 07:08:44 | 004,376,305 | ---- | C] () -- \MWAV.LOG
[2009/05/10 06:02:00 | 000,000,074 | ---- | C] () -- \23990098.$
[2009/03/24 00:57:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/03/14 12:16:55 | 000,230,454 | ---- | C] () -- \cam0000.bmp
[2009/03/13 16:26:45 | 000,057,654 | ---- | C] () -- \img.BMP
[2008/12/12 12:08:53 | 000,000,268 | -H-- | C] () -- \sqmdata06.sqm
[2008/12/12 12:08:53 | 000,000,244 | -H-- | C] () -- \sqmnoopt06.sqm
[2008/12/02 01:24:17 | 000,000,268 | -H-- | C] () -- \sqmdata05.sqm
[2008/12/02 01:24:17 | 000,000,244 | -H-- | C] () -- \sqmnoopt05.sqm
[2008/11/17 06:03:47 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2008/11/17 06:03:47 | 000,000,232 | -H-- | C] () -- \sqmdata04.sqm
[2008/11/17 06:03:17 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2008/11/17 06:03:17 | 000,000,232 | -H-- | C] () -- \sqmdata03.sqm
[2008/11/17 06:02:24 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2008/11/17 06:02:24 | 000,000,232 | -H-- | C] () -- \sqmdata02.sqm
[2008/11/17 06:00:22 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2008/11/17 06:00:22 | 000,000,232 | -H-- | C] () -- \sqmdata01.sqm
[2008/10/28 12:04:15 | 000,010,920 | ---- | C] () -- \aolconnfix.exe
[2008/10/28 12:04:15 | 000,001,039 | ---- | C] () -- \aolconnfix.txt
[2008/10/19 20:27:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iptools.INI
[2008/10/15 04:26:38 | 000,067,334 | ---- | C] () -- \ProcessList.txt
[2008/08/07 17:57:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/07 17:57:19 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/08/07 17:57:19 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/07 17:57:19 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/07 17:57:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/07 17:57:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/07 17:57:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/09 05:50:04 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2008/05/09 05:50:04 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2008/05/07 06:00:05 | 000,000,146 | ---- | C] () -- \YServer.txt
[2008/05/04 10:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/15 05:21:44 | 000,000,178 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/30 03:54:52 | 000,000,458 | ---- | C] () -- C:\Windows\justnote.ini
[2008/01/26 08:56:55 | 001,474,385 | ---- | C] () -- C:\Program Files\sprint32v2.zip
[2008/01/26 00:43:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/01/20 21:47:26 | 000,048,489 | ---- | C] () -- C:\Program Files\ipnetinfo.zip
[2008/01/20 21:02:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2008/01/20 20:50:10 | 000,000,164 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2008/01/20 20:49:59 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2008/01/20 19:59:51 | 000,035,840 | ---- | C] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 17:50:52 | 000,007,340 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2008/01/20 06:03:25 | 000,011,114 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2008/01/20 05:45:48 | 192,152,327 | R--- | C] () -- C:\Program Files\AllProgramFilesZipped.zip
[2008/01/20 05:45:35 | 000,905,216 | ---- | C] () -- C:\Program Files\iview398.exe
[2008/01/20 05:00:15 | 001,680,921 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engbul-f.zip
[2008/01/20 05:00:14 | 003,155,350 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engspa-f.exe
[2008/01/20 01:40:31 | 000,043,352 | ---- | C] () -- C:\Windows\System32\wups2.dll
[2008/01/20 00:38:43 | 003,154,009 | ---- | C] () -- C:\Program Files\audacity-win-1.2.6.zip
[2008/01/20 00:38:19 | 000,000,011 | ---- | C] () -- C:\Program Files\productid.txt
[2008/01/20 00:38:02 | 001,363,968 | ---- | C] () -- C:\Program Files\stickerlite.exe
[2008/01/20 00:37:36 | 000,687,733 | ---- | C] () -- C:\Program Files\notes170.exe
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \MSDOS.SYS
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \IO.SYS
[2008/01/17 20:25:33 | 000,007,944 | ---- | C] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2007/11/23 10:30:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 10:30:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/23 10:19:20 | 2325,676,032 | -HS- | C] () --
[2007/11/23 10:02:45 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/11/23 10:02:44 | 000,438,840 | RHS- | C] () -- \bootmgr
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/06/18 00:17:26 | 000,000,212 | ---- | C] () -- C:\Windows\cr8type2lightins.ini
[2002/06/28 04:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 08:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1998/03/14 12:16:04 | 000,000,136 | ---- | C] () -- C:\Windows\System32\mssrina.dll

========== LOP Check ==========

[2008/11/30 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\AMPSoft
[2009/04/20 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ArmorSurf
[2009/12/28 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Ashampoo
[2008/12/16 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Auslogics
[2009/05/08 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Bearshare Premium P2P
[2009/09/27 11:48:59 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BellCraft.com
[2008/08/02 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BPK
[2009/07/21 03:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BRAVIS
[2010/02/01 13:55:44 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\CBS Interactive
[2009/08/03 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Digital Support
[2008/12/01 05:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\FontCreator
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Free&Easy Font Viewer
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GetRightToGo
[2009/05/08 03:07:50 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GlarySoft
[2009/12/30 06:54:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GrabPro
[2009/05/10 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\HouseCall 6.6
[2010/01/16 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ImgBurn
[2009/12/20 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Improved Software
[2010/01/16 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\InfraRecorder
[2009/05/22 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\IObit
[2009/09/17 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\JAM Software
[2010/02/16 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/02/16 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\LimeWire
[2009/08/04 04:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MAGIX
[2008/12/01 03:35:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MainType
[2009/05/10 00:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\minimem
[2009/12/20 03:07:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Moyea
[2009/12/20 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NeoDownloader
[2008/01/26 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NoteTab Light
[2010/02/15 20:32:48 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Orbit
[2010/02/10 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/05 03:18:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2008/10/17 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Se Analyzer Tool SA
[2010/01/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\SystemRequirementsLab
[2009/07/29 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\TamoSoft
[2008/01/20 06:03:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Template
[2010/02/15 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2009/12/23 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraGet
[2009/05/06 05:43:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Uniblue
[2010/02/16 06:10:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\uTorrent
[2008/12/16 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\WinBatch
[2008/01/21 03:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ZipGenius
[2010/02/16 12:35:34 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/02/16 11:01:19 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/08 20:37:53 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/10/28 12:04:15 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: AGP440.SYS >
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 03:05:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 03:05:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:05:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:05:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\hp\DRIVERS\nvidia_storage\nvstor32.sys
[2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b4609a34\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/02/13 03:02:04 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/02/13 03:02:04 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 04:46:10 | 001,376,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2006/11/02 04:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/11/23 10:08:52 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8423A1CF
< End of report >

@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@

EXTRAS TXT FILE

OTL Extras logfile created on: 2/16/2010 1:08:51 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Nichole\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 169.04 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 146.47 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 979.63 Mb Free Space | 99.86% Space Free | Partition Type: FAT

Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F435053-CDD8-4288-977D-77F6C4323EE2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5B482196-E1A9-4F9B-8291-4DB53CC3F201}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5F5DA7A0-AEFF-4802-A46A-7DE7F6C28732}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{6E8D363E-C8C6-4B9A-9981-1E65BA54517B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{74DA046F-8F1A-4A65-A2A0-438889EEBD54}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{793C3939-CAEF-434E-A861-37051A689DFB}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{89BB1384-D97F-4EA2-91C3-05997080002F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8E2461D0-73E5-466D-A2E1-80B9D4011C48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9830C22C-41D7-4287-B475-7B2CCF552035}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9A7EB061-1D98-43AD-A019-7CFB24692EFE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{9A82DC86-3FB3-4412-9CD2-6B4EE0406701}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{A0D8211D-9231-4A2A-90D2-071BFAE8C5C5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{B75A24E9-8625-4571-9339-C052572A8B4C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{CA0C6C87-5463-47D0-AA94-9E81AEE8DD09}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{CB73CFFD-7F20-4C75-9015-A042EA18CC87}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{CC301810-C726-4297-9C42-5138A27D0E49}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D7D0335C-BA8F-46DA-B83A-05DD9FDA5866}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E23D284B-1CA4-4064-96BD-6B3099C4D33F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E6E90FBD-3F0A-497F-B173-0B5BF6562619}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9E8D664-7B0A-40D5-A5D0-A5A7188443D1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F0486909-F0E6-458B-B533-646034990F33}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{448A811E-D61B-49A9-A5A4-E8E498E1D1D0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AC3AA1C3-C935-40B3-8CE6-3FA367BA3ACF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{10E1FC7C-AB9E-4851-AEC7-8A189A1E7281}" = LogoEase
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1" = NeoDownloader Lite 2.4
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E906533-F57F-45BD-A837-FCF24A2C243E}" = TubeSucker
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam v0.3.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4001FD1-EFF9-4978-A638-E9985154F50B}" = FAPMon (universal edition) 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.0
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AMP Font Viewer" = AMP Font Viewer
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Astro123_is1" = Astro123 v1.62
"Audacity_is1" = Audacity 1.2.6
"AvaCam_is1" = AvaCam v3.0.1
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.1
"BulletProofSoft Youtube Video Grabber Trial Version_is1" = BulletProofSoft Youtube Video Grabber 1.0.0.7
"Cfont Pro_is1" = Cfont Pro v3.1
"CheckDrive_is1" = CheckDrive
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Connection Manager" =
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Cool Record Edit Deluxe" = Cool Record Edit Deluxe
"DirectDrawEx" =
"Disk Investigator" = Disk Investigator 1.32
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DNS Thing_is1" = DNS Thing 1.1
"DriverAgent.exe" = DriverAgent by eSupport.com
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.3
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DXM_Runtime" =
"E.M. Free Photo Collage 0.9_is1" = E.M. Free Photo Collage 0.9
"EasyCapture_is1" = EasyCapture 1.0.0.0
"EMS YouTube Downloader & Converter_is1" = EMS YouTube Downloader & Converter 1.1
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Finger_is1" = Finger 1.9
"FingerPrint_is1" = FingerPrint
"FLV Player" = FLV Player 2.0, build 23
"Fontcore" =
"FontCreator55_is1" = FontCreator 5.6
"Font-Effects 2" = Font-Effects 2
"FontPage_is1" = FontPage 3.0.2
"Free DVD Burner (by minidvdsoft)_is1" = Free DVD Burner version 3.0
"Free IP Tools" = Free IP Tools
"Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 2.0
"Game Booster_is1" = Game Booster
"GIF Animator" = Microsoft GIF Animator
"GSpot" = GSpot Codec Information Appliance
"HaaliMkx" = Haali Media Splitter
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Hypersight Rootkit Detector_is1" = Hypersight 0.4 beta
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"IeCacheExplorer_is1" = IeCacheExplorer 1.4
"IEData" =
"Improved YouTube Downloader" = Improved YouTube Downloader 0.9.8
"Index Dat Spy" = Index Dat Spy
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.0
"InstallShield Uninstall Information" =
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IpDnsResolver_is1" = IpDnsResolver 1.2
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro 8.10 Update Patch" = Jasc Paint Shop Pro 8.10 Update Patch
"JC&MB Quicknote_is1" = Quicknote 5.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Full)
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Lettra Art" = Lettra Art By Harshal Mahadevia
"Light Downloader_is1" = Light Downloader 1.1
"LimeWire" = LimeWire 5.1.4
"List Alphabetizer" = List Alphabetizer
"MAGIX Slideshow Maker US" = MAGIX Slideshow Maker 1.0.1.3 (US)
"Magnifier" = Magnifier
"Magnifixer_is1" = Magnifixer 2.2
"MainType2_is1" = MainType 2.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McGill English Dictionary of Rhyme with VersePer~286A7AE6_is1" = McGill English Dictionary of Rhyme & Verse Perfect 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MPlayer2" =
"My HP Game Console" =
"My ScreenCam" = My ScreenCam
"NetworkActiv Port Scanner 4.0" = NetworkActiv Port Scanner 4.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0.0.13
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PCSleek Free Error Cleaner_is1" = PCSleek Free Error Cleaner
"PhotoStage" = PhotoStage
"Picasa2" = Picasa 2
"Plax Network Suite" = Plax Network Suite
"Power Sound Editor Free" = Power Sound Editor Free
"Prism" = Prism Video Converter
"Q-Dir" = Q-Dir
"qjop04328932qwwweew_is1" = Medusa v1.1
"Query Application" = Query Application
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"Recover Data for FAT & NTFS (Trial Version)_is1" = Recover Data for FAT & NTFS (Trial Version)
"Recover My Files_is1" = Recover My Files
"SchedulingAgent" =
"SerifDrawPlus40" = Serif DrawPlus 4.0
"Sheer Notes_is1" = Sheer Notes v1.1
"SlimList" = SlimList (remove only)
"Smart Defrag_is1" = Smart Defrag 1.20
"Smart FAT Recovery_is1" = Smart FAT Recovery v3.7
"SmartWhois" = SmartWhois
"Spyware Doctor" = Spyware Doctor 5.5
"ST6UNST #1" = Photo Recovery
"ST6UNST #2" = ScreenPrint32 v2.0a
"ST6UNST #3" = ScreenPrint32 v3.5
"ST6UNST #4" = Karen's LAN Monitor
"ST6UNST #5" = Meracl FontMap v2.1.1
"ST6UNST #6" = FontSuite v1.0
"ST6UNST #7" = ScreenPrint32 v3.5 (C:\Program Files\ScreenPrint32 v3\)
"Super Magnify v1.3_is1" = Super Magnify v1.3
"syspro" = syspro
"SystemRequirementsLab" = System Requirements Lab
"Text List" = Text List 1.2
"ToolBox" = NCH Toolbox
"Torrent Episode Downloader 0.96" = Torrent Episode Downloader
"TreeSize Free_is1" = TreeSize Free V2.3.3
"TweakVI" = TweakVI
"Type light" = Type light
"UltraExplorer_is1" = UltraExplorer 2.0.3.1
"UltraGet Video Downloader_is1" = UltraGet Video Downloader 2.0.9
"UltraSlideshow Flash Creator" = UltraSlideshow Flash Creator 1.20
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VocoderGUI" = Zerius Vocoder (remove only)
"VST Bridge_is1" = VST Bridge 1.1
"WebRipper" = WebRipper 1.32
"WildTangent hp Master Uninstall" = My HP Games
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"WinPcapInst" = WinPcap 4.0.2
"WordWeb" = WordWeb
"WT026592" =
"WT026598" =
"WT026599" =
"WT026600" =
"WT026615" =
"WT026617" =
"WT026621" =
"WT026647" =
"WT026649" =
"WT026652" =
"WT026654" =
"WT026655" =
"WT026656" =
"WT026657" =
"WT026658" =
"WT026659" =
"WT026678" =
"WT026689" =
"WT026691" =
"WT026728" =
"WT026729" =
"WT026730" =
"WT026780" =
"WT026781" =
"WT026807" =
"WT026813" =
"WT026814" =
"WT026836" =
"WT026837" =
"WT027261" =
"XHeader" = XHeader
"XWP replacement" = All-Pro Software XWP replacement 5.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomPlayer" = Zoom Player (remove only)
"ZScreen" = ZScreen 1.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2010 2:48:35 AM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =

Error - 2/16/2010 11:30:53 AM | Computer Name = Faith | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0xe28, application start time
0x01caaf1cdafa1cd0.

Error - 2/16/2010 11:59:50 AM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =

Error - 2/16/2010 12:06:28 PM | Computer Name = Faith | Source = Perflib | ID = 1010
Description =

Error - 2/16/2010 12:07:04 PM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =

Error - 2/16/2010 12:13:46 PM | Computer Name = Faith | Source = WerSvc | ID = 5007
Description =

Error - 2/16/2010 12:51:00 PM | Computer Name = Faith | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6000.16549 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c84 Start Time: 01caaf227caaab9e Termination Time: 15

Error - 2/16/2010 1:34:43 PM | Computer Name = FAITH | Source = WerSvc | ID = 5007
Description =

Error - 2/16/2010 2:22:40 PM | Computer Name = Faith | Source = VSS | ID = 8194
Description =

Error - 2/16/2010 2:22:42 PM | Computer Name = Faith | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Media Center Events ]
Error - 1/26/2009 4:53:53 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

Error - 1/26/2009 4:53:56 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 1/26/2009 4:53:59 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/26/2009 4:54:03 AM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.

Error - 1/26/2009 4:34:47 PM | Computer Name = Faith | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/19/2009 8:34:49 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 4/19/2009 9:26:52 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 4/19/2009 9:26:52 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 4/19/2009 9:27:03 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 4/19/2009 9:27:33 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 4/19/2009 9:30:23 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 4/19/2009 10:11:09 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 4/19/2009 10:11:09 PM | Computer Name = Faith | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 4/19/2009 10:11:17 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 4/19/2009 10:11:23 PM | Computer Name = Faith | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

< End of report >

@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@

GMER ROOTKIT RESULTS

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-16 11:49:20
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Nichole\AppData\Local\Temp\fgrdypow.sys

---- System - GMER 1.0.15 ----

INT 0xFF \SystemRoot\System32\Drivers\kernel.sys 8026C6E4

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTcuxqwxgmrb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTcuxqwxgmrb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTohglcrcbum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTqfrjcemiui.dat
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTjwckhmihlw.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTntidybjpgc.dll

---- EOF - GMER 1.0.15 ----

@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@MALWAREBYTES LOGS

(Full Scan Results)

Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16609

2/16/2010 1:13:08 AM
mbam-log-2010-02-16 (01-13-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 444379
Time elapsed: 1 hour(s), 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nichole\Incomplete\T-11734498-AV Voice Changer Software 6.0.10 - vLcB + keygen.exe (P2P.Dropper.A) -> Quarantined and deleted successfully.
C:\Users\Nichole\Shared\Morphvox Pro Serial Generator.0xe (Trojan.Dropper.A) -> Quarantined and deleted successfully.

(Quick Scan Results)
Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16609

2/16/2010 12:03:49 AM
mbam-log-2010-02-16 (00-03-49).txt

Scan type: Quick Scan
Objects scanned: 42831
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nichole\AppData\Local\Temp\CSM3A1B.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully...
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@

#2
Ltangelic

Posted 20 February 2010 - 05:21 AM

Angel Annihilator of Malware

Retired Staff
2,008 posts

Hey Niki McKnight,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me.

To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread.
If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them.
Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing.
Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here.
Please do not start multiple topics (especially when you are already being assisted by a malware staff). All staff are volunteers on here, starting multiple topics will waste the limited resource of manpower we have here at GeekstoGo, and this can further hinder our ability to assist other users. Please be considerate and stick to one thread. If you have not received a single reply to your topic for 3 days or more, feel free to visit here and post a thread in the Waiting Room with a link to your original topic.

I'm looking at your log now and will be back with a fix soon. Thanks for your patience and understanding.

#3
Niki McKnight

Posted 20 February 2010 - 05:36 AM

Member

Topic Starter
Member
63 posts

Thank-you Ltangelic.... If you need any further info, please don't hesitate to ask...=~)

#4
Ltangelic

Posted 20 February 2010 - 10:19 PM

Angel Annihilator of Malware

Retired Staff
2,008 posts

Hey Niki McKnight,

No worries, I'm glad to be of help.

By the way, are you running Spyware Doctor? If so, please disable it as you already have Spybot Teatimer running.

From your log(s), one or more of the identified infections are Backdoor Trojan and rootkit component. Rootkits and backdoor Trojan are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If this computer is used for online commercial means, please do the following IMMEDIATELY!

1) Call all relevant organisations (like banks, credit card companies etc) and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
2) From an uninfected computer, change ALL your online important personal information that you have used on this computer.

Do NOT use the infected computer for any commercial means during this while as the trojan author can still get information from it.

Due to the likelihood that your computer has already been compromised, there can be no guarantee that your computer can ever be secure again. While, it is possible to completely remove the backdoor trojans on your computer, only a reformat can ensure that your computer is completely clean.

If you want to continue with the fix, please proceed with the instructions below.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Spybot Teatimer) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Run Avenger

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the Avenger folder to your desktop
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
H8SRTcuxqwxgmrb.sys
Files to delete:
C:\Windows\system32\H8SRTohglcrcbum.dll
C:\Windows\system32\H8SRTqfrjcemiui.dat
C:\Windows\system32\H8SRTjwckhmihlw.dll
C:\Windows\system32\H8SRTntidybjpgc.dll
Registry keys to delete:
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf]
[-HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

2) Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Next reply (please include in your post):

Avenger.txt
ComboFix.txt

#5
Niki McKnight

Posted 21 February 2010 - 08:58 PM

Member

Topic Starter
Member
63 posts

Hi Ltangelic,

I downloaded both programs as instructed, turned of the teatimer, (as it was the only anti virus I had running). I then pasted the text, into the box, though I ended up having to run it several times, and it still says that it didn't find what it was looking for...=~( Though I went ahead and ran the Combo Fix, and I'll post the results to each of these below. I would really like to know what the viruses were, and if there is any way to tell approximately when I became infected. I changed permissions regarding the "H8SRT" files, made a back-up and then deleted the key from the registry... I have had quite a few random error messages come up... I'll try to post pics later, right now for some reason my paint program isn't working... (sniff sniff) Cheers ~Niki

PS (I actually responded HOURS ago, and it showed the post, yet when I came back there was no sign of my earlier post...)

Avenger Log File

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTcuxqwxgmrb.sys" not found!
Deletion of driver "H8SRTcuxqwxgmrb.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\system32\H8SRTohglcrcbum.dll" not found!
Deletion of file "C:\Windows\system32\H8SRTohglcrcbum.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\system32\H8SRTqfrjcemiui.dat" not found!
Deletion of file "C:\Windows\system32\H8SRTqfrjcemiui.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\system32\H8SRTjwckhmihlw.dll" not found!
Deletion of file "C:\Windows\system32\H8SRTjwckhmihlw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\system32\H8SRTntidybjpgc.dll" not found!
Deletion of file "C:\Windows\system32\H8SRTntidybjpgc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~
Combo Log File

ComboFix 10-02-20.04 - Nichole 02/21/2010 14:15:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1291 [GMT -5:00]
Running from: c:\users\Nichole\Downloads\HELP\ComboFix.exe
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-21 19:21 . 2010-02-21 19:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-21 19:21 . 2010-02-21 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-21 15:39 . 2010-02-21 15:41 -------- d-----w- c:\windows\system32\pt-BR
2010-02-16 14:18 . 2010-02-21 13:20 -------- d-----w- c:\program files\Spybot - Search & Destroy(3811)
2010-02-16 14:18 . 2010-02-18 11:32 -------- d-----w- c:\program files\Spybot - Search & Destroy(2319)
2010-02-15 22:52 . 2010-02-18 12:37 -------- d-----w- C:\Multimedia Files
2010-02-15 22:52 . 2010-02-18 12:37 -------- d-----w- c:\program files\Microsoft GIF Animator
2010-02-12 08:01 . 2008-05-16 14:53 71168 ----a-w- c:\windows\system32\drivers\kernel.sys
2010-02-12 08:01 . 2010-02-18 12:37 -------- d-----w- c:\program files\Hypersight
2010-02-12 06:18 . 2010-02-12 06:18 -------- d-----w- c:\progra~2\F-Secure
2010-02-10 05:45 . 2010-02-10 11:22 -------- d-----w- c:\program files\VocoderGUI
2010-02-10 05:08 . 2010-02-10 05:24 -------- d-----w- c:\users\Nichole\AppData\Roaming\Power Sound Editor Free
2010-02-10 05:08 . 2010-02-10 11:22 -------- d-----w- c:\program files\Power Sound Editor Free
2010-02-10 05:05 . 2010-02-10 11:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-09 09:30 . 2010-02-09 09:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-09 09:30 . 2010-02-09 09:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-06 17:21 . 2010-02-21 11:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\Light Downloader
2010-02-06 17:21 . 2010-02-06 17:21 51 ----a-w- c:\users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
2010-02-06 17:20 . 2010-02-06 17:21 -------- d-----w- c:\program files\Light Downloader
2010-02-06 17:20 . 2010-02-06 17:20 -------- d-----w- c:\progra~2\LightDownloader.COM
2010-02-06 15:39 . 2010-02-06 15:39 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-06 08:05 . 2010-02-06 08:05 -------- d-----w- c:\progra~2\AOL Downloads
2010-02-06 05:28 . 2010-02-06 05:29 -------- d-----w- c:\program files\FAVORITE PROGRAMS
2010-02-05 23:58 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-02-05 23:58 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-05 23:58 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-05 23:58 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-05 23:58 . 2008-07-31 15:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-05 23:58 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-02-05 23:58 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-02-05 23:08 . 2010-02-05 23:08 -------- d-----w- c:\program files\SiSoftware
2010-02-05 08:01 . 2010-02-05 08:18 -------- d-----w- c:\users\Nichole\AppData\Roaming\Q-Dir
2010-02-05 08:01 . 2010-02-05 08:01 -------- d-----w- c:\program files\Q-Dir
2010-02-05 06:45 . 2010-02-21 09:36 -------- d-----w- c:\users\Nichole\AppData\Roaming\UltraExplorer
2010-02-05 06:45 . 2010-02-05 06:45 -------- d-----w- c:\program files\UltraExplorer
2010-02-04 23:42 . 2010-02-04 23:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 18:00 . 2010-02-02 18:00 -------- d-----w- c:\program files\Free DVD Burner
2010-02-02 14:46 . 2010-02-02 14:46 -------- d-----w- c:\program files\HD Tune
2010-02-01 16:29 . 2010-02-01 18:55 -------- d-----w- c:\users\Nichole\AppData\Roaming\CBS Interactive
2010-01-31 03:14 . 2010-02-18 12:37 -------- d-----w- c:\users\Nichole\Pictures Graphics
2010-01-30 10:48 . 2010-01-30 10:52 -------- d-----w- c:\program files\Free Video Converter
2010-01-30 10:26 . 2010-01-30 10:26 -------- d-----w- c:\program files\eRightSoft
2010-01-30 09:24 . 2010-01-30 09:54 -------- d-----w- c:\program files\iWisoft Flash SWF to Video Converter
2010-01-30 09:09 . 2010-01-30 09:09 -------- d-----w- c:\users\Nichole\AppData\Roaming\AVS4YOU
2010-01-30 09:09 . 2010-01-30 09:09 -------- d-----w- c:\progra~2\AVS4YOU
2010-01-30 09:02 . 2010-01-30 09:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-30 09:02 . 2010-01-30 09:03 -------- d-----w- c:\program files\AVS4YOU
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- C:\DVDVideoSoft
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-30 08:35 . 2010-01-30 09:14 -------- d-----w- c:\program files\SWF to AVI
2010-01-30 06:19 . 2010-01-30 06:19 -------- d-----w- c:\program files\Extra Photo SlideShow Free
2010-01-29 13:10 . 2010-01-29 13:10 -------- d-----w- c:\program files\AnvSoft
2010-01-29 04:04 . 2010-01-29 04:04 -------- d-----w- C:\NCH Software
2010-01-29 03:12 . 2010-02-18 04:21 -------- d-----w- c:\users\Nichole\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 13:21 . 2010-02-16 14:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 13:21 . 2008-03-05 23:06 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-02-21 11:45 . 2010-02-03 12:28 35085 ----a-w- c:\progra~2\nvModes.dat
2010-02-21 08:22 . 2010-02-21 08:21 2316 ----a-w- c:\progra~2\xmlBEB9.tmp
2010-02-21 08:21 . 2010-02-21 08:21 13523 ----a-w- c:\progra~2\xmlB832.tmp
2010-02-21 08:21 . 2010-02-21 08:21 8276 ----a-w- c:\progra~2\xmlACFB.tmp
2010-02-20 11:43 . 2008-08-07 08:19 -------- d-----w- c:\users\Nichole\AppData\Roaming\uTorrent
2010-02-19 05:33 . 2008-05-09 10:32 -------- d-----w- c:\program files\Windows Live
2010-02-18 12:37 . 2009-12-30 10:00 -------- d-----w- c:\users\Nichole\AppData\Roaming\Orbit
2010-02-18 12:37 . 2008-08-07 08:19 -------- d-----w- c:\program files\uTorrent
2010-02-18 12:37 . 2008-05-09 10:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-02-18 12:37 . 2008-01-21 02:59 -------- d-----w- c:\program files\IrfanView
2010-02-18 12:37 . 2008-01-20 10:14 -------- d-----w- c:\program files\Jasc Software Inc
2010-02-18 12:37 . 2008-01-18 01:17 -------- d-----w- c:\program files\AOL 9.0
2010-02-18 07:22 . 2008-11-05 19:29 -------- d-----w- c:\program files\Harshil's Softwares
2010-02-18 07:22 . 2007-11-23 15:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 06:03 . 2008-01-18 01:25 7944 ----a-w- c:\users\Nichole\AppData\Local\d3d9caps.dat
2010-02-16 23:56 . 2010-02-16 21:32 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-02-16 23:29 . 2010-02-16 23:29 -------- d-----w- c:\users\Nichole\AppData\Roaming\Screaming Bee
2010-02-16 23:29 . 2010-02-16 23:27 -------- d-----w- c:\progra~2\Screaming Bee
2010-02-16 23:27 . 2010-02-16 23:27 -------- d-----w- c:\program files\Screaming Bee
2010-02-16 18:04 . 2008-01-21 06:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\LimeWire
2010-02-15 22:01 . 2010-01-08 00:00 -------- d-----w- c:\users\Nichole\AppData\Roaming\DivX
2010-02-12 15:01 . 2008-01-20 10:17 -------- d-----w- c:\program files\ZipGenius 6
2010-02-12 13:15 . 2008-12-10 22:36 -------- d-----w- c:\program files\Registry Easy
2010-02-12 06:13 . 2008-01-18 01:24 208080 ----a-w- c:\users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-10 10:39 . 2009-07-31 01:20 -------- d-----w- c:\progra~2\NOS
2010-02-10 10:37 . 2009-05-10 03:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 09:30 . 2008-08-07 19:32 -------- d-----w- c:\program files\DivX
2010-02-05 23:59 . 2010-02-05 23:59 2316 ----a-w- c:\progra~2\xml8DE3.tmp
2010-02-05 23:59 . 2010-02-05 23:59 13829 ----a-w- c:\progra~2\xml86B1.tmp
2010-02-05 23:59 . 2010-02-05 23:59 7734 ----a-w- c:\progra~2\xml7BC8.tmp
2010-02-05 22:23 . 2008-02-06 03:38 -------- d-----w- c:\program files\Duplicate File Finder
2010-02-05 20:53 . 2010-02-05 20:53 0 ----a-w- c:\progra~2\xmlBF4C.tmp
2010-02-05 20:53 . 2010-02-05 20:53 0 ----a-w- c:\progra~2\xml906F.tmp
2010-02-05 20:53 . 2010-02-05 20:53 0 ----a-w- c:\progra~2\xml6182.tmp
2010-02-05 20:53 . 2010-02-05 20:53 0 ----a-w- c:\progra~2\xml31E9.tmp
2010-02-04 21:48 . 2010-02-04 21:48 2316 ----a-w- c:\progra~2\xmlD704.tmp
2010-02-04 21:48 . 2010-02-04 21:48 13829 ----a-w- c:\progra~2\xmlD04F.tmp
2010-02-04 21:48 . 2010-02-04 21:48 7734 ----a-w- c:\progra~2\xmlC298.tmp
2010-02-04 09:15 . 2007-11-23 16:00 -------- d-----w- c:\program files\Common Files\Java
2010-02-04 08:28 . 2008-01-20 11:03 11114 ----a-w- c:\users\Nichole\AppData\Roaming\wklnhst.dat
2010-02-03 12:28 . 2007-11-23 15:45 -------- d-----w- c:\progra~2\NVIDIA
2010-02-02 16:02 . 2008-01-20 09:52 -------- d-----w- c:\users\Nichole\AppData\Roaming\U3
2010-02-02 08:30 . 2008-01-21 10:28 -------- d-----w- c:\program files\GetData
2010-01-30 06:10 . 2009-08-04 09:12 -------- d-----w- c:\program files\mresreg
2010-01-21 21:32 . 2010-01-09 14:37 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-21 21:27 . 2007-11-23 15:43 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-21 00:58 . 2007-01-01 05:53 -------- d-----w- c:\users\Nichole\AppData\Roaming\DVD Flick
2010-01-18 19:16 . 2008-12-16 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-18 19:16 . 2010-01-18 19:16 -------- d-----w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-17 22:09 . 2008-02-04 14:56 -------- d-----w- c:\program files\Google
2010-01-17 01:40 . 2010-01-17 01:35 -------- d-----w- c:\users\Nichole\AppData\Roaming\InfraRecorder
2010-01-16 22:35 . 2010-01-16 22:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\ImgBurn
2010-01-16 22:05 . 2010-01-16 22:05 -------- d-----w- c:\progra~2\Canneverbe Limited
2010-01-11 04:06 . 2009-07-30 00:43 -------- d-----w- c:\program files\BitComet
2010-01-11 03:05 . 2010-01-02 14:12 -------- d-----w- c:\program files\Codebox
2010-01-11 03:05 . 2009-12-26 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 02:55 . 2008-01-26 20:27 -------- d-----w- c:\program files\Recover Data for FAT & NTFS (Trial Version)
2010-01-11 01:43 . 2010-01-09 04:32 -------- dc-h--w- c:\progra~2\~0
2010-01-11 01:42 . 2010-01-09 04:43 -------- d-----w- c:\progra~2\Lavasoft
2010-01-09 19:02 . 2010-01-09 19:02 0 ----a-w- c:\progra~2\xmlD252.tmp
2010-01-09 19:02 . 2010-01-09 19:02 0 ----a-w- c:\progra~2\xmlCE6B.tmp
2010-01-09 19:02 . 2010-01-09 19:02 0 ----a-w- c:\progra~2\xmlCA83.tmp
2010-01-09 19:01 . 2010-01-09 19:01 0 ----a-w- c:\progra~2\xmlC5F0.tmp
2010-01-09 19:01 . 2010-01-09 19:01 0 ----a-w- c:\progra~2\xml2BC7.tmp
2010-01-09 19:01 . 2010-01-09 19:01 0 ----a-w- c:\progra~2\xml27E0.tmp
2010-01-09 19:01 . 2010-01-09 19:01 0 ----a-w- c:\progra~2\xml23F8.tmp
2010-01-09 19:01 . 2010-01-09 19:01 0 ----a-w- c:\progra~2\xml1F56.tmp
2010-01-09 04:34 . 2010-01-09 04:33 -------- d-----w- c:\program files\Ad-aware
2010-01-07 23:50 . 2008-01-20 06:39 -------- d-----w- c:\users\Nichole\AppData\Roaming\CyberLink
2010-01-07 21:07 . 2009-12-29 10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-12-29 10:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 05:41 . 2010-01-07 05:41 -------- d-----w- c:\program files\ThePluginSite
2010-01-07 05:41 . 2010-01-07 05:41 -------- d-----w- c:\program files\HarrysFilters3
2010-01-06 13:00 . 2010-01-06 13:00 -------- d-----w- c:\program files\Steinberg
2010-01-03 08:03 . 2010-01-03 08:03 -------- d-----w- c:\program files\PicPluck
2009-12-30 11:54 . 2009-12-30 11:54 -------- d-----w- c:\users\Nichole\AppData\Roaming\GrabPro
2009-12-30 10:00 . 2009-12-30 10:00 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 03:09 . 2008-10-17 02:11 -------- d-----w- c:\program files\Plax Network Suite
2009-12-29 03:09 . 2009-11-25 22:33 -------- d-----w- c:\program files\Cool Record Edit Deluxe
2009-12-29 03:09 . 2008-02-22 22:39 -------- d-----w- c:\program files\FLV Player
2009-12-29 00:39 . 2009-12-29 00:39 -------- d-----w- c:\users\Nichole\AppData\Roaming\Ashampoo
2009-12-29 00:39 . 2009-12-29 00:39 -------- d-----w- c:\progra~2\ashampoo
2009-12-29 00:39 . 2009-12-29 00:39 -------- d-----w- c:\program files\Ashampoo
2009-12-28 23:28 . 2009-12-24 23:59 -------- d-----w- c:\program files\Video Webcam and Slideshow Programs
2009-12-26 11:45 . 2009-12-26 11:45 -------- d-----w- c:\users\Nichole\AppData\Roaming\Malwarebytes
2009-12-26 11:45 . 2009-12-26 11:45 -------- d-----w- c:\progra~2\Malwarebytes
2009-12-25 17:58 . 2009-12-25 17:57 -------- d-----w- c:\program files\Movie Editor Whiz
2009-12-25 00:27 . 2009-12-25 00:27 -------- d-----w- c:\program files\Pryme
2009-12-24 22:25 . 2009-03-13 23:26 -------- d-----w- c:\program files\Yawcam
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\Simple Webcam Capture
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-----w- c:\program files\VirtualDub-1.9.7
2009-12-24 22:01 . 2009-12-24 22:01 1703968 ----a-w- c:\program files\VirtualDub-1.9.7.zip
2009-12-24 01:38 . 2008-02-04 23:28 -------- d-----w- c:\users\Nichole\AppData\Roaming\UltraGet
2008-01-26 14:01 . 2008-01-26 13:56 1474385 ----a-w- c:\program files\sprint32v2.zip
2007-08-24 13:52 . 2008-01-25 02:39 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-11-23 15:08 . 2007-11-23 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB}]
2010-02-01 22:41 98304 ----a-w- c:\program files\Light Downloader\ldmie2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quicknote"="c:\program files\Quicknote\quicknote.exe" [2007-12-02 1183744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-12-14 15:50 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1200618788\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-04 02:02 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hypersight]
2008-05-16 14:53 495616 ----a-w- c:\program files\Hypersight\hypersight.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyScreenCam]
2006-08-18 19:30 90112 ----a-w- c:\program files\My Screen Cam\scrcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:33 12685928 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:33 110184 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-11-21 01:33 812648 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quicknote]
2007-12-02 13:20 1183744 ----a-w- c:\program files\Quicknote\quicknote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-16 06:25 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-21 18:39 24264488 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-11-23 15:04 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZScreen]
2007-10-15 18:21 176128 ----a-w- c:\program files\ZScreen\ZScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 kernel;Hypersight Kernel;c:\windows\System32\drivers\kernel.sys [2/12/2010 3:01 AM 71168]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [7/7/2008 12:26 AM 28552]
S3 DCIGACCIFT;DCIGACCIFT;c:\users\Nichole\AppData\Local\Temp\DCIGACCIFT.exe --> c:\users\Nichole\AppData\Local\Temp\DCIGACCIFT.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [2/6/2010 10:39 AM 23456]
S3 IPTools;IPTools;\??\c:\documents and settings\Nichole\Desktop\DOWNLOADS FOLDER\IP Tools 10-19-2008\sniffer\iptools.exe --> c:\documents and settings\Nichole\Desktop\DOWNLOADS FOLDER\IP Tools 10-19-2008\sniffer\iptools.exe [?]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/12/2007 8:35 PM 25760]
S3 ZUOKFHK;ZUOKFHK;c:\users\Nichole\AppData\Local\Temp\ZUOKFHK.exe --> c:\users\Nichole\AppData\Local\Temp\ZUOKFHK.exe [?]
S4 WYQRBOLFZL;WYQRBOLFZL;c:\users\Nichole\AppData\Local\Temp\WYQRBOLFZL.exe --> c:\users\Nichole\AppData\Local\Temp\WYQRBOLFZL.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-30 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Light Downloader - file://c:\program files\Light Downloader\dlall.htm
IE: Download selected with Light Downloader - file://c:\program files\Light Downloader\dlselected.htm
IE: Download video with Light Downloader - file://c:\program files\Light Downloader\dlfvideo.htm
IE: Download with Light Downloader - file://c:\program files\Light Downloader\dllink.htm
FF - ProfilePath - c:\users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Light Downloader\Firefox\Extension\components\ldmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Nichole\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Nichole\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 14:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-21 14:23:44
ComboFix-quarantined-files.txt 2010-02-21 19:23
ComboFix2.txt 2010-02-21 13:38

Pre-Run: 173,064,454,144 bytes free
Post-Run: 173,024,440,320 bytes free

- - End Of File - - 13C9F3D3A81D6DF88E31831648A40BAF

#6
Ltangelic

Posted 22 February 2010 - 12:05 AM

Angel Annihilator of Malware

Retired Staff
2,008 posts

Hey Niki McKnight,

I downloaded both programs as instructed, turned of the teatimer, (as it was the only anti virus I had running). I then pasted the text, into the box, though I ended up having to run it several times, and it still says that it didn't find what it was looking for...=~( Though I went ahead and ran the Combo Fix, and I'll post the results to each of these below. I would really like to know what the viruses were, and if there is any way to tell approximately when I became infected. I changed permissions regarding the "H8SRT" files, made a back-up and then deleted the key from the registry... I have had quite a few random error messages come up... I'll try to post pics later, right now for some reason my paint program isn't working... (sniff sniff) Cheers ~Niki

Teatimer is not an anti-virus protection software, it is an anti-spyware protection software. Looks like the malware on your computer are still not gone, and ComboFix failed to pick up anything useful.

From your log(s), you do not seem to have an active anti-virus resident protection running. This is extremely dangerous as your computer is vunerable to all kinds of infections. Before we go on to clean up your computer, please go to the following links provided below, download and install ONE of the anti-virus protection.

Avira Antivir (recommended)
Avast! Home Edition
AVG 9 Free
-----------------------------------------------------------------------------

From your log, you seem to have multiple anti-spyware running on your computer. This is not recommended as multiple protection of the same kind can cause conflicts and reduce the efficiency of the softwares.

Below are the anti-spyware you have on your computer:

Spybot Search and Destroy
Spyware Doctor
Windows Defender

Please keep only one of them active and uninstall/disable the rest.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Spybot Teatimer and the anti-virus you installed) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Run FileFind

Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:

Click on FileFind.exe
In the box labeled "Enter the directory to search"
Enter Drive eg.. C:\

In the box labeled "Enter the file to search"

Enter H8SRTohglcrcbum.dll to search for the file(s)
Now click on the "Find" button
Once the utility has found the files click on "Export"
This will save a text file to your C:\ drive as "Export.txt"
Double click on Export.txt, copy and paste this information in your next post
Please do the same for the following files:

H8SRTqfrjcemiui.dat
H8SRTjwckhmihlw.dll
H8SRTntidybjpgc.dll

2) Run CFScript

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Dirlook::
C:\23990098.$

File::
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmnoopt01.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
c:\users\Nichole\AppData\Local\Temp\DCIGACCIFT.exe
c:\users\Nichole\AppData\Local\Temp\ZUOKFHK.exe
c:\users\Nichole\AppData\Local\Temp\WYQRBOLFZL.exe 
c:\progra~2\xmlBEB9.tmp
c:\progra~2\xmlB832.tmp
c:\progra~2\xmlACFB.tmp
c:\progra~2\xmlBF4C.tmp
c:\progra~2\xml906F.tmp
c:\progra~2\xml6182.tmp
c:\progra~2\xml31E9.tmp
c:\progra~2\xmlD704.tmp
c:\progra~2\xmlD04F.tmp
c:\progra~2\xmlC298.tmp
c:\progra~2\xml8DE3.tmp
c:\progra~2\xml86B1.tmp
c:\progra~2\xml7BC8.tmp
c:\progra~2\xmlD252.tmp
c:\progra~2\xmlCE6B.tmp
c:\progra~2\xmlCA83.tmp
c:\progra~2\xmlC5F0.tmp
c:\progra~2\xml2BC7.tmp
c:\progra~2\xml27E0.tmp
c:\progra~2\xml23F8.tmp
c:\progra~2\xml1F56.tmp

Driver::
DCIGACCIFT
ZUOKFHK
WYQRBOLFZL

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

Combofix.txt .

3) Run AVZ

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

4) Run Dr Web CureIt

Download Dr.Web CureIt to the desktop.

Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the Complete Scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Next reply (please include in your post):

4 Export.txt
ComboFix.txt
AVZ log
DrWeb CureIt scan log

#7
Niki McKnight

Posted 22 February 2010 - 03:09 AM

Member

Topic Starter
Member
63 posts

I am not running Spyware Doctor, nor have I in years... I downloaded the recommend software, though I have not opened it. File find repeatedly stalled and stopped, with an error saying:

run-time error '6' overflow

I went to Vista's search, I made sure I went and made every possible place and file type would be searched, and then searched for all files that had; "H8SRT" in them. 10 enteries were found, 8 from inside the MalwareBytes folder, 1 from the registry back-up key I made earlier, and 1 being a reference, I zipped them all together and then deleted the files.
(included screen shot)

(I'm posting this now, as the Dr. Web is STILL on the "quick" scan, which it has been doing for an awfully long time already, and I assume the long scan might be done by morning....) (BTW: Thank-you AGAIN soooooo much for you help!!!!)

Combo Fix:
(I realize it says I had SB and WDefend, running but I didn't, I had closed out of them both and even checked the task manager, however, it still said they were running but that it would scan, so I allowed it to, and then when it was finished I uninstalled SB, and ran the scan again....)

ComboFix 10-02-20.04 - Nichole 02/22/2010 2:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.840 [GMT -5:00]
Running from: c:\users\Nichole\Downloads\HELP\ComboFix.exe
Command switches used :: c:\users\Nichole\Downloads\HELP\CFScript.txt
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\progra~2\xml1F56.tmp"
"c:\progra~2\xml23F8.tmp"
"c:\progra~2\xml27E0.tmp"
"c:\progra~2\xml2BC7.tmp"
"c:\progra~2\xml31E9.tmp"
"c:\progra~2\xml6182.tmp"
"c:\progra~2\xml7BC8.tmp"
"c:\progra~2\xml86B1.tmp"
"c:\progra~2\xml8DE3.tmp"
"c:\progra~2\xml906F.tmp"
"c:\progra~2\xmlACFB.tmp"
"c:\progra~2\xmlB832.tmp"
"c:\progra~2\xmlBEB9.tmp"
"c:\progra~2\xmlBF4C.tmp"
"c:\progra~2\xmlC298.tmp"
"c:\progra~2\xmlC5F0.tmp"
"c:\progra~2\xmlCA83.tmp"
"c:\progra~2\xmlCE6B.tmp"
"c:\progra~2\xmlD04F.tmp"
"c:\progra~2\xmlD252.tmp"
"c:\progra~2\xmlD704.tmp"
"C:\sqmdata00.sqm"
"C:\sqmdata01.sqm"
"C:\sqmdata02.sqm"
"C:\sqmdata03.sqm"
"C:\sqmdata04.sqm"
"C:\sqmdata05.sqm"
"C:\sqmdata06.sqm"
"C:\sqmdata07.sqm"
"C:\sqmnoopt00.sqm"
"C:\sqmnoopt01.sqm"
"C:\sqmnoopt02.sqm"
"C:\sqmnoopt03.sqm"
"C:\sqmnoopt04.sqm"
"C:\sqmnoopt05.sqm"
"C:\sqmnoopt06.sqm"
"C:\sqmnoopt07.sqm"
"c:\users\Nichole\AppData\Local\Temp\DCIGACCIFT.exe"
"c:\users\Nichole\AppData\Local\Temp\WYQRBOLFZL.exe"
"c:\users\Nichole\AppData\Local\Temp\ZUOKFHK.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\xml1F56.tmp
c:\progra~2\xml23F8.tmp
c:\progra~2\xml27E0.tmp
c:\progra~2\xml2BC7.tmp
c:\progra~2\xml31E9.tmp
c:\progra~2\xml6182.tmp
c:\progra~2\xml7BC8.tmp
c:\progra~2\xml86B1.tmp
c:\progra~2\xml8DE3.tmp
c:\progra~2\xml906F.tmp
c:\progra~2\xmlACFB.tmp
c:\progra~2\xmlB832.tmp
c:\progra~2\xmlBEB9.tmp
c:\progra~2\xmlBF4C.tmp
c:\progra~2\xmlC298.tmp
c:\progra~2\xmlC5F0.tmp
c:\progra~2\xmlCA83.tmp
c:\progra~2\xmlCE6B.tmp
c:\progra~2\xmlD04F.tmp
c:\progra~2\xmlD252.tmp
c:\progra~2\xmlD704.tmp
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DCIGACCIFT
-------\Legacy_WYQRBOLFZL
-------\Service_DCIGACCIFT
-------\Service_WYQRBOLFZL
-------\Service_ZUOKFHK

((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 07:51 . 2010-02-22 07:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-22 07:51 . 2010-02-22 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-22 03:43 . 2010-02-22 03:43 -------- d-----w- c:\program files\ProcessExplorer
2010-02-22 03:43 . 2009-04-19 14:46 1615732 ----a-w- c:\program files\ProcessExplorer.zip
2010-02-21 15:39 . 2010-02-21 15:41 -------- d-----w- c:\windows\system32\pt-BR
2010-02-16 23:42 . 2010-02-16 23:45 -------- d-----w- C:\vcs5core
2010-02-16 23:42 . 2010-02-16 23:42 -------- d-----w- C:\AV_LOGS
2010-02-16 23:29 . 2010-02-16 23:29 -------- d-----w- c:\users\Nichole\AppData\Roaming\Screaming Bee
2010-02-16 23:27 . 2010-02-16 23:29 -------- d-----w- c:\progra~2\Screaming Bee
2010-02-16 23:27 . 2010-02-16 23:27 -------- d-----w- c:\program files\Screaming Bee
2010-02-16 21:33 . 2010-02-17 00:06 -------- d-----w- C:\vcs5BGEffects
2010-02-16 21:32 . 2010-02-16 23:56 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-02-16 14:18 . 2010-02-21 19:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-16 14:18 . 2010-02-21 13:20 -------- d-----w- c:\program files\Spybot - Search & Destroy(3811)
2010-02-16 14:18 . 2010-02-18 11:32 -------- d-----w- c:\program files\Spybot - Search & Destroy(2319)
2010-02-15 22:52 . 2010-02-18 12:37 -------- d-----w- C:\Multimedia Files
2010-02-15 22:52 . 2010-02-18 12:37 -------- d-----w- c:\program files\Microsoft GIF Animator
2010-02-12 08:01 . 2008-05-16 14:53 71168 ----a-w- c:\windows\system32\drivers\kernel.sys
2010-02-12 08:01 . 2010-02-18 12:37 -------- d-----w- c:\program files\Hypersight
2010-02-12 06:18 . 2010-02-12 06:18 -------- d-----w- c:\progra~2\F-Secure
2010-02-10 05:45 . 2010-02-10 11:22 -------- d-----w- c:\program files\VocoderGUI
2010-02-10 05:08 . 2010-02-10 05:24 -------- d-----w- c:\users\Nichole\AppData\Roaming\Power Sound Editor Free
2010-02-10 05:08 . 2010-02-10 11:22 -------- d-----w- c:\program files\Power Sound Editor Free
2010-02-10 05:05 . 2010-02-10 11:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-09 09:30 . 2010-02-09 09:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-09 09:30 . 2010-02-09 09:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-06 17:21 . 2010-02-21 11:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\Light Downloader
2010-02-06 17:20 . 2010-02-06 17:21 -------- d-----w- c:\program files\Light Downloader
2010-02-06 17:20 . 2010-02-06 17:20 -------- d-----w- c:\progra~2\LightDownloader.COM
2010-02-06 15:39 . 2010-02-06 15:39 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-06 08:05 . 2010-02-06 08:05 -------- d-----w- c:\progra~2\AOL Downloads
2010-02-06 05:28 . 2010-02-06 05:29 -------- d-----w- c:\program files\FAVORITE PROGRAMS
2010-02-05 23:58 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-02-05 23:58 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-05 23:58 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-05 23:58 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-05 23:58 . 2008-07-31 15:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-05 23:58 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-02-05 23:58 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-02-05 23:08 . 2010-02-05 23:08 -------- d-----w- c:\program files\SiSoftware
2010-02-05 08:01 . 2010-02-05 08:18 -------- d-----w- c:\users\Nichole\AppData\Roaming\Q-Dir
2010-02-05 08:01 . 2010-02-05 08:01 -------- d-----w- c:\program files\Q-Dir
2010-02-05 06:45 . 2010-02-21 09:36 -------- d-----w- c:\users\Nichole\AppData\Roaming\UltraExplorer
2010-02-05 06:45 . 2010-02-05 06:45 -------- d-----w- c:\program files\UltraExplorer
2010-02-04 23:42 . 2010-02-04 23:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 18:00 . 2010-02-02 18:00 -------- d-----w- c:\program files\Free DVD Burner
2010-02-02 14:46 . 2010-02-02 14:46 -------- d-----w- c:\program files\HD Tune
2010-02-01 16:29 . 2010-02-01 18:55 -------- d-----w- c:\users\Nichole\AppData\Roaming\CBS Interactive
2010-01-31 03:14 . 2010-02-18 12:37 -------- d-----w- c:\users\Nichole\Pictures Graphics
2010-01-30 10:48 . 2010-01-30 10:52 -------- d-----w- c:\program files\Free Video Converter
2010-01-30 10:26 . 2010-01-30 10:26 -------- d-----w- c:\program files\eRightSoft
2010-01-30 09:24 . 2010-01-30 09:54 -------- d-----w- c:\program files\iWisoft Flash SWF to Video Converter
2010-01-30 09:09 . 2010-01-30 09:09 -------- d-----w- c:\users\Nichole\AppData\Roaming\AVS4YOU
2010-01-30 09:09 . 2010-01-30 09:09 -------- d-----w- c:\progra~2\AVS4YOU
2010-01-30 09:02 . 2010-01-30 09:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-30 09:02 . 2010-01-30 09:03 -------- d-----w- c:\program files\AVS4YOU
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- C:\DVDVideoSoft
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-30 08:35 . 2010-01-30 09:14 -------- d-----w- c:\program files\SWF to AVI
2010-01-30 06:19 . 2010-01-30 06:19 -------- d-----w- c:\program files\Extra Photo SlideShow Free
2010-01-29 13:10 . 2010-01-29 13:10 -------- d-----w- c:\program files\AnvSoft
2010-01-29 04:04 . 2010-01-29 04:04 -------- d-----w- C:\NCH Software
2010-01-29 03:12 . 2010-02-18 04:21 -------- d-----w- c:\users\Nichole\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 07:46 . 2008-08-07 08:19 -------- d-----w- c:\users\Nichole\AppData\Roaming\uTorrent
2010-02-22 00:34 . 2008-03-05 23:06 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-02-21 11:45 . 2010-02-03 12:28 35085 ----a-w- c:\progra~2\nvModes.dat
2010-02-19 05:33 . 2008-05-09 10:32 -------- d-----w- c:\program files\Windows Live
2010-02-18 12:37 . 2009-12-30 10:00 -------- d-----w- c:\users\Nichole\AppData\Roaming\Orbit
2010-02-18 12:37 . 2008-08-07 08:19 -------- d-----w- c:\program files\uTorrent
2010-02-18 12:37 . 2008-05-09 10:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-02-18 12:37 . 2008-01-21 02:59 -------- d-----w- c:\program files\IrfanView
2010-02-18 12:37 . 2008-01-20 10:14 -------- d-----w- c:\program files\Jasc Software Inc
2010-02-18 12:37 . 2008-01-18 01:17 -------- d-----w- c:\program files\AOL 9.0
2010-02-18 07:22 . 2008-11-05 19:29 -------- d-----w- c:\program files\Harshil's Softwares
2010-02-18 07:22 . 2007-11-23 15:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 06:03 . 2008-01-18 01:25 7944 ----a-w- c:\users\Nichole\AppData\Local\d3d9caps.dat
2010-02-16 18:04 . 2008-01-21 06:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\LimeWire
2010-02-15 22:01 . 2010-01-08 00:00 -------- d-----w- c:\users\Nichole\AppData\Roaming\DivX
2010-02-12 15:01 . 2008-01-20 10:17 -------- d-----w- c:\program files\ZipGenius 6
2010-02-12 13:15 . 2008-12-10 22:36 -------- d-----w- c:\program files\Registry Easy
2010-02-12 06:13 . 2008-01-18 01:24 208080 ----a-w- c:\users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-10 10:39 . 2009-07-31 01:20 -------- d-----w- c:\progra~2\NOS
2010-02-10 10:37 . 2009-05-10 03:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 09:30 . 2008-08-07 19:32 -------- d-----w- c:\program files\DivX
2010-02-06 17:21 . 2010-02-06 17:21 51 ----a-w- c:\users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
2010-02-05 22:23 . 2008-02-06 03:38 -------- d-----w- c:\program files\Duplicate File Finder
2010-02-04 09:15 . 2007-11-23 16:00 -------- d-----w- c:\program files\Common Files\Java
2010-02-04 08:28 . 2008-01-20 11:03 11114 ----a-w- c:\users\Nichole\AppData\Roaming\wklnhst.dat
2010-02-03 12:28 . 2007-11-23 15:45 -------- d-----w- c:\progra~2\NVIDIA
2010-02-02 16:02 . 2008-01-20 09:52 -------- d-----w- c:\users\Nichole\AppData\Roaming\U3
2010-02-02 08:30 . 2008-01-21 10:28 -------- d-----w- c:\program files\GetData
2010-01-30 06:10 . 2009-08-04 09:12 -------- d-----w- c:\program files\mresreg
2010-01-21 21:32 . 2010-01-09 14:37 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-21 21:27 . 2007-11-23 15:43 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-21 00:58 . 2007-01-01 05:53 -------- d-----w- c:\users\Nichole\AppData\Roaming\DVD Flick
2010-01-18 19:16 . 2008-12-16 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-18 19:16 . 2010-01-18 19:16 -------- d-----w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-17 22:09 . 2008-02-04 14:56 -------- d-----w- c:\program files\Google
2010-01-17 01:40 . 2010-01-17 01:35 -------- d-----w- c:\users\Nichole\AppData\Roaming\InfraRecorder
2010-01-16 22:35 . 2010-01-16 22:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\ImgBurn
2010-01-16 22:05 . 2010-01-16 22:05 -------- d-----w- c:\progra~2\Canneverbe Limited
2010-01-11 04:06 . 2009-07-30 00:43 -------- d-----w- c:\program files\BitComet
2010-01-11 03:05 . 2010-01-02 14:12 -------- d-----w- c:\program files\Codebox
2010-01-11 03:05 . 2009-12-26 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 02:55 . 2008-01-26 20:27 -------- d-----w- c:\program files\Recover Data for FAT & NTFS (Trial Version)
2010-01-11 01:43 . 2010-01-09 04:32 -------- dc-h--w- c:\progra~2\~0
2010-01-11 01:42 . 2010-01-09 04:43 -------- d-----w- c:\progra~2\Lavasoft
2010-01-09 04:34 . 2010-01-09 04:33 -------- d-----w- c:\program files\Ad-aware
2010-01-07 23:50 . 2008-01-20 06:39 -------- d-----w- c:\users\Nichole\AppData\Roaming\CyberLink
2010-01-07 21:07 . 2009-12-29 10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-12-29 10:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 05:41 . 2010-01-07 05:41 -------- d-----w- c:\program files\ThePluginSite
2010-01-07 05:41 . 2010-01-07 05:41 -------- d-----w- c:\program files\HarrysFilters3
2010-01-06 13:00 . 2010-01-06 13:00 -------- d-----w- c:\program files\Steinberg
2010-01-03 08:03 . 2010-01-03 08:03 -------- d-----w- c:\program files\PicPluck
2009-12-30 11:54 . 2009-12-30 11:54 -------- d-----w- c:\users\Nichole\AppData\Roaming\GrabPro
2009-12-30 10:00 . 2009-12-30 10:00 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 03:09 . 2008-10-17 02:11 -------- d-----w- c:\program files\Plax Network Suite
2009-12-29 03:09 . 2009-11-25 22:33 -------- d-----w- c:\program files\Cool Record Edit Deluxe
2009-12-29 03:09 . 2008-02-22 22:39 -------- d-----w- c:\program files\FLV Player
2009-12-29 00:39 . 2009-12-29 00:39 -------- d-----w- c:\users\Nichole\AppData\Roaming\Ashampoo
2009-12-29 00:39 . 2009-12-29 00:39 -------- d-----w- c:\progra~2\ashampoo
2009-12-29 00:39 . 2009-12-29 00:39 -------- d-----w- c:\program files\Ashampoo
2009-12-28 23:28 . 2009-12-24 23:59 -------- d-----w- c:\program files\Video Webcam and Slideshow Programs
2009-12-26 11:45 . 2009-12-26 11:45 -------- d-----w- c:\users\Nichole\AppData\Roaming\Malwarebytes
2009-12-26 11:45 . 2009-12-26 11:45 -------- d-----w- c:\progra~2\Malwarebytes
2009-12-25 17:58 . 2009-12-25 17:57 -------- d-----w- c:\program files\Movie Editor Whiz
2009-12-25 00:27 . 2009-12-25 00:27 -------- d-----w- c:\program files\Pryme
2009-12-24 22:25 . 2009-03-13 23:26 -------- d-----w- c:\program files\Yawcam
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\Simple Webcam Capture
2009-12-24 22:02 . 2009-12-24 22:02 -------- d-----w- c:\program files\VirtualDub-1.9.7
2009-12-24 22:01 . 2009-12-24 22:01 1703968 ----a-w- c:\program files\VirtualDub-1.9.7.zip
2008-09-20 03:52 . 2007-01-01 06:48 1603760 ----a-w- c:\program files\Paint.NET.3.36.zip
2008-01-26 14:01 . 2008-01-26 13:56 1474385 ----a-w- c:\program files\sprint32v2.zip
2008-01-20 09:02 . 2008-01-20 10:00 3155350 ----a-w- c:\program files\lingvosoft-dictionary-pkpc-engspa-f.exe
2008-01-20 09:00 . 2008-01-20 10:00 1680921 ----a-w- c:\program files\lingvosoft-dictionary-pkpc-engbul-f.zip
2008-01-19 23:36 . 2008-01-20 05:37 687733 ----a-w- c:\program files\notes170.exe
2008-01-19 19:50 . 2008-01-20 05:38 773497 ----a-w- c:\program files\tls_setup.exe
2008-01-19 19:36 . 2008-01-20 05:38 1363968 ----a-w- c:\program files\stickerlite.exe
2008-01-19 06:31 . 2008-01-20 10:45 192152327 ----a-r- c:\program files\AllProgramFilesZipped.zip
2008-01-17 02:53 . 2008-01-21 02:45 824216 ----a-w- c:\program files\diskmd-setup-1052.exe
2008-01-15 19:16 . 2008-01-21 02:47 48489 ----a-w- c:\program files\ipnetinfo.zip
2007-09-18 13:51 . 2008-01-20 05:38 3154009 ----a-w- c:\program files\audacity-win-1.2.6.zip
2007-04-02 08:31 . 2008-01-21 02:44 846008 ----a-w- c:\program files\alarm clocksetupdsc160r.exe
2006-08-18 01:51 . 2008-01-21 02:44 4279120 ----a-w- c:\program files\LimeWire PRO 4.12.6.exe
2006-06-10 15:14 . 2008-01-20 10:45 703122 ----a-r- c:\program files\TreeSizeSetup.exe
2006-05-18 03:11 . 2008-01-21 02:43 6113439 ----a-w- c:\program files\pci_filerecovery.exe
2006-04-13 11:38 . 2008-01-20 10:45 905216 ----a-w- c:\program files\iview398.exe
2003-04-18 13:00 . 2008-01-20 05:38 11 ----a-w- c:\program files\productid.txt
2007-08-24 13:52 . 2008-01-25 02:39 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-11-23 15:08 . 2007-11-23 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\23990098.$ ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB}]
2010-02-01 22:41 98304 ----a-w- c:\program files\Light Downloader\ldmie2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quicknote"="c:\program files\Quicknote\quicknote.exe" [2007-12-02 1183744]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-12-14 15:50 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1200618788\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-04 02:02 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hypersight]
2008-05-16 14:53 495616 ----a-w- c:\program files\Hypersight\hypersight.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyScreenCam]
2006-08-18 19:30 90112 ----a-w- c:\program files\My Screen Cam\scrcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:33 12685928 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:33 110184 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-11-21 01:33 812648 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quicknote]
2007-12-02 13:20 1183744 ----a-w- c:\program files\Quicknote\quicknote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-16 06:25 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-21 18:39 24264488 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-11-23 15:04 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZScreen]
2007-10-15 18:21 176128 ----a-w- c:\program files\ZScreen\ZScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 kernel;Hypersight Kernel;c:\windows\System32\drivers\kernel.sys [2/12/2010 3:01 AM 71168]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [7/7/2008 12:26 AM 28552]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/16/2010 9:18 AM 1153368]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [2/6/2010 10:39 AM 23456]
S3 IPTools;IPTools;\??\c:\documents and settings\Nichole\Desktop\DOWNLOADS FOLDER\IP Tools 10-19-2008\sniffer\iptools.exe --> c:\documents and settings\Nichole\Desktop\DOWNLOADS FOLDER\IP Tools 10-19-2008\sniffer\iptools.exe [?]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/12/2007 8:35 PM 25760]
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-30 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Light Downloader - file://c:\program files\Light Downloader\dlall.htm
IE: Download selected with Light Downloader - file://c:\program files\Light Downloader\dlselected.htm
IE: Download video with Light Downloader - file://c:\program files\Light Downloader\dlfvideo.htm
IE: Download with Light Downloader - file://c:\program files\Light Downloader\dllink.htm
FF - ProfilePath - c:\users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Light Downloader\Firefox\Extension\components\ldmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Nichole\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Nichole\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 02:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2764)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\system32\UI0Detect.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-02-22 02:59:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-22 07:59
ComboFix2.txt 2010-02-21 19:23
ComboFix3.txt 2010-02-21 13:38

Pre-Run: 172,777,582,592 bytes free
Post-Run: 172,624,588,800 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=3 Sets=1,2,3,5
- - End Of File - - 1112FBC397B8856C14FFE1AD2666F873

Attached Thumbnails

Attached Files

virusinfo_syscure.zip 21.97KB 169 downloads
virusinfo_syscheck.zip 20.07KB 169 downloads

Edited by Niki McKnight, 22 February 2010 - 03:10 AM.

#8
Niki McKnight

Posted 22 February 2010 - 04:45 PM

Member

Topic Starter
Member
63 posts

It won't allow me to upoad the cvs file, and I don't see any other file...=~(

#9
Niki McKnight

Posted 22 February 2010 - 04:58 PM

Member

Topic Starter
Member
63 posts

OTL logfile created on: 2/22/2010 5:52:37 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Nichole\Downloads\HELP
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.52 Gb Total Space | 160.37 Gb Free Space | 55.58% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.30 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 145.74 Gb Free Space | 48.89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 981.05 Mb Total Space | 973.89 Mb Free Space | 99.27% Space Free | Partition Type: FAT

Computer Name: FAITH
Current User Name: Nichole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/22 17:52:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\HELP\OTL(2).exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/04 17:00:14 | 002,334,856 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/10/13 11:25:23 | 000,470,273 | ---- | M] (Avira GmbH) -- c:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009/07/21 13:40:24 | 000,404,737 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2009/07/21 13:35:23 | 000,193,793 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/01/20 03:04:37 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/02 08:20:20 | 001,183,744 | ---- | M] (JC&MB) -- C:\Program Files\Quicknote\quicknote.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/05/15 19:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

========== Modules (SafeList) ==========

MOD - [2010/02/22 17:52:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nichole\Downloads\HELP\OTL(2).exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/19 20:27:49 | 000,000,024 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\iptools.INI -- (IPTools)
SRV - [2007/11/23 11:16:22 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/23 10:04:39 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 20:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 05:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 20:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 05:37:56 | 000,000,000 | ---D | M]

[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions
[2009/07/08 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/22 05:41:31 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/17 19:42:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2370)
[2009/07/22 02:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/19 14:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/02/05 07:18:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/09 06:42:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/05 07:18:55 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
[2010/02/22 05:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/24 08:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/10/15 04:53:11 | 001,140,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll

O1 HOSTS File: ([2010/02/22 02:54:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Reg Error: Value error. File not found
O2 - BHO: (FDMIECookiesBHO Class) - {7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB} - C:\Program Files\Light Downloader\ldmie2.dll ()
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKCU..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe (JC&MB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Light Downloader - C:\Program Files\Light Downloader\dlall.htm ()
O8 - Extra context menu item: Download selected with Light Downloader - C:\Program Files\Light Downloader\dlselected.htm ()
O8 - Extra context menu item: Download with Light Downloader - C:\Program Files\Light Downloader\dllink.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262300281720 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.167.10 67.142.167.11
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nichole\Pictures\Desktop\smiley7_1024x768.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nichole\Pictures\Desktop\smiley7_1024x768.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 10:58:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/22 17:49:31 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/22 17:49:31 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/02/22 17:49:30 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/02/22 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/22 03:47:25 | 000,000,000 | ---D | C] -- C:\Users\Nichole\DoctorWeb
[2010/02/22 02:59:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/22 02:54:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/02/22 02:54:28 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2010/02/22 02:44:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/22 02:44:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/22 02:44:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/22 02:44:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/21 22:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2010/02/21 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\My PSP8 Files
[2010/02/21 10:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt-BR
[2010/02/21 08:21:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/21 08:04:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 08:04:40 | 000,000,000 | ---D | C] -- \Qoobox
[2010/02/21 06:43:48 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/21 06:43:48 | 000,000,000 | ---D | C] -- \Avenger
[2010/02/20 09:05:46 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\1225091240
[2010/02/20 09:05:11 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0930091424a
[2010/02/20 09:03:39 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0219000743a
[2010/02/20 09:03:01 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0526091409a
[2010/02/20 09:02:10 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0711091542
[2010/02/20 09:01:35 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0216001833
[2010/02/20 09:00:58 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0218001707
[2010/02/20 09:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0218001723
[2010/02/20 08:59:57 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\cp1_0218001717
[2010/02/20 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\0218001849
[2010/02/16 18:42:40 | 000,000,000 | ---D | C] -- C:\vcs5core
[2010/02/16 18:42:40 | 000,000,000 | ---D | C] -- \vcs5core
[2010/02/16 18:42:40 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010/02/16 18:42:40 | 000,000,000 | ---D | C] -- \AV_LOGS
[2010/02/16 18:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Screaming Bee
[2010/02/16 18:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010/02/16 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee
[2010/02/16 16:33:27 | 000,000,000 | ---D | C] -- C:\vcs5BGEffects
[2010/02/16 16:33:27 | 000,000,000 | ---D | C] -- \vcs5BGEffects
[2010/02/16 16:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\AV Vcs 6.0 DIAMOND
[2010/02/16 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy(3811)
[2010/02/16 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy(2319)
[2010/02/16 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/15 17:52:56 | 000,000,000 | ---D | C] -- C:\Multimedia Files
[2010/02/15 17:52:56 | 000,000,000 | ---D | C] -- \Multimedia Files
[2010/02/15 17:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft GIF Animator
[2010/02/14 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\17yearsold
[2010/02/14 20:10:30 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\me46
[2010/02/12 03:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hypersight
[2010/02/12 01:59:04 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\Virus
[2010/02/12 01:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/02/10 18:30:30 | 000,000,000 | ---D | C] -- C:\Users\Nichole\Documents\ICONS 2010
[2010/02/10 00:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\VocoderGUI
[2010/02/10 00:08:25 | 000,000,000 | ---D | C] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/10 00:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Power Sound Editor Free
[2010/02/10 00:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/09 04:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/02/09 04:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2008/01/20 21:45:01 | 000,824,216 | ---- | C] (PC Pitstop LLC ) -- C:\Program Files\diskmd-setup-1052.exe
[2008/01/20 21:44:26 | 000,846,008 | ---- | C] (Duality Software ) -- C:\Program Files\alarm clocksetupdsc160r.exe
[2008/01/20 21:44:03 | 004,279,120 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWire PRO 4.12.6.exe
[2008/01/20 21:43:55 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
[2008/01/20 05:45:35 | 000,703,122 | R--- | C] (JAM Software ) -- C:\Program Files\TreeSizeSetup.exe
[2008/01/20 00:38:09 | 000,773,497 | ---- | C] (Cro-Code Software ) -- C:\Program Files\tls_setup.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/22 17:55:23 | 006,815,744 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat
[2010/02/22 17:54:25 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini
[2010/02/22 17:49:35 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/02/22 17:44:59 | 000,716,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/22 17:44:59 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/22 17:44:59 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/22 17:40:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/02/22 17:40:14 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 17:40:14 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 17:40:12 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/02/22 17:40:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/22 17:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/22 17:37:54 | 002,922,712 | -H-- | M] () -- C:\Users\Nichole\AppData\Local\IconCache.db
[2010/02/22 17:36:16 | 000,000,739 | ---- | M] () -- C:\Users\Nichole\Documents\DrWeb.csv
[2010/02/22 14:17:03 | 000,000,147 | ---- | M] () -- C:\Windows\System32\tmp.files0
[2010/02/22 03:28:14 | 000,082,813 | ---- | M] () -- C:\Users\Nichole\Documents\Baddies.zip
[2010/02/22 02:54:33 | 000,000,258 | ---- | M] () -- C:\Windows\system.ini
[2010/02/22 02:54:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/22 02:33:22 | 000,007,457 | ---- | M] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2010/02/21 22:16:00 | 000,052,736 | ---- | M] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 22:01:03 | 000,002,631 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/02/21 21:30:14 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2010/02/21 06:45:59 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/21 06:45:58 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/20 09:05:46 | 000,449,286 | ---- | M] () -- C:\Users\Nichole\Documents\1225091240.zip
[2010/02/20 09:05:11 | 000,132,893 | ---- | M] () -- C:\Users\Nichole\Documents\0930091424a.zip
[2010/02/20 09:04:54 | 000,076,433 | ---- | M] () -- C:\Users\Nichole\Documents\0514091931.jpg
[2010/02/20 09:04:37 | 000,061,300 | ---- | M] () -- C:\Users\Nichole\Documents\Pink.jpg
[2010/02/20 09:04:22 | 000,013,259 | ---- | M] () -- C:\Users\Nichole\Documents\0126001819a.jpg
[2010/02/20 09:04:04 | 000,086,636 | ---- | M] () -- C:\Users\Nichole\Documents\0219000747.jpg
[2010/02/20 09:03:39 | 000,269,311 | ---- | M] () -- C:\Users\Nichole\Documents\0219000743a.zip
[2010/02/20 09:03:01 | 000,203,974 | ---- | M] () -- C:\Users\Nichole\Documents\0526091409a.zip
[2010/02/20 09:02:10 | 000,343,947 | ---- | M] () -- C:\Users\Nichole\Documents\0711091542.zip
[2010/02/20 09:01:35 | 000,263,950 | ---- | M] () -- C:\Users\Nichole\Documents\0216001833.zip
[2010/02/20 09:00:58 | 000,115,449 | ---- | M] () -- C:\Users\Nichole\Documents\0218001707.zip
[2010/02/20 09:00:26 | 000,246,387 | ---- | M] () -- C:\Users\Nichole\Documents\0218001723.zip
[2010/02/20 08:59:57 | 000,052,302 | ---- | M] () -- C:\Users\Nichole\Documents\cp1_0218001717.zip
[2010/02/20 08:59:11 | 000,069,279 | ---- | M] () -- C:\Users\Nichole\Documents\0218001849.zip
[2010/02/19 00:33:39 | 000,000,763 | ---- | M] () -- C:\Users\Nichole\Documents\My Sharing Folders.lnk
[2010/02/18 10:15:17 | 000,000,000 | ---- | M] () -- C:\Users\Nichole\NETSH
[2010/02/18 09:21:13 | 000,013,364 | ---- | M] () -- C:\Users\Nichole\Documents\0209001508.jpg
[2010/02/18 07:39:14 | 006,553,600 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat_previous
[2010/02/18 01:03:29 | 000,007,944 | ---- | M] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2010/02/16 18:30:59 | 003,104,684 | ---- | M] () -- C:\Users\Nichole\Documents\voice.wav
[2010/02/16 11:49:20 | 000,001,896 | ---- | M] () -- C:\Users\Nichole\Documents\ark.text
[2010/02/16 07:14:52 | 001,779,746 | ---- | M] () -- C:\Users\Nichole\Documents\GOODBYEHOOTERS.wmv
[2010/02/15 21:59:54 | 000,025,641 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2010/02/14 21:25:37 | 002,093,834 | ---- | M] () -- C:\Users\Nichole\Documents\17yearsold.zip
[2010/02/14 20:10:30 | 000,064,160 | ---- | M] () -- C:\Users\Nichole\Documents\me46.zip
[2010/02/14 19:34:58 | 000,508,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/12 01:13:22 | 000,208,080 | ---- | M] () -- C:\Users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/10 15:42:42 | 000,001,882 | ---- | M] () -- C:\Users\Nichole\Desktop\HijackThis.lnk
[2010/02/10 15:04:37 | 000,589,824 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010/02/10 15:02:58 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/02/10 15:02:58 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/02/10 11:33:04 | 000,005,097 | ---- | M] () -- C:\Users\Nichole\Documents\My Favorite Theme.theme
[2010/02/10 03:48:50 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/02/10 00:45:06 | 000,000,834 | ---- | M] () -- C:\Users\Nichole\Desktop\Zerius Vocoder.lnk
[2010/02/10 00:08:19 | 000,001,825 | ---- | M] () -- C:\Users\Nichole\Desktop\Power Sound Editor Free.lnk
[2010/02/09 18:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 18:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 18:56:25 | 000,065,536 | -HS- | M] () -- C:\Users\Nichole\ntuser.dat{332d1c1a-12fd-11df-89d0-00038a000015}.TM.blf
[2010/02/09 04:30:40 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/02/09 04:30:31 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/02/09 04:30:05 | 000,001,400 | ---- | M] () -- C:\Users\Nichole\Desktop\DivX Movies.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 17:49:35 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/02/22 17:34:58 | 000,000,739 | ---- | C] () -- C:\Users\Nichole\Documents\DrWeb.csv
[2010/02/22 04:14:18 | 000,000,147 | ---- | C] () -- C:\Windows\System32\tmp.files0
[2010/02/22 03:28:13 | 000,082,813 | ---- | C] () -- C:\Users\Nichole\Documents\Baddies.zip
[2010/02/22 02:59:56 | 000,032,750 | ---- | C] () -- \ComboFix.txt
[2010/02/22 02:44:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/22 02:44:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/22 02:44:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/22 02:44:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 02:44:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/22 02:35:38 | 000,001,053 | ---- | C] () -- \CFScript.txt
[2010/02/21 22:43:34 | 001,615,732 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2010/02/21 14:27:40 | 000,029,555 | ---- | C] () -- \LOG 2010.txt
[2010/02/21 14:07:27 | 000,008,710 | ---- | C] () -- \avenger.txt
[2010/02/21 08:49:11 | 000,032,260 | ---- | C] () -- \log 2-21-2010.txt
[2010/02/21 06:54:21 | 000,015,514 | ---- | C] () -- \avenger2.txt
[2010/02/20 09:05:34 | 000,449,286 | ---- | C] () -- C:\Users\Nichole\Documents\1225091240.zip
[2010/02/20 09:05:06 | 000,132,893 | ---- | C] () -- C:\Users\Nichole\Documents\0930091424a.zip
[2010/02/20 09:04:49 | 000,076,433 | ---- | C] () -- C:\Users\Nichole\Documents\0514091931.jpg
[2010/02/20 09:04:34 | 000,061,300 | ---- | C] () -- C:\Users\Nichole\Documents\Pink.jpg
[2010/02/20 09:04:18 | 000,013,259 | ---- | C] () -- C:\Users\Nichole\Documents\0126001819a.jpg
[2010/02/20 09:03:59 | 000,086,636 | ---- | C] () -- C:\Users\Nichole\Documents\0219000747.jpg
[2010/02/20 09:03:30 | 000,269,311 | ---- | C] () -- C:\Users\Nichole\Documents\0219000743a.zip
[2010/02/20 09:02:53 | 000,203,974 | ---- | C] () -- C:\Users\Nichole\Documents\0526091409a.zip
[2010/02/20 09:01:58 | 000,343,947 | ---- | C] () -- C:\Users\Nichole\Documents\0711091542.zip
[2010/02/20 09:01:24 | 000,263,950 | ---- | C] () -- C:\Users\Nichole\Documents\0216001833.zip
[2010/02/20 09:00:53 | 000,115,449 | ---- | C] () -- C:\Users\Nichole\Documents\0218001707.zip
[2010/02/20 09:00:17 | 000,246,387 | ---- | C] () -- C:\Users\Nichole\Documents\0218001723.zip
[2010/02/20 08:59:53 | 000,052,302 | ---- | C] () -- C:\Users\Nichole\Documents\cp1_0218001717.zip
[2010/02/20 08:59:05 | 000,069,279 | ---- | C] () -- C:\Users\Nichole\Documents\0218001849.zip
[2010/02/18 10:15:17 | 000,000,000 | ---- | C] () -- C:\Users\Nichole\NETSH
[2010/02/18 09:20:51 | 000,013,364 | ---- | C] () -- C:\Users\Nichole\Documents\0209001508.jpg
[2010/02/18 04:11:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2010/02/16 18:30:38 | 003,104,684 | ---- | C] () -- C:\Users\Nichole\Documents\voice.wav
[2010/02/16 11:49:20 | 000,001,896 | ---- | C] () -- C:\Users\Nichole\Documents\ark.text
[2010/02/16 07:14:08 | 001,779,746 | ---- | C] () -- C:\Users\Nichole\Documents\GOODBYEHOOTERS.wmv
[2010/02/14 21:23:20 | 002,093,834 | ---- | C] () -- C:\Users\Nichole\Documents\17yearsold.zip
[2010/02/14 20:10:24 | 000,064,160 | ---- | C] () -- C:\Users\Nichole\Documents\me46.zip
[2010/02/12 03:01:26 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\kernel.sys
[2010/02/10 14:52:16 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/02/10 14:52:16 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/02/10 11:33:04 | 000,005,097 | ---- | C] () -- C:\Users\Nichole\Documents\My Favorite Theme.theme
[2010/02/10 00:45:06 | 000,000,834 | ---- | C] () -- C:\Users\Nichole\Desktop\Zerius Vocoder.lnk
[2010/02/10 00:08:19 | 000,001,825 | ---- | C] () -- C:\Users\Nichole\Desktop\Power Sound Editor Free.lnk
[2010/02/09 04:30:40 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2010/02/09 04:30:31 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2010/02/09 04:30:05 | 000,001,400 | ---- | C] () -- C:\Users\Nichole\Desktop\DivX Movies.lnk
[2010/02/05 03:01:07 | 000,025,641 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010/01/09 00:42:28 | 000,002,131 | ---- | C] () -- \aaw7boot.log
[2009/12/29 05:23:18 | 000,000,036 | ---- | C] () -- C:\Users\Nichole\AppData\Local\housecall.guid.cache
[2009/12/24 17:01:35 | 001,703,968 | ---- | C] () -- C:\Program Files\VirtualDub-1.9.7.zip
[2009/11/24 21:54:35 | 000,000,028 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/27 14:41:07 | 000,002,560 | ---- | C] () -- \stub.log
[2009/08/04 04:37:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/08/04 04:36:53 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/05/10 07:08:44 | 004,376,305 | ---- | C] () -- \MWAV.LOG
[2009/05/10 06:02:00 | 000,000,074 | ---- | C] () -- \23990098.$$$
[2009/03/24 00:57:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/03/14 12:16:55 | 000,230,454 | ---- | C] () -- \cam0000.bmp
[2009/03/13 16:26:45 | 000,057,654 | ---- | C] () -- \img.BMP
[2008/10/28 12:04:15 | 000,010,920 | ---- | C] () -- \aolconnfix.exe
[2008/10/28 12:04:15 | 000,001,039 | ---- | C] () -- \aolconnfix.txt
[2008/10/19 20:27:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\iptools.INI
[2008/10/15 04:26:38 | 000,067,334 | ---- | C] () -- \ProcessList.txt
[2008/08/07 17:57:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/07 17:57:19 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/08/07 17:57:19 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/07 17:57:19 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/07 17:57:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/07 17:57:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/08/07 17:57:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/07 06:00:05 | 000,000,146 | ---- | C] () -- \YServer.txt
[2008/05/04 10:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/15 05:21:44 | 000,000,178 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/30 03:54:52 | 000,000,458 | ---- | C] () -- C:\Windows\justnote.ini
[2008/01/26 08:56:55 | 001,474,385 | ---- | C] () -- C:\Program Files\sprint32v2.zip
[2008/01/26 00:43:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/01/20 21:47:26 | 000,048,489 | ---- | C] () -- C:\Program Files\ipnetinfo.zip
[2008/01/20 21:02:25 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OctaneARM.dll
[2008/01/20 20:50:10 | 000,000,164 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2008/01/20 20:49:59 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2008/01/20 19:59:51 | 000,052,736 | ---- | C] () -- C:\Users\Nichole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 17:50:52 | 000,007,457 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\mainhst.zgh
[2008/01/20 06:03:25 | 000,011,114 | ---- | C] () -- C:\Users\Nichole\AppData\Roaming\wklnhst.dat
[2008/01/20 05:45:48 | 192,152,327 | R--- | C] () -- C:\Program Files\AllProgramFilesZipped.zip
[2008/01/20 05:45:35 | 000,905,216 | ---- | C] () -- C:\Program Files\iview398.exe
[2008/01/20 05:00:15 | 001,680,921 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engbul-f.zip
[2008/01/20 05:00:14 | 003,155,350 | ---- | C] () -- C:\Program Files\lingvosoft-dictionary-pkpc-engspa-f.exe
[2008/01/20 01:40:31 | 000,043,352 | ---- | C] () -- C:\Windows\System32\wups2.dll
[2008/01/20 00:38:43 | 003,154,009 | ---- | C] () -- C:\Program Files\audacity-win-1.2.6.zip
[2008/01/20 00:38:19 | 000,000,011 | ---- | C] () -- C:\Program Files\productid.txt
[2008/01/20 00:38:02 | 001,363,968 | ---- | C] () -- C:\Program Files\stickerlite.exe
[2008/01/20 00:37:36 | 000,687,733 | ---- | C] () -- C:\Program Files\notes170.exe
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \MSDOS.SYS
[2008/01/20 00:33:19 | 000,000,000 | ---- | C] () -- \IO.SYS
[2008/01/17 20:25:33 | 000,007,944 | ---- | C] () -- C:\Users\Nichole\AppData\Local\d3d9caps.dat
[2007/11/23 10:30:00 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/23 10:30:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/23 10:19:20 | 2325,676,032 | -HS- | C] () --
[2007/11/23 10:02:45 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/11/23 10:02:44 | 000,438,840 | RHS- | C] () -- \bootmgr
[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll
[2007/01/01 01:48:46 | 001,603,760 | ---- | C] () -- C:\Program Files\Paint.NET.3.36.zip
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/06/18 00:17:26 | 000,000,212 | ---- | C] () -- C:\Windows\cr8type2lightins.ini
[2002/06/28 04:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 08:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1998/03/14 12:16:04 | 000,000,136 | ---- | C] () -- C:\Windows\System32\mssrina.dll

========== LOP Check ==========

[2008/11/30 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\AMPSoft
[2009/04/20 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ArmorSurf
[2009/12/28 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Ashampoo
[2008/12/16 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Auslogics
[2009/05/08 03:32:57 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Bearshare Premium P2P
[2008/08/02 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BPK
[2009/07/21 03:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\BRAVIS
[2010/02/01 13:55:44 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\CBS Interactive
[2009/08/03 02:00:35 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Digital Support
[2008/12/01 05:41:10 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\FontCreator
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Free&Easy Font Viewer
[2006/12/31 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GetRightToGo
[2009/05/08 03:07:50 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GlarySoft
[2009/12/30 06:54:32 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\GrabPro
[2009/05/10 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\HouseCall 6.6
[2010/01/16 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ImgBurn
[2009/12/20 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Improved Software
[2010/01/16 20:40:38 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\InfraRecorder
[2009/05/22 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\IObit
[2009/09/17 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\JAM Software
[2010/02/21 06:22:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Light Downloader
[2010/02/16 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\LimeWire
[2009/08/04 04:38:09 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MAGIX
[2008/12/01 03:35:40 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\MainType
[2009/05/10 00:51:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\minimem
[2009/12/20 03:07:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Moyea
[2009/12/20 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NeoDownloader
[2008/01/26 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\NoteTab Light
[2010/02/18 07:37:45 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Orbit
[2010/02/10 00:24:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Power Sound Editor Free
[2010/02/05 03:18:53 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Q-Dir
[2010/02/16 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Screaming Bee
[2008/10/17 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Se Analyzer Tool SA
[2010/01/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\SystemRequirementsLab
[2009/07/29 17:26:19 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\TamoSoft
[2008/01/20 06:03:26 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Template
[2010/02/21 04:36:27 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraExplorer
[2009/12/23 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\UltraGet
[2009/05/06 05:43:22 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\Uniblue
[2010/02/22 04:57:07 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\uTorrent
[2008/12/16 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\WinBatch
[2008/01/21 03:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nichole\AppData\Roaming\ZipGenius
[2010/02/22 17:40:12 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/02/22 17:38:42 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 12 bytes -> C:\Users\Nichole\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8423A1CF
< End of report >

#10
Ltangelic

Posted 23 February 2010 - 05:18 AM

Angel Annihilator of Malware

Retired Staff
2,008 posts

Hey Niki McKnight,

Can you try opening the csv document and copying/pasting the log onto here?-->C:\Users\Nichole\Documents\DrWeb.csv

Thanks.

#11
Niki McKnight

Posted 23 February 2010 - 06:50 PM

Member

Topic Starter
Member
63 posts

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 384673
Infected: 1
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 1
Ignored: 0
Scan speed: 67 Kb/s
Scan time: 09:55:41
-----------------------------------------------------------------------------

C:\Documents and Settings\Nichole\AppData\Local\Application Data\eSupport.com\biosagentplus_29.exe - moved
C:\Documents and Settings\Nichole\Downloads\biosagentplus_29.exe - moved

=============================================================================
Total session statistics
=============================================================================
Scanned: 501113
Infected: 1
Modifications: 0
Suspicious: 3
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 3
Ignored: 0
Scan speed: 25 Kb/s
Scan time: 11:07:25
=============================================================================

#12
Ltangelic

Posted 25 February 2010 - 04:12 AM

Angel Annihilator of Malware

Retired Staff
2,008 posts

Hey Niki McKnight,

Apologies for the delay, I was busy yesterday.

There are still a couple of things we have to deal with, hang in there.

By the way, do you by any chance know what these files are? If you don't, we can remove them in the next post.

C:\Users\Nichole\Documents\1225091240.zip
C:\Users\Nichole\Documents\0930091424a.zip
C:\Users\Nichole\Documents\0514091931.jpg
C:\Users\Nichole\Documents\Pink.jpg
C:\Users\Nichole\Documents\0126001819a.jpg
C:\Users\Nichole\Documents\0219000747.jpg
C:\Users\Nichole\Documents\0219000743a.zip
C:\Users\Nichole\Documents\0526091409a.zip
C:\Users\Nichole\Documents\0711091542.zip
C:\Users\Nichole\Documents\0216001833.zip
C:\Users\Nichole\Documents\0218001707.zip
C:\Users\Nichole\Documents\0218001723.zip
C:\Users\Nichole\Documents\cp1_0218001717.zip
C:\Users\Nichole\Documents\0218001849.zip
C:\Users\Nichole\Documents\0209001508.jpg
C:\Users\Nichole\Documents\17yearsold.zip
C:\Users\Nichole\Documents\me46.zip
C:\Program Files\ipnetinfo.zip
C:\Program Files\sprint32v2.zip

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Avira anti-virus and Spybot Teatimer) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Run OTL

Run OTL -

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
	 
:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) Run CFScript

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll:

DirLook::
C:\Users\Nichole\Documents\1225091240
C:\Users\Nichole\Documents\0930091424a
C:\Users\Nichole\Documents\0219000743a
C:\Users\Nichole\Documents\0526091409a
C:\Users\Nichole\Documents\0711091542
C:\Users\Nichole\Documents\0216001833
C:\Users\Nichole\Documents\0218001707
C:\Users\Nichole\Documents\0218001723
C:\Users\Nichole\Documents\cp1_0218001717
C:\Users\Nichole\Documents\0218001849
C:\vcs5BGEffects

FileLook::
C:\Program Files\stickerlite.exe
C:\Program Files\notes170.exe
C:\Windows\System32\NewNamekrl32mainweq.dll
C:\cam0000.bmp
C:\img.BMP
c:\windows\system32\drivers\DrvAgent32.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

Combofix.txt .

3) Optional Removals

From your log, you seem to have LimeWire and Viewpoint Media Player installed.

Viewpoint is not malware, but it is considered froistware that is installed without your permission. While it is not harmful in itself, it can bring about unnecessary security risks to your computer as well as collecting private information about your browsing habit. Please look at the article(s) below:

http://en.wikipedia....nt_Media_Player

LimeWire is a Peer-to-Peer (P2P) file sharing application that can compromise your computer's security. Please have a look at the following:

http://www.microsoft...ilesharing.aspx

Due to the dubious nature of these programs, it is highly recommended that you remove the programs via Add or Remove Programs in Control Panel and refrain from downloading these programs in the future. If you have made a decision to remove these programs, please do the following:

Please go to Add or Remove Programs and remove the following (if present):

Viewpoint Media Player
LimeWire 5.1.4

Then use Windows Explorer and remove the following (if present):
C:\Program Files\LimeWire PRO 4.12.6.exe
C:\Users\Nichole\AppData\Roaming\LimeWire
C:\Program Files\LimeWire
C:\Program Files\Viewpoint

Reboot your computer.

4) Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
dxtmsft.dll
dxtrans.dll
msvbvm60.dll
rsaenh.dll
SLC.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next reply (please include in your post):

Tell me how your computer is running
Your answer to my question regarding the unknown files
OTL.txt
ComboFix.txt
SystemLook.txt

Edited by Ltangelic, 25 February 2010 - 04:13 AM.

#13
Niki McKnight

Posted 26 February 2010 - 02:30 PM

Member

Topic Starter
Member
63 posts

I'm sorry I've been swamped. I will post the logs soon...

#14
Niki McKnight

Posted 27 February 2010 - 02:22 AM

Member

Topic Starter
Member
63 posts

Unknown files, were just pictures I took recently, no programs or anything....
I ran the OTL custom , and then quick scan but didn't copy the log file, and couldn't seem to find it after I ran the ComboFix, so I went to run it again but encountered an error message telling me there was something illegal, (error message included as an attachment)...

The computer is still struggling, just trying to type this is labored, I'll type but it will take a good 5 to 10 seconds for what I type to appear. I had to switch to a sticky note program to write this, as writing in the reply box was too difficult. System is still bogging down and freezing. Am wondering if I should go ahead and try to apply SP1? (btw: I really appreciate all of your help...thank-you heaps!)

Here is the ComboFix Log:

ComboFix 10-02-20.04 - Nichole 02/27/2010 2:51.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1007 [GMT -5:00]
Running from: c:\users\Nichole\Downloads\HELP\ComboFix.exe
Command switches used :: c:\users\Nichole\Downloads\HELP\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 07:59 . 2010-02-27 07:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-27 07:59 . 2010-02-27 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 07:36 . 2010-02-27 07:36 -------- d-----w- C:\_OTL
2010-02-22 22:49 . 2010-02-23 22:51 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 22:49 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-22 22:49 . 2010-02-22 22:49 -------- d-----w- c:\program files\Avira
2010-02-22 22:49 . 2010-02-22 22:49 -------- d-----w- c:\progra~2\Avira
2010-02-22 08:47 . 2010-02-22 19:14 -------- d-----w- c:\users\Nichole\DoctorWeb
2010-02-22 03:43 . 2010-02-22 03:43 -------- d-----w- c:\program files\ProcessExplorer
2010-02-22 03:43 . 2009-04-19 14:46 1615732 ----a-w- c:\program files\ProcessExplorer.zip
2010-02-21 15:39 . 2010-02-21 15:41 -------- d-----w- c:\windows\system32\pt-BR
2010-02-16 23:42 . 2010-02-16 23:45 -------- d-----w- C:\vcs5core
2010-02-16 23:42 . 2010-02-16 23:42 -------- d-----w- C:\AV_LOGS
2010-02-16 23:29 . 2010-02-16 23:29 -------- d-----w- c:\users\Nichole\AppData\Roaming\Screaming Bee
2010-02-16 23:27 . 2010-02-16 23:29 -------- d-----w- c:\progra~2\Screaming Bee
2010-02-16 23:27 . 2010-02-16 23:27 -------- d-----w- c:\program files\Screaming Bee
2010-02-16 21:33 . 2010-02-17 00:06 -------- d-----w- C:\vcs5BGEffects
2010-02-16 21:32 . 2010-02-16 23:56 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-02-16 14:18 . 2010-02-22 08:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-16 14:18 . 2010-02-21 13:20 -------- d-----w- c:\program files\Spybot - Search & Destroy(3811)
2010-02-16 14:18 . 2010-02-18 11:32 -------- d-----w- c:\program files\Spybot - Search & Destroy(2319)
2010-02-15 22:52 . 2010-02-18 12:37 -------- d-----w- C:\Multimedia Files
2010-02-15 22:52 . 2010-02-18 12:37 -------- d-----w- c:\program files\Microsoft GIF Animator
2010-02-12 08:01 . 2008-05-16 14:53 71168 ----a-w- c:\windows\system32\drivers\kernel.sys
2010-02-12 08:01 . 2010-02-18 12:37 -------- d-----w- c:\program files\Hypersight
2010-02-12 06:18 . 2010-02-12 06:18 -------- d-----w- c:\progra~2\F-Secure
2010-02-10 05:45 . 2010-02-10 11:22 -------- d-----w- c:\program files\VocoderGUI
2010-02-10 05:08 . 2010-02-10 05:24 -------- d-----w- c:\users\Nichole\AppData\Roaming\Power Sound Editor Free
2010-02-10 05:08 . 2010-02-10 11:22 -------- d-----w- c:\program files\Power Sound Editor Free
2010-02-10 05:05 . 2010-02-10 11:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-09 09:30 . 2010-02-09 09:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-09 09:30 . 2010-02-09 09:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-06 17:21 . 2010-02-21 11:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\Light Downloader
2010-02-06 17:20 . 2010-02-06 17:21 -------- d-----w- c:\program files\Light Downloader
2010-02-06 17:20 . 2010-02-06 17:20 -------- d-----w- c:\progra~2\LightDownloader.COM
2010-02-06 15:39 . 2010-02-06 15:39 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-06 08:05 . 2010-02-06 08:05 -------- d-----w- c:\progra~2\AOL Downloads
2010-02-06 05:28 . 2010-02-06 05:29 -------- d-----w- c:\program files\FAVORITE PROGRAMS
2010-02-05 23:58 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-02-05 23:58 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-05 23:58 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-05 23:58 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-05 23:58 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-05 23:58 . 2008-07-31 15:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-05 23:58 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-02-05 23:58 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-02-05 23:08 . 2010-02-05 23:08 -------- d-----w- c:\program files\SiSoftware
2010-02-05 08:01 . 2010-02-05 08:18 -------- d-----w- c:\users\Nichole\AppData\Roaming\Q-Dir
2010-02-05 08:01 . 2010-02-05 08:01 -------- d-----w- c:\program files\Q-Dir
2010-02-05 06:45 . 2010-02-21 09:36 -------- d-----w- c:\users\Nichole\AppData\Roaming\UltraExplorer
2010-02-05 06:45 . 2010-02-05 06:45 -------- d-----w- c:\program files\UltraExplorer
2010-02-04 23:42 . 2010-02-04 23:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 18:00 . 2010-02-27 05:03 -------- d-----w- c:\program files\Free DVD Burner
2010-02-02 14:46 . 2010-02-02 14:46 -------- d-----w- c:\program files\HD Tune
2010-02-01 16:29 . 2010-02-01 18:55 -------- d-----w- c:\users\Nichole\AppData\Roaming\CBS Interactive
2010-01-31 03:14 . 2010-02-18 12:37 -------- d-----w- c:\users\Nichole\Pictures Graphics
2010-01-30 10:48 . 2010-01-30 10:52 -------- d-----w- c:\program files\Free Video Converter
2010-01-30 10:26 . 2010-01-30 10:26 -------- d-----w- c:\program files\eRightSoft
2010-01-30 09:24 . 2010-01-30 09:54 -------- d-----w- c:\program files\iWisoft Flash SWF to Video Converter
2010-01-30 09:09 . 2010-01-30 09:09 -------- d-----w- c:\users\Nichole\AppData\Roaming\AVS4YOU
2010-01-30 09:09 . 2010-01-30 09:09 -------- d-----w- c:\progra~2\AVS4YOU
2010-01-30 09:02 . 2010-01-30 09:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-30 09:02 . 2010-01-30 09:03 -------- d-----w- c:\program files\AVS4YOU
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- C:\DVDVideoSoft
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-30 08:45 . 2010-01-30 08:45 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-30 08:35 . 2010-01-30 09:14 -------- d-----w- c:\program files\SWF to AVI
2010-01-30 06:19 . 2010-01-30 06:19 -------- d-----w- c:\program files\Extra Photo SlideShow Free
2010-01-29 13:10 . 2010-01-29 13:10 -------- d-----w- c:\program files\AnvSoft
2010-01-29 04:04 . 2010-01-29 04:04 -------- d-----w- C:\NCH Software
2010-01-29 03:12 . 2010-02-18 04:21 -------- d-----w- c:\users\Nichole\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 07:36 . 2008-08-07 08:19 -------- d-----w- c:\users\Nichole\AppData\Roaming\uTorrent
2010-02-22 08:38 . 2008-03-05 23:06 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-02-21 11:45 . 2010-02-03 12:28 35085 ----a-w- c:\progra~2\nvModes.dat
2010-02-19 05:33 . 2008-05-09 10:32 -------- d-----w- c:\program files\Windows Live
2010-02-18 12:37 . 2009-12-30 10:00 -------- d-----w- c:\users\Nichole\AppData\Roaming\Orbit
2010-02-18 12:37 . 2008-08-07 08:19 -------- d-----w- c:\program files\uTorrent
2010-02-18 12:37 . 2008-05-09 10:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-02-18 12:37 . 2008-01-21 02:59 -------- d-----w- c:\program files\IrfanView
2010-02-18 12:37 . 2008-01-20 10:14 -------- d-----w- c:\program files\Jasc Software Inc
2010-02-18 12:37 . 2008-01-18 01:17 -------- d-----w- c:\program files\AOL 9.0
2010-02-18 07:22 . 2008-11-05 19:29 -------- d-----w- c:\program files\Harshil's Softwares
2010-02-18 07:22 . 2007-11-23 15:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 06:03 . 2008-01-18 01:25 7944 ----a-w- c:\users\Nichole\AppData\Local\d3d9caps.dat
2010-02-16 18:04 . 2008-01-21 06:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\LimeWire
2010-02-15 22:01 . 2010-01-08 00:00 -------- d-----w- c:\users\Nichole\AppData\Roaming\DivX
2010-02-12 15:01 . 2008-01-20 10:17 -------- d-----w- c:\program files\ZipGenius 6
2010-02-12 13:15 . 2008-12-10 22:36 -------- d-----w- c:\program files\Registry Easy
2010-02-12 06:13 . 2008-01-18 01:24 208080 ----a-w- c:\users\Nichole\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-10 10:39 . 2009-07-31 01:20 -------- d-----w- c:\progra~2\NOS
2010-02-10 10:37 . 2009-05-10 03:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 09:30 . 2008-08-07 19:32 -------- d-----w- c:\program files\DivX
2010-02-06 17:21 . 2010-02-06 17:21 51 ----a-w- c:\users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\extensions\[email protected]
2010-02-05 22:23 . 2008-02-06 03:38 -------- d-----w- c:\program files\Duplicate File Finder
2010-02-04 09:15 . 2007-11-23 16:00 -------- d-----w- c:\program files\Common Files\Java
2010-02-04 08:28 . 2008-01-20 11:03 11114 ----a-w- c:\users\Nichole\AppData\Roaming\wklnhst.dat
2010-02-03 12:28 . 2007-11-23 15:45 -------- d-----w- c:\progra~2\NVIDIA
2010-02-02 16:02 . 2008-01-20 09:52 -------- d-----w- c:\users\Nichole\AppData\Roaming\U3
2010-02-02 08:30 . 2008-01-21 10:28 -------- d-----w- c:\program files\GetData
2010-01-30 06:10 . 2009-08-04 09:12 -------- d-----w- c:\program files\mresreg
2010-01-21 21:32 . 2010-01-09 14:37 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-21 21:27 . 2007-11-23 15:43 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-21 00:58 . 2007-01-01 05:53 -------- d-----w- c:\users\Nichole\AppData\Roaming\DVD Flick
2010-01-18 19:16 . 2008-12-16 16:59 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-18 19:16 . 2010-01-18 19:16 -------- d-----w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-18 19:16 . 2010-01-18 19:16 290816 ----a-w- c:\users\Nichole\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-17 22:09 . 2008-02-04 14:56 -------- d-----w- c:\program files\Google
2010-01-17 01:40 . 2010-01-17 01:35 -------- d-----w- c:\users\Nichole\AppData\Roaming\InfraRecorder
2010-01-16 22:35 . 2010-01-16 22:22 -------- d-----w- c:\users\Nichole\AppData\Roaming\ImgBurn
2010-01-16 22:05 . 2010-01-16 22:05 -------- d-----w- c:\progra~2\Canneverbe Limited
2010-01-11 04:06 . 2009-07-30 00:43 -------- d-----w- c:\program files\BitComet
2010-01-11 03:05 . 2010-01-02 14:12 -------- d-----w- c:\program files\Codebox
2010-01-11 03:05 . 2009-12-26 11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 02:55 . 2008-01-26 20:27 -------- d-----w- c:\program files\Recover Data for FAT & NTFS (Trial Version)
2010-01-11 01:43 . 2010-01-09 04:32 -------- dc-h--w- c:\progra~2\~0
2010-01-11 01:42 . 2010-01-09 04:43 -------- d-----w- c:\progra~2\Lavasoft
2010-01-09 04:34 . 2010-01-09 04:33 -------- d-----w- c:\program files\Ad-aware
2010-01-07 23:50 . 2008-01-20 06:39 -------- d-----w- c:\users\Nichole\AppData\Roaming\CyberLink
2010-01-07 21:07 . 2009-12-29 10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-12-29 10:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 05:41 . 2010-01-07 05:41 -------- d-----w- c:\program files\ThePluginSite
2010-01-07 05:41 . 2010-01-07 05:41 -------- d-----w- c:\program files\HarrysFilters3
2010-01-06 13:00 . 2010-01-06 13:00 -------- d-----w- c:\program files\Steinberg
2010-01-03 08:03 . 2010-01-03 08:03 -------- d-----w- c:\program files\PicPluck
2009-12-30 11:54 . 2009-12-30 11:54 -------- d-----w- c:\users\Nichole\AppData\Roaming\GrabPro
2009-12-30 10:00 . 2009-12-30 10:00 -------- d-----w- c:\program files\Orbitdownloader
2009-12-24 22:01 . 2009-12-24 22:01 1703968 ----a-w- c:\program files\VirtualDub-1.9.7.zip
2008-09-20 03:52 . 2007-01-01 06:48 1603760 ----a-w- c:\program files\Paint.NET.3.36.zip
2008-01-26 14:01 . 2008-01-26 13:56 1474385 ----a-w- c:\program files\sprint32v2.zip
2008-01-20 09:02 . 2008-01-20 10:00 3155350 ----a-w- c:\program files\lingvosoft-dictionary-pkpc-engspa-f.exe
2008-01-20 09:00 . 2008-01-20 10:00 1680921 ----a-w- c:\program files\lingvosoft-dictionary-pkpc-engbul-f.zip
2008-01-19 23:36 . 2008-01-20 05:37 687733 ----a-w- c:\program files\notes170.exe
2008-01-19 19:50 . 2008-01-20 05:38 773497 ----a-w- c:\program files\tls_setup.exe
2008-01-19 19:36 . 2008-01-20 05:38 1363968 ----a-w- c:\program files\stickerlite.exe
2008-01-19 06:31 . 2008-01-20 10:45 192152327 ----a-r- c:\program files\AllProgramFilesZipped.zip
2008-01-17 02:53 . 2008-01-21 02:45 824216 ----a-w- c:\program files\diskmd-setup-1052.exe
2008-01-15 19:16 . 2008-01-21 02:47 48489 ----a-w- c:\program files\ipnetinfo.zip
2007-09-18 13:51 . 2008-01-20 05:38 3154009 ----a-w- c:\program files\audacity-win-1.2.6.zip
2007-04-02 08:31 . 2008-01-21 02:44 846008 ----a-w- c:\program files\alarm clocksetupdsc160r.exe
2006-08-18 01:51 . 2008-01-21 02:44 4279120 ----a-w- c:\program files\LimeWire PRO 4.12.6.exe
2006-06-10 15:14 . 2008-01-20 10:45 703122 ----a-r- c:\program files\TreeSizeSetup.exe
2006-05-18 03:11 . 2008-01-21 02:43 6113439 ----a-w- c:\program files\pci_filerecovery.exe
2006-04-13 11:38 . 2008-01-20 10:45 905216 ----a-w- c:\program files\iview398.exe
2003-04-18 13:00 . 2008-01-20 05:38 11 ----a-w- c:\program files\productid.txt
2007-08-24 13:52 . 2008-01-25 02:39 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-11-23 15:08 . 2007-11-23 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- C:\cam0000.bmp ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 230454
Created time: 2009-03-14 17:16
Modified time: 2009-03-14 17:16
MD5: 4F1E470FA8DD70211B8C1BF0D0B2732F
SHA1: AC51E5281D2979E19211061F6D3390111EA725EB

--- C:\img.BMP ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 57654
Created time: 2009-03-13 21:26
Modified time: 2009-03-13 21:26
MD5: 61C556B39751BCB41C2EDD6450621EA4
SHA1: 19C0A12D18A5DC6402FB1BE8A19CF73B6CF72520

--- c:\program files\notes170.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 687733
Created time: 2008-01-20 05:37
Modified time: 2008-01-19 23:36
MD5: 82C9EF7FC296FD3B458F2DFD05B0AE26
SHA1: 4B6F2C104003766FDECCA2EBABA71E40515866E6

--- c:\program files\stickerlite.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 1363968
Created time: 2008-01-20 05:38
Modified time: 2008-01-19 19:36
MD5: 54CBE68B6AEC20E27468FCFBDAB95FE5
SHA1: 11B545980F63EB9DDBFF96B6F8E0D704ADE358DE

--- c:\windows\system32\drivers\DrvAgent32.sys ---
Company: Phoenix Technologies
File Description: DriverAgent Direct I/O for 32-bit Windows
File Version: 6.0
Product Name: DriverAgent
Copyright: EnTech Taiwan, 1997-2009
Original Filename: Agent32.sys
File size: 23456
Created time: 2010-02-06 15:39
Modified time: 2010-02-06 15:39
MD5: 651554E483712B708EDE864D0CA1AA73
SHA1: AADCE7124CD8DD3568011B5DFDEAB0DFE68D45BF

---- Directory of c:\users\Nichole\Documents\0216001833 ----

---- Directory of c:\users\Nichole\Documents\0218001707 ----

---- Directory of c:\users\Nichole\Documents\0218001723 ----

---- Directory of c:\users\Nichole\Documents\0218001849 ----

---- Directory of c:\users\Nichole\Documents\0219000743a ----

---- Directory of c:\users\Nichole\Documents\0526091409a ----

---- Directory of c:\users\Nichole\Documents\0711091542 ----

---- Directory of c:\users\Nichole\Documents\0930091424a ----

---- Directory of c:\users\Nichole\Documents\1225091240 ----

---- Directory of c:\users\Nichole\Documents\cp1_0218001717 ----

2010-02-20 05:00 . 2010-02-20 05:00 21998 ----a-w- c:\users\Nichole\Documents\cp1_0218001717\cp1_0218001717.jpg
2010-02-20 05:00 . 2010-02-20 05:00 30721 ----a-w- c:\users\Nichole\Documents\cp1_0218001717\cp1_0218001717a.jpg

---- Directory of C:\vcs5BGEffects ----

2010-02-17 00:06 . 2010-02-17 00:06 9570 ----a-w- c:\vcs5bgeffects\RealPlay.exe_MN.log
2010-02-17 00:06 . 2010-02-17 00:07 136 ----a-w- c:\vcs5bgeffects\RealPlay.exe_MAIN.log
2010-02-17 00:06 . 2010-02-17 00:07 10545 ----a-w- c:\vcs5bgeffects\RealPlay.exe.log
2010-02-17 00:04 . 2010-02-17 00:05 56724 ----a-w- c:\vcs5bgeffects\vlc.exe_MN.log
2010-02-17 00:04 . 2010-02-17 00:05 136 ----a-w- c:\vcs5bgeffects\vlc.exe_MAIN.log
2010-02-17 00:04 . 2010-02-17 00:05 61764 ----a-w- c:\vcs5bgeffects\vlc.exe.log
2010-02-16 23:59 . 2010-02-17 00:00 136 ----a-w- c:\vcs5bgeffects\wmplayer.exe_MAIN.log
2010-02-16 23:59 . 2010-02-17 00:00 150 ----a-w- c:\vcs5bgeffects\wmplayer.exe.log
2010-02-16 23:10 . 2010-02-16 23:11 136 ----a-w- c:\vcs5bgeffects\firefox.exe_MAIN.log
2010-02-16 23:10 . 2010-02-16 23:11 150 ----a-w- c:\vcs5bgeffects\firefox.exe.log
2010-02-16 21:33 . 2010-02-16 23:13 2958 ----a-w- c:\vcs5bgeffects\Vcs6Core.exe_MN.log
2010-02-16 21:33 . 2010-02-16 23:13 3363 ----a-w- c:\vcs5bgeffects\Vcs6Core.exe.log
2010-02-16 21:33 . 2010-02-16 23:13 136 ----a-w- c:\vcs5bgeffects\Vcs6Core.exe_MAIN.log

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A780B7B-DCF1-4ec4-BB13-2DF92CAD27DB}]
2010-02-01 22:41 98304 ----a-w- c:\program files\Light Downloader\ldmie2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quicknote"="c:\program files\Quicknote\quicknote.exe" [2007-12-02 1183744]
"AOL Fast Start"="c:\program files\AOL 9.0\AOL.EXE" [2006-11-10 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 11:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-12-14 15:50 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1200618788\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-04 02:02 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hypersight]
2008-05-16 14:53 495616 ----a-w- c:\program files\Hypersight\hypersight.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyScreenCam]
2006-08-18 19:30 90112 ----a-w- c:\program files\My Screen Cam\scrcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:33 12685928 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:33 110184 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-11-21 01:33 812648 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quicknote]
2007-12-02 13:20 1183744 ----a-w- c:\program files\Quicknote\quicknote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-16 06:25 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-21 18:39 24264488 ----a-w- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ----a-w- c:\windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-11-23 15:04 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZScreen]
2007-10-15 18:21 176128 ----a-w- c:\program files\ZScreen\ZScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 kernel;Hypersight Kernel;c:\windows\System32\drivers\kernel.sys [2/12/2010 3:01 AM 71168]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [7/7/2008 12:26 AM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/22/2010 5:49 PM 108289]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [2/6/2010 10:39 AM 23456]
S3 IPTools;IPTools;\??\c:\documents and settings\Nichole\Desktop\DOWNLOADS FOLDER\IP Tools 10-19-2008\sniffer\iptools.exe --> c:\documents and settings\Nichole\Desktop\DOWNLOADS FOLDER\IP Tools 10-19-2008\sniffer\iptools.exe [?]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/12/2007 8:35 PM 25760]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-30 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Light Downloader - file://c:\program files\Light Downloader\dlall.htm
IE: Download selected with Light Downloader - file://c:\program files\Light Downloader\dlselected.htm
IE: Download video with Light Downloader - file://c:\program files\Light Downloader\dlfvideo.htm
IE: Download with Light Downloader - file://c:\program files\Light Downloader\dllink.htm
FF - ProfilePath - c:\users\Nichole\AppData\Roaming\Mozilla\Firefox\Profiles\8fmkogpr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Light Downloader\Firefox\Extension\components\ldmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Nichole\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Nichole\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 03:04
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AOL 9.0\waol.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\system32\UI0Detect.exe
c:\program files\AOL 9.0\shellmon.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-02-27 03:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-27 08:08
ComboFix2.txt 2010-02-22 07:59
ComboFix3.txt 2010-02-21 19:23
ComboFix4.txt 2010-02-21 13:38

Pre-Run: 172,547,432,448 bytes free
Post-Run: 172,567,826,432 bytes free

- - End Of File - - 782C15365F2BE95A6132FAD570966B0F

#15
Niki McKnight

Posted 27 February 2010 - 02:33 AM

Member

Topic Starter
Member
63 posts

I cannot run the OTL program again NOR the SystemLook program... (see screen shots attached)
The system will not allow me to open any pictures either, I keep getting the same error message...