Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to Update, Gabest infection, Redirecting webpage request someti

Started by Danc20 , Sep 28 2010 03:01 PM

  • This topic is locked This topic is locked

#1
Danc20
Posted 28 September 2010 - 03:01 PM

Danc20

    Member

  • Member
  • PipPip
  • 53 posts
Hello, I am currently dealing with not being able to install windows updates, a possibly infected Media Player Classic (controlled by Gabest?) and sometimes a redirecting homepage. I am formerly recovering from malware problems which I tried working out on another forum, but I have not fully been helped. The site was helpful and using combofix got rid of some bad stuff, but that forum is now ended and I still have these issues.

Gabest (or Media Player Classic) asks to change my extensions from Windows Media Player (avi, mp3, midi, etc) and win patrol notifies me. It is important to note that this has only happened on my mom's and Dad's user accounts for some reason.The exe that starts Gabest is called mplayerc which is in a folder named: C:\Program Files\Media Player Classic where it and a (.ini) file of the same name is in there. These are the only two files present...weird?

On a side note, there are at least 3 files in my windows folder which Virustotal has marked as bad by 1-2 virus versions, but I have not deleted them yet.

I could not find OTL's Extra.log and I have run Gmer in the past fully, but it froze/would not save in safe mode. I would be happy to use Root Repeal or another root-kit scanner if that is an option.

Edit: Since posting I think that the reason for not being able to install some windows updates (.net Framework 3.5 and Microsoft Silverlight updates) is a software issue, I need to uninstall/reinstall I guess, so I don't think this is malware since I can install other updates.

PS: Would it be okay if I could keep my mom and Dad's temp? My mom is really wanting to keep her history in IE and stuff.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4712

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/28/2010 2:02:39 PM
mbam-log-2010-09-28 (14-02-39).txt

Scan type: Quick scan
Objects scanned: 188503
Time elapsed: 13 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 9/28/2010 12:18:51 AM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Family\Desktop\Daniel
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 13.17 Gb Free Space | 18.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Family\Desktop\Daniel\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\WINDOWS\system32\mmc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Family\Desktop\Daniel\OTL.com (OldTimer Tools)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (npkcusb) -- C:\Nexon\MapleStory\npkcusb.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (bckd) -- C:\WINDOWS\system32\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (zumbus) -- C:\WINDOWS\system32\drivers\zumbus.sys (Microsoft Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssoftnt4) -- C:\WINDOWS\system32\drivers\ssoftnt4.sys (Cypherix Software (India) Pvt. Ltd.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (atidgllk) -- C:\dell\Drivers\R103296\atidgllk.sys (ATI Technologies Inc.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BTNetFilter) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (CQX) -- C:\WINDOWS\system32\drivers\CQX.SYS (Susteen Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {c0d8c829-2f23-4d63-9dfb-7047c17a8357}:0.1.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 20:32:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 00:13:59 | 000,000,000 | ---D | M]

[2008/12/04 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2010/09/27 22:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions
[2010/04/26 23:07:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 15:18:49 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/07/27 14:27:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/24 17:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{c0d8c829-2f23-4d63-9dfb-7047c17a8357}
[2010/08/18 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{c0d8c829-2f23-4d63-9dfb-7047c17a8357}(2)
[2010/08/18 17:50:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/08/18 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\[email protected]
[2006/10/16 15:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Sunbird\Profiles\3mxotn6x.default\extensions
[2008/10/27 16:50:08 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\searchplugins\dictionary.xml
[2010/07/04 18:20:23 | 000,001,388 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\searchplugins\moola_search.xml
[2010/09/27 22:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/16 13:42:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 17:10:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/10/19 19:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/27 19:34:33 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
[2005/12/27 19:31:50 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
[2008/08/19 16:31:28 | 000,098,304 | ---- | M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
[2009/02/23 10:45:06 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/09/06 16:19:15 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2005/12/27 19:33:51 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/09/05 21:46:27 | 000,231,844 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 8130 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1189820632921 (MUWebControl Class)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/27 20:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\GeeksToGo2
[2010/09/24 18:27:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/22 15:20:12 | 000,000,000 | ---D | C] -- C:\Incomplete
[2010/09/18 18:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Jesus
[2010/09/16 12:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/09/15 22:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\LimeWire
[2010/09/11 17:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Self-Repair (old)
[2010/09/09 16:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Daniel's Repair
[2010/09/08 23:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\jobs
[2010/09/08 14:07:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/08 14:02:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/06 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Album art
[2010/09/06 13:59:09 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/09/02 21:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\G-Force
[2010/08/31 22:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Bleeping Tutorial
[2010/08/31 20:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\TechSpot
[2010/08/31 13:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/08/28 12:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\QuickScan
[2010/08/27 14:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/08/22 22:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2010/08/20 23:30:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/20 23:28:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/20 19:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/08/18 17:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/08/18 17:52:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/08/18 15:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Platform SDK
[2010/08/17 19:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Net FrameWork
[2010/08/15 17:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Notes
[2010/08/09 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Local Settings\Application Data\FLVService
[2010/08/09 20:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Freecorder
[2010/08/06 19:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Local Settings\Application Data\PCHealth
[2010/08/01 22:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/07/20 18:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/20 18:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\SUPERAntiSpyware.com
[2010/07/20 18:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\AVS4YOU
[2010/07/18 16:34:51 | 000,000,000 | ---D | C] -- C:\TimezAttack
[2010/07/18 16:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\BigBrainz
[2010/07/14 22:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Local Settings\Application Data\Sunbelt Software
[2010/07/14 22:32:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/11 14:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\.idlerc
[2010/07/11 14:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Python31
[2010/07/11 01:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\ssorgatem productions
[2010/07/09 15:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/06 15:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2005/10/06 13:57:59 | 000,052,736 | ---- | C] (Cypherix) -- C:\Program Files\cryptainerlemobile.exe
[35 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1213 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Family\*.tmp files -> C:\Documents and Settings\Family\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/27 16:38:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/27 16:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/27 16:38:35 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/27 03:01:16 | 029,097,984 | ---- | M] () -- C:\Documents and Settings\Family\ntuser.dat
[2010/09/27 03:01:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Family\ntuser.ini
[2010/09/27 03:01:10 | 025,452,332 | -H-- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\IconCache.db
[2010/09/25 21:28:33 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/23 18:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/22 13:58:48 | 000,001,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/22 13:57:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/19 19:21:51 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/19 19:21:51 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/14 17:41:11 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Solved wuauclt.exe running at 99% CPU - Tech Support Guy Forums.URL
[2010/09/12 15:16:14 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\New Microsoft Word Document.doc
[2010/09/06 23:54:10 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/09/05 23:34:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 21:46:27 | 000,231,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/04 22:08:11 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\lyrics.doc
[2010/09/02 19:12:14 | 007,128,064 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/09/02 15:23:26 | 000,411,516 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/02 15:23:26 | 000,066,270 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/01 14:39:10 | 000,098,920 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/27 19:21:45 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\Family\.recently-used.xbel
[2010/08/25 21:10:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache
[2010/08/23 13:49:50 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/20 19:39:53 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/08/17 17:34:54 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Albertsons - Careers.URL
[2010/08/16 20:50:18 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[2010/08/14 13:26:45 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Math Test.doc
[2010/08/13 15:14:14 | 000,534,034 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 15:06:45 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Untitled.URL
[2010/08/11 22:08:17 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Shortcut to external (G) (G).lnk
[2010/08/07 22:13:24 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Employers.doc
[2010/08/01 22:05:31 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/07/26 22:59:31 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\New Microsoft Word Document (3).doc
[2010/07/21 13:40:30 | 000,006,612 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\PrimoPDFSet.xml
[2010/07/20 14:13:41 | 000,100,415 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Wouldntitbenice-BeachBoys.mp3
[2010/07/18 16:35:19 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2010/07/18 16:34:24 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\TAConf.conf
[2010/07/06 10:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[1213 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Family\*.tmp files -> C:\Documents and Settings\Family\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/18 18:26:43 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/14 17:41:11 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Solved wuauclt.exe running at 99% CPU - Tech Support Guy Forums.URL
[2010/09/12 15:16:14 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\New Microsoft Word Document.doc
[2010/09/08 14:07:25 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/09/08 14:07:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/04 22:01:57 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\lyrics.doc
[2010/09/01 17:02:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/09/01 17:02:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/09/01 17:02:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/09/01 17:02:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/09/01 17:02:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/09/01 17:02:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/09/01 17:02:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/09/01 17:02:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/09/01 17:02:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/09/01 17:02:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/09/01 17:02:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/09/01 17:02:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/09/01 17:02:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/09/01 17:02:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/09/01 17:02:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/09/01 17:02:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/09/01 17:02:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/09/01 17:02:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/09/01 17:02:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/09/01 17:02:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/09/01 17:02:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/09/01 17:02:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/09/01 17:02:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/09/01 17:02:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/09/01 17:02:27 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/09/01 17:02:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/09/01 17:02:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/09/01 17:02:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/09/01 17:02:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/09/01 17:02:26 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/09/01 17:02:26 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/09/01 17:02:26 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/09/01 17:02:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/09/01 17:02:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/09/01 17:02:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/09/01 17:02:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/09/01 17:02:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/09/01 17:02:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/09/01 17:02:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/09/01 17:02:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/09/01 17:02:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/09/01 17:02:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/09/01 17:02:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/09/01 17:02:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/09/01 17:02:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/09/01 17:02:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/09/01 17:02:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/08/28 23:32:17 | 029,097,984 | ---- | C] () -- C:\Documents and Settings\Family\ntuser.dat
[2010/08/27 19:21:45 | 000,001,508 | ---- | C] () -- C:\Documents and Settings\Family\.recently-used.xbel
[2010/08/25 21:10:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache
[2010/08/20 19:39:51 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/17 17:34:54 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Albertsons - Careers.URL
[2010/08/14 13:26:17 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Math Test.doc
[2010/08/13 15:31:08 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[2010/08/13 15:06:45 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Untitled.URL
[2010/08/01 22:05:31 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2010/07/20 14:13:38 | 000,100,415 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Wouldntitbenice-BeachBoys.mp3
[2010/07/18 16:35:19 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2010/07/18 16:32:30 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\TAConf.conf
[2010/06/28 16:38:09 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/28 16:37:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/28 16:37:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/04 21:36:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/01 01:13:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\CD44E9
[2009/11/01 01:13:13 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\mcs.rma
[2009/06/17 23:25:14 | 000,011,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\pifigowu
[2009/06/11 21:03:48 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2009/04/22 19:37:48 | 000,005,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/04/16 19:23:50 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/01/19 14:30:28 | 000,035,868 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\spanishvocabmaintenance2.plist
[2009/01/19 14:25:44 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\spanishvocabhighscores.plist
[2009/01/19 14:25:44 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\spanishvocab.plist
[2009/01/02 21:53:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/10/05 21:49:24 | 000,000,737 | ---- | C] () -- C:\WINDOWS\clikbook.ini
[2008/10/02 20:31:10 | 000,006,612 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\PrimoPDFSet.xml
[2008/10/02 20:24:49 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/08/04 23:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008/05/22 15:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 15:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 18:49:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/26 15:12:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/26 15:11:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/03/10 16:27:51 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\d3d8caps.dat
[2008/02/20 19:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/21 01:33:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/21 01:33:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/26 17:12:05 | 000,002,162 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2007/09/10 21:30:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\memphis.ini
[2007/09/10 21:30:10 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WERP.INI
[2007/09/04 16:06:58 | 000,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2007/09/04 15:46:35 | 000,000,312 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/08/29 22:05:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/07/11 09:53:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/06/17 19:06:59 | 000,000,635 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/05/12 18:15:50 | 000,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/11/28 20:54:17 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/11/28 20:54:17 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/11/05 00:52:17 | 000,001,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/27 17:39:01 | 000,011,135 | ---- | C] () -- C:\WINDOWS\System32\msvcr20.dll
[2006/04/27 11:24:24 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2006/03/16 16:34:12 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/07 22:29:04 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/01/29 21:34:15 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/28 23:32:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/10/14 11:40:22 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/10/11 18:10:52 | 026,214,400 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\cxl1706
[2005/10/04 15:07:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\PFP120JPR.{PB
[2005/10/04 15:07:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\PFP120JCM.{PB
[2005/09/22 17:12:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2005/09/22 16:39:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/14 13:00:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/14 12:50:52 | 000,000,436 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/14 12:20:00 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/14 13:31:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005/06/21 23:37:42 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 14:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 14:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/27 05:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 05:13:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2003/06/20 05:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/29 04:23:16 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/09/29 04:23:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/09/29 04:23:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/12/03 17:50:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 17:50:20 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 07:49:30 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/01 23:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/07/09 15:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/05/01 16:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/11/28 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/12/25 13:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Praise
[2008/03/26 15:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/22 19:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensions
[2010/03/17 20:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/09/19 18:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kolabuyu
[2009/07/16 15:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/01/23 17:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/08 16:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2008/05/26 18:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/15 21:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2007/08/30 15:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/02/04 09:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/11/18 23:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/01 19:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/14 22:32:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/09/26 02:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/26 21:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\.purple
[2010/07/20 18:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Amazon
[2010/06/04 15:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\AnvSoft
[2009/04/16 20:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Any Video Converter
[2010/05/01 15:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Auslogics
[2010/07/09 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Azureus
[2010/07/18 16:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\BigBrainz
[2010/03/19 20:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Comcast
[2010/02/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Cool Record Edit Pro
[2010/04/09 20:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CreeperWorld
[2010/04/09 19:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CreeperWorldDEMO.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2006/05/02 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CrystalApp
[2006/05/02 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CrystalSpace
[2008/07/25 14:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\EPSON
[2009/06/02 18:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\fizzy
[2008/03/02 16:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\fretsonfire
[2007/09/04 16:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\funkitron
[2010/09/02 21:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\G-Force
[2010/06/23 13:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GrabPro
[2009/06/03 18:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\gtk-2.0
[2010/05/07 21:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\IObit
[2006/11/25 21:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Leadertech
[2010/09/22 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\LimeWire
[2009/04/16 19:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Moyea
[2010/01/23 17:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\NCH Swift Sound
[2007/08/30 15:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\NetMedia Providers
[2008/05/26 18:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Nexon
[2006/05/26 17:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Nvu
[2010/06/23 13:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Orbit
[2008/09/01 20:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OverDrive
[2009/09/20 16:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\PDF reDirect
[2007/08/30 15:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Publish Providers
[2010/08/28 12:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\QuickScan
[2010/01/23 16:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Recordpad
[2010/07/11 15:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\SanDisk
[2007/02/01 22:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Songbird
[2007/08/30 15:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Sony
[2007/08/01 20:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\SoundSpectrum
[2010/07/11 01:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\ssorgatem productions
[2005/09/23 19:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\UnH Solutions
[2009/01/14 19:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\vghd
[2008/12/18 21:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/27 16:38:32 | 000,051,001 | ---- | M] () -- C:\aaw7boot.log
[2008/01/21 19:28:48 | 000,001,682 | ---- | M] () -- C:\APIHook.log
[2009/11/20 15:52:31 | 000,009,422 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2004/08/19 14:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/01 23:10:09 | 000,011,445 | ---- | M] () -- C:\bdlog.txt
[2010/09/06 23:54:10 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/09/19 19:21:51 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/12 15:11:26 | 000,058,504 | ---- | M] () -- C:\ComboFix.txt
[2004/08/19 14:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/25 00:22:17 | 000,000,105 | ---- | M] () -- C:\CTSUFile.txt
[2005/09/14 12:23:34 | 000,005,728 | RH-- | M] () -- C:\dell.sdr
[2007/09/22 20:15:29 | 000,004,997 | -H-- | M] () -- C:\ffastun.ffa
[2007/09/22 20:15:27 | 001,548,288 | -H-- | M] () -- C:\ffastun.ffl
[2007/09/22 20:15:29 | 001,773,568 | -H-- | M] () -- C:\ffastun.ffo
[2007/09/22 20:15:27 | 006,975,488 | -H-- | M] () -- C:\ffastun0.ffx
[2010/09/27 16:38:35 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/17 17:56:19 | 000,032,187 | ---- | M] () -- C:\HijackPatrol.log
[2005/10/01 09:10:28 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/19 14:07:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/06/18 14:19:26 | 000,001,925 | -H-- | M] () -- C:\IPH.PH
[2010/08/19 17:13:40 | 000,014,437 | ---- | M] () -- C:\JavaRa.log
[2004/08/19 14:07:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:56:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\npwmsdrm.dll
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/08 23:03:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/27 16:38:32 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 20:39:28 | 000,007,645 | ---- | M] () -- C:\pcglicense.txt
[2007/01/30 10:14:11 | 000,001,677 | ---- | M] () -- C:\photodex-presenter-install.log
[2006/11/01 21:41:41 | 000,000,026 | ---- | M] () -- C:\register.js
[2005/09/14 12:49:31 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/08/20 17:46:44 | 000,057,422 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_20.08.2010_17.46.05_log.txt
[2010/09/06 14:17:01 | 000,057,284 | ---- | M] () -- C:\TDSSKiller.2.4.2.0_06.09.2010_14.16.32_log.txt
[2006/03/14 20:44:31 | 000,000,000 | ---- | M] () -- C:\wizard.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/19 13:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 13:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 13:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-27 07:40:02
< End of report >

Edited by Danc20, 02 October 2010 - 04:27 PM.

  • 0

Advertisements

#2
Danc20
Posted 04 October 2010 - 07:15 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
*Bump*

Know you guys are busy, just doing the bump.
  • 0

#3
Render
Posted 05 October 2010 - 05:04 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Danc20! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :D

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

  • I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay. I'm currently reviewing your logs.
  • 0

#4
Render
Posted 05 October 2010 - 05:37 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Danc20

As it has been a while I need fresh logs from GMER and OTL (OTL.txt and Extras.txt).

NOTE: ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

But since you have already run it include also combofix log. You can find it here: C:\combofix.txt

Step 1

Posted Image GMER Rootkit Scanner

  • Download GMER from HERE.
  • Extract the contents of zipped file to your desktop.
  • Double click GMER.exe.

    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
  • Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step 2

Default OTL Custom Scan

  • Double click on the Posted Image icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In next reply please include following logs:
  • ark.txt
  • OTL.txt and Extras.txt
  • combofix.txt

  • 0

#5
Render
Posted 05 October 2010 - 05:54 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
If you'll have problems running GMER please try with RootRepeal

We Need to check for Rootkits with RootRepeal
[/list] Rar Mirrors - Only if you know what a RAR is and can extract it.
<li>Extract RootRepeal.exe from the archive.
<li>Open Posted Image on your desktop.
<li>Click the Posted Image tab.
<li>Click the Posted Image button.
<li>Check all seven boxes: Posted Image
<li>Push Ok
<li>Check the box for your main system drive (Usually C:), and press Ok.
<li>Allow RootRepeal to run a scan of your system. This may take some time.
<li>Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
  • 0

#6
Danc20
Posted 05 October 2010 - 08:09 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hi Render! I would just like to say how grateful I am for your reply. You guys are really awesome in helping complete strangers with their problems. Thanks for taking up my case :D.

Here's the most recent Combofix log; I have the very first one if you would like to see that since it is located on another forum.

ComboFix 10-09-12.01 - Family 09/12/2010 14:49:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.454 [GMT -7:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Family\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Auslogics Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863B6054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863BFADC-FFA4-00E7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863FC054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {864C49BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83BDB054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EA054-FFA4-00E7-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85965054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D1BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D4174C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D9F434-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DF7054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E2D054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3B8DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3C32C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3EB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E3EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E5EDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E64324-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6558C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6575C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6595C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E66BC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E67BC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E67C34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E68634-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6A054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6B39C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6DB54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E70DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E71AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E7231C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E744EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E7E054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EA5B5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EAD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EB3DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EDB6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85EFDB4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F0658C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F36214-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F87C54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F98A34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F9C28C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FB0054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FD8DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FDFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE04EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE1304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE229C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE99DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FE9C5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF2494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF3694-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FF6DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85FFD054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86011C64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860153F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86019DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86025054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86028304-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860289D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860291E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8602DAC4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86030874-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86031474-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8603E554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8604391C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86043DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860595A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86060DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860743B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8607DDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8608393C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A02B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860A5844-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860AA6AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860B78EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860C4C6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860CE1BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860DD32C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860E2DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EBDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EDB2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EE354-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860EFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860F7C6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610628C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861088BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610983C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610B2DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610CB64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610D264-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8611ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8612E9CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86135B64-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8614391C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8614758C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861549BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86189594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8619BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861A8644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861B1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C1C4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C6264-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C7DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D620C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D7984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861DBC5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861ED594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F91E4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F937C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86204D94-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8622232C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86247054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86255DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8625F3CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86281CE4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86287514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86287B2C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A45BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862AE25C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862B2CAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C09B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C3494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C7C4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C83C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DBB3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862DFDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86306DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630DB4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632926C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86334C9C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86369894-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637028C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637A644-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86384A34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86388A54-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638B414-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86390754-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86392C5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A170C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A39B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A73FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A89C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AB494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863ADCBC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B541C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B9DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BA9C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BE60C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C389C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C8554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863CA9BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D158C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D219C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D4284-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D81DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DA384-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863DF24C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E1DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E683C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E84C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F1504-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863F6DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86408BAC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86411514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864233D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86425054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8642B3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643C054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644213C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86447C3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644C55C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645244C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645247C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646E41C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86485DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648720C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86498434-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864AB45C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D941C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E724C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E93FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F1694-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F19B4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F3054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F3724-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F6A5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F71F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F81D4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F9374-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FC554-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FF74C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8650BC34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865117EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865169CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651ADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86520AA4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652D7CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652F564-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865302BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653CB3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86541C3C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86542A14-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8654BDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86550ACC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86564B44-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86564B8C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8656F054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8657574C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8658E6F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865973FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659E2DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8659FA34-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865BE054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865DC7A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865F72F4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86697DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8669DC4C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AB834-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866ACDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AE054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BA9BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BF3FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C0594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C3594-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C5054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C5AB4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866C693C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866CEDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866D3D9C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866EA904-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86702494-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {867092FC-FFA4-00EF-0D24-347CA8A3377C}

FILE ::
"c:\documents and settings\Administrator\Application Data\wruninstall.exe"
"g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\AAWService.exe"
"g:\computer protection\Lavasoft\Ad-Aware\Lavasoft\Ad-Aware\KernExplorer.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\wruninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAVASOFT_AD-AWARE_SERVICE
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Ad-Aware Service
-------\Service_Lavasoft Kernexplorer


((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-06 20:59 . 2010-09-06 20:59 -------- d-----w- C:\_OTM
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\Reno 911 Paintball
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\G-Force
2010-09-03 04:11 . 2010-09-03 04:11 -------- d-----w- c:\documents and settings\Family\Application Data\BitTorrent
2010-08-31 20:50 . 2010-08-31 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-28 19:38 . 2010-08-28 19:40 -------- d-----w- c:\documents and settings\Family\Application Data\QuickScan
2010-08-27 21:22 . 2010-09-03 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-23 05:10 . 2010-08-23 05:10 -------- d-----w- c:\program files\The Weather Channel FW
2010-08-21 06:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 06:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 02:40 . 2010-08-21 02:40 -------- d-----w- c:\program files\MSSOAP
2010-08-21 02:39 . 2010-08-21 02:39 164 ----a-w- c:\windows\install.dat
2010-08-19 00:53 . 2010-08-19 00:53 -------- d-----w- c:\program files\MSBuild
2010-08-19 00:52 . 2010-08-19 00:52 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-18 22:42 . 2010-08-19 00:51 -------- d-----w- c:\program files\Microsoft Platform SDK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 22:00 . 2010-07-06 22:15 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-09-12 04:16 . 2009-12-09 04:00 -------- d-----w- c:\program files\Steam
2010-09-06 07:01 . 2007-08-29 03:37 -------- d-----w- c:\program files\ESET
2010-09-06 05:58 . 2010-07-21 01:44 63488 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-06 05:58 . 2010-07-21 01:44 117760 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 04:22 . 2008-01-26 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-03 04:08 . 2007-05-13 01:29 -------- d-----w- c:\program files\Logitech
2010-09-03 04:08 . 2007-06-16 00:39 -------- d-----w- c:\program files\DivX
2010-09-03 04:06 . 2009-10-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-01 21:39 . 2005-09-23 22:18 98920 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-27 21:22 . 2010-08-27 21:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 20:13 . 2010-02-22 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-25 00:18 . 2007-05-02 04:02 -------- d-----w- c:\documents and settings\Family\Application Data\Creative
2010-08-20 00:13 . 2005-09-14 19:38 -------- d-----w- c:\program files\Java
2010-08-20 00:11 . 2010-08-20 00:11 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcp71.dll
2010-08-20 00:11 . 2010-08-20 00:11 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-sse.dll
2010-08-20 00:11 . 2010-08-20 00:11 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\jmc.dll
2010-08-20 00:11 . 2010-08-20 00:11 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1e3f901a-n\msvcr71.dll
2010-08-20 00:11 . 2010-08-20 00:11 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecac15c-n\decora-d3d.dll
2010-08-20 00:11 . 2005-09-14 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 03:23 . 2010-08-02 05:04 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-19 00:50 . 2007-07-22 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-08 02:53 . 2005-09-23 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 01:44 . 2010-07-21 01:44 52224 ----a-w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-21 01:44 . 2010-07-21 01:44 -------- d-----w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com
2010-07-21 01:42 . 2008-01-21 08:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-21 01:35 . 2010-07-21 01:35 -------- d-----w- c:\documents and settings\Family\Application Data\AVS4YOU
2010-07-21 01:27 . 2009-12-04 00:57 -------- d-----w- c:\documents and settings\Family\Application Data\Amazon
2010-07-18 23:29 . 2010-07-18 23:29 -------- d-----w- c:\documents and settings\Family\Application Data\BigBrainz
2010-07-18 22:20 . 2010-07-18 22:20 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-17 12:00 . 2010-06-16 20:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:32 . 2010-07-15 05:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-06 17:29 . 2010-07-15 05:32 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-05-12 03:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2010-05-09 03:34 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2010-05-09 03:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:55 . 2009-12-28 04:59 75636 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-21 15:27 . 2010-05-09 03:34 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 05:09 . 2010-06-19 05:09 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-19 03:16 . 2009-10-17 23:07 87 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences2.dat
2010-06-19 03:16 . 2008-08-20 02:34 45 ----a-w- c:\documents and settings\Family\jagex_runescape_preferences.dat
2010-06-19 03:14 . 2010-06-19 03:14 0 ----a-w- c:\documents and settings\Family\jagex__preferences3.dat
2010-06-17 14:03 . 2004-08-19 20:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 20:43 . 2010-06-16 20:43 503808 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcp71.dll
2010-06-16 20:43 . 2010-06-16 20:43 499712 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\jmc.dll
2010-06-16 20:43 . 2010-06-16 20:43 348160 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-119fa94c-n\msvcr71.dll
2010-06-16 20:43 . 2010-06-16 20:43 61440 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-sse.dll
2010-06-16 20:43 . 2010-06-16 20:43 12800 ----a-w- c:\documents and settings\Family\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66ef6111-n\decora-d3d.dll
2004-05-21 08:30 . 2005-10-06 20:57 52736 ----a-w- c:\program files\cryptainerlemobile.exe
2009-10-20 02:59 . 2010-05-02 04:49 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-11-24 21:14 . 2009-11-24 21:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 20:10 . 2009-11-28 20:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2005-06-26 23:32 . 2005-06-26 23:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 06:37 . 2005-06-22 06:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 08:00 . 2004-01-25 08:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-03-22 00:35 . 2006-03-16 23:34 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2005-02-28 21:16 . 2005-02-28 21:16 240128 --sha-r- c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Gwen\Start Menu\Programs\Startup\
Download Manager.lnk - c:\program files\Snocap\Download Manager\NodeStarter.exe [2008-1-30 352256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Susteen\\DataPilot\\DpLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Family\\Desktop\\Neutral\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Snocap\\Download Manager\\active\\downloadmgr.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4050:TCP"= 4050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 3:52 PM 74088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/2/2009 1:00 PM 135336]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 3:52 PM 1078632]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [5/21/2004 1:30 AM 100728]
S3 atidgllk;atidgllk;c:\dell\Drivers\R103296\atidgllk.sys [11/6/2005 10:49 PM 5120]
S3 CQX;Susteen Virtual Serial Port Driver;c:\windows\system32\drivers\CQX.SYS [3/21/2003 10:44 AM 38144]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 1:14 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Family\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 15:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\4b0\3149402\413\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\5ac\000A2700151426B7\1209\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\781\070415301827\b2b5\1]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\ATI Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Applications\Konfabulator.exe\shell\open\command]
@DACL=(02 0000)
"command"=multi:"N_M9j=UIS?,uL&u`JN$V>DyxtqG8LQ?oFCd2zzP2g \"%1\"\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\Applications\mplayer2.exe\SupportedTypes]
@DACL=(02 0000)
".aa"=""
".aif"=""
".aifc"=""
".aiff"=""
".asf"=""
".asx"=""
".au"=""
".avi"=""
".cda"=""
".dvr-ms"=""
".m1v"=""
".m2v"=""
".m3u"=""
".mid"=""
".midi"=""
".mod"=""
".mp2"=""
".mp2v"=""
".mp3"=""
".mpa"=""
".mpe"=""
".mpeg"=""
".mpg"=""
".mpv2"=""
".rmi"=""
".snd"=""
".wav"=""
".wax"=""
".wm"=""
".wma"=""
".wmd"=""
".wms"=""
".wmv"=""
".wmx"=""
".wmz"=""
".wpl"=""
".wvx"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedTypes]
@DACL=(02 0000)
@=""
".mp3"=""
".m3u"=""
".cda"=""
".wav"=""
".mpg"=""
".mpeg"=""
".mpv"=""
".mps"=""
".m2v"=""
".m1v"=""
".mpe"=""
".mpa"=""
".avi"=""
".mp4"=""
".m4e"=""
".rt"=""
".rnx"=""
".rmp"=""
".rms"=""
".rjs"=""
".ra"=""
".rax"=""
".rm"=""
".rmvb"=""
".rp"=""
".ram"=""
".rmm"=""
".rsml"=""
".rv"=""
".rvx"=""
".rmj"=""
".rjt"=""
".rmx"=""
".wma"=""
".wmv"=""
".wax"=""
".asx"=""
".asf"=""
".wm"=""
".wmx"=""
".wvx"=""
".mov"=""
".qt"=""
".aac"=""
".m4a"=""
".m4p"=""
".mp2"=""
".mp1"=""
".mpga"=""
".pls"=""
".xpl"=""
".smi"=""
".smil"=""
".ssm"=""
".sdp"=""
".au"=""
".aif"=""
".aiff"=""
".mid"=""
".midi"=""
".rmi"=""
".acp"=""
".lmsff"=""
".lqt"=""
".lavs"=""
".lar"=""
".la1"=""
".rpl"=""
".3gp"=""
".amr"=""
".awb"=""
".3g2"=""
".divx"=""
".rpm"=""

[HKEY_LOCAL_MACHINE\software\Classes\Applications\YahooWidgetEngine.exe\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell\Explore\Command]
@DACL=(02 0000)
@="c:\\Program Files\\Windows Messaging\\exchng32.exe /j"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\Shell\Open\Command]
@DACL=(02 0000)
@="\"c:\\PROGRA~1\\MICROS~4\\Office10\\OUTLOOK.EXE\""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B72E179A-8130-78E0-882B-A62B64624F04}\shellex\PropertySheetHandlers\{00020D75-0000-0000-C000-000000000046}]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\DefaultIcon]
@DACL=(02 0000)
@="c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmjblaunch.exe,1"

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\mounts v2]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Cygnus Solutions\Cygwin\Program Options]
@Class="cygnus"
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Digital Praise\Guitar Praise]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\EPSON America Inc.\EPSON Stylus CX9400Fax Series Scanner Driver Update]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgSunbirdTrunkWin322006100618]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\FullCircle\TalkBack\MozillaOrgThunderbird15Win322006090918]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\0,0,800,600]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\G-Force]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\SoftSkies]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=GF84H81\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06??z\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'????z"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\MediaGuide]
@DACL=(02 0000)
"FriendlyName"="Media Guide"
"ColorPlayer"="#0063B0"
"ImageLargeURL"="http://images.metase...er11_30x30.png"
"ImageMenuURL"="http://images.metase..._rgb_15x15.png"
"Task1ButtonText"="Media Guide"
"Task1ButtonTip"="Media Guide"
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\Napster]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\iMesh]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\OverDrive, Inc.]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m2v]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.m4a]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mod]
@DACL=(02 0000)
"Extension.Handler"="mpegfile"
"Permissions"=dword:0000000f
"PerceivedType"="video"
"MediaType.Description"="Movie Clip"
"MediaType.DescriptionID"="9902"
"MediaType.Icon"="quartz.dll,-103"
"Extension.MIME"="video/mpeg"
"ReplaceApps"="mplayer2.exe|amovie.ocx|mplayer.exe|iexplore.exe"
"SuperiorApps"="wmplayer.exe"
"MCIHandler"="MPEGVideo"
"Shell.Open"="/prefetch:9 /Open \"%L\""
"Shell.AltVerb.Cmd"="/prefetch:9 /Play \"%L\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Multimedia\MPlayer2\Extensions\.mp4]
@DACL=(02 0000)
"Permissions"=dword:0000000f
"Runtime"=dword:00000007

[HKEY_LOCAL_MACHINE\software\NetGame\MPlugin_USA\1.5.0.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Sibelius Software\Scorch\Preferences]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\ViewSonic Corporation\ViewSonic Monitor Drivers]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
.
**************************************************************************
.
Completion time: 2010-09-12 15:11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-12 22:11
ComboFix2.txt 2010-09-10 21:48
ComboFix3.txt 2010-09-08 21:35

Pre-Run: 8,947,585,024 bytes free
Post-Run: 8,965,292,032 bytes free

- - End Of File - - 13D457FE4F887BB63EEA7F2D9DC42AD5



Root Repeals


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/10/05 17:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF13E6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Family\Local Settings\Apps\2.0\ZHGY4Q60.088\AN3DZD37.AEN\manifests\DiskSpaceFinder.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Family\Local Settings\Apps\2.0\ZHGY4Q60.088\AN3DZD37.AEN\manifests\DiskSpaceFinder.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Rick\Local Settings\Apps\2.0\B6XWOM5T.0EY\H9J00EO6.BEN\manifests\DiskSpaceFinder.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Rick\Local Settings\Apps\2.0\B6XWOM5T.0EY\H9J00EO6.BEN\manifests\DiskSpaceFinder.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7d06eee

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7d06ee4

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7d06ef3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7d06efd

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7d06f02

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7d06ed0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7d06ed5

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7d06f0c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7d06f07

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7d06ef8

==EOF==


OTL's



OTL logfile created on: 10/5/2010 6:55:20 PM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Family\Desktop\GeeksToGo2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 10.37 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/28 16:11:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\GeeksToGo2\OTL.com
PRC - [2010/04/19 15:21:27 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/11 15:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/09/18 20:59:00 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/09/10 22:56:24 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004/02/02 22:42:54 | 000,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/28 16:11:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\GeeksToGo2\OTL.com
MOD - [2008/09/18 20:59:08 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- G:\Computer Protection\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 15:21:27 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/11 15:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\Computer Protection\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/22 21:24:48 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2009/12/11 15:52:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/10 12:09:32 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/04/13 11:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/07/13 19:05:38 | 000,100,728 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/20 18:03:28 | 000,027,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/01/20 18:03:24 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/01/20 18:02:58 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/06/23 17:57:18 | 000,005,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\Drivers\R103296\atidgllk.sys -- (atidgllk)
DRV - [2005/05/31 16:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 10:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 15:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/31 17:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/12/05 23:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 23:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 23:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 23:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 23:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 23:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 23:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 23:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 23:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 01:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/02 13:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/10/19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 09:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 09:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 01:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/06 02:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 02:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 02:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/03/21 10:44:46 | 000,038,144 | ---- | M] (Susteen Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CQX.SYS -- (CQX)
DRV - [2002/11/08 17:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {c0d8c829-2f23-4d63-9dfb-7047c17a8357}:0.1.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 20:32:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 00:13:59 | 000,000,000 | ---D | M]

[2008/12/04 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2010/10/05 18:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions
[2010/04/26 23:07:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 15:18:49 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/07/27 14:27:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/24 17:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{c0d8c829-2f23-4d63-9dfb-7047c17a8357}
[2010/08/18 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{c0d8c829-2f23-4d63-9dfb-7047c17a8357}(2)
[2010/08/18 17:50:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/08/18 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\extensions\[email protected]
[2006/10/16 15:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Mozilla\Sunbird\Profiles\3mxotn6x.default\extensions
[2008/10/27 16:50:08 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\searchplugins\dictionary.xml
[2010/07/04 18:20:23 | 000,001,388 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\lkh81eos.default\searchplugins\moola_search.xml
[2010/10/05 18:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/16 13:42:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 17:10:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/10/19 19:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/27 19:34:33 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
[2005/12/27 19:31:50 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
[2008/08/19 16:31:28 | 000,098,304 | ---- | M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
[2009/02/23 10:45:06 | 000,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/09/06 16:19:15 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2005/12/27 19:33:51 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/09/05 21:46:27 | 000,231,844 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 8130 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = DeviceDoctor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1189820632921 (MUWebControl Class)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.fvfw - C:\WINDOWS\System32\ffvfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe - (IVT Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - Reg Error: Value error. - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - G:\Computer Protection\Lavasoft\Ad-Aware\AAWService.exe File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - G:\Computer Protection\Lavasoft\Ad-Aware\AAWService.exe File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F27D1D-6388-8D9C-F6BF-456B6E87EDC4} - NetShow
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {93D02250-8331-95B1-4E53-979A92A994BA} - IE7 Uninstall Stub
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C943986D-4A4D-4C56-857E-619DAF28ABB7} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 21:34:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/04 20:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\TimezAttackLauncher
[2010/10/04 00:31:55 | 000,000,000 | ---D | C] -- C:\BigBrainz
[2010/10/03 15:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\DoctorWeb
[2010/10/02 19:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Luke's Captain Bible
[2010/10/02 18:51:15 | 000,000,000 | ---D | C] -- C:\CB
[2010/10/02 17:44:52 | 000,000,000 | ---D | C] -- C:\ABC123
[2010/10/02 17:13:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E499B436-8B36-442B-9362-F9C8A149DAB7}
[2010/10/02 17:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTweak Software
[2010/10/02 16:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Neutral
[2010/10/02 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/10/02 16:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Codec
[2010/10/01 17:09:29 | 000,000,000 | ---D | C] -- C:\dosbox
[2010/10/01 17:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Local Settings\Application Data\DOSBox
[2010/10/01 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/10/01 14:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Revo
[2010/09/27 20:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\GeeksToGo2
[2010/09/24 18:27:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/22 15:20:12 | 000,000,000 | ---D | C] -- C:\Incomplete
[2010/09/18 18:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Jesus
[2010/09/16 12:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/09/15 22:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Application Data\LimeWire
[2010/09/11 17:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Self-Repair (old)
[2010/09/09 16:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Daniel's Repair
[2010/09/08 23:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\jobs
[2010/09/08 14:07:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/08 14:02:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/06 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Desktop\Album art
[2010/09/06 13:59:09 | 000,000,000 | ---D | C] -- C:\_OTM
[2005/10/06 13:57:59 | 000,052,736 | ---- | C] (Cypherix) -- C:\Program Files\cryptainerlemobile.exe
[35 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\Documents and Settings\Family\*.tmp files -> C:\Documents and Settings\Family\*.tmp -> ]
[1213 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 15:48:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 15:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 15:48:12 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 02:13:24 | 029,097,984 | ---- | M] () -- C:\Documents and Settings\Family\ntuser.dat
[2010/10/05 02:13:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Family\ntuser.ini
[2010/10/05 02:13:11 | 008,401,026 | -H-- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\IconCache.db
[2010/10/04 23:25:18 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\TAConf.conf
[2010/10/04 20:29:46 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2010/10/03 21:21:34 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\mcs.rma
[2010/10/03 21:21:34 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\CD44E9
[2010/10/03 20:40:25 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/02 22:50:02 | 007,128,064 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/10/02 18:01:43 | 000,001,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/02 18:01:43 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/02 18:01:43 | 000,000,163 | ---- | M] () -- C:\WINDOWS\memphis.ini
[2010/10/02 16:19:30 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 14:20:15 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Revo Uninstaller.lnk
[2010/09/30 18:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/29 20:17:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/29 20:00:48 | 000,098,920 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/25 21:28:33 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/22 13:58:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/19 19:21:51 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/12 15:16:14 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\New Microsoft Word Document.doc
[2010/09/06 23:54:10 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/09/05 21:46:27 | 000,231,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2 C:\Documents and Settings\Family\*.tmp files -> C:\Documents and Settings\Family\*.tmp -> ]
[1213 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 22:37:13 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/04 20:29:46 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Timez Attack.lnk
[2010/10/01 17:53:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 14:20:15 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Revo Uninstaller.lnk
[2010/09/18 18:26:43 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/12 15:16:14 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\New Microsoft Word Document.doc
[2010/09/08 14:07:25 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/09/08 14:07:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/08/25 21:10:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache
[2010/07/18 16:32:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\TAConf.conf
[2010/06/28 16:38:09 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/28 16:37:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/28 16:37:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/04 21:36:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/01 01:13:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\CD44E9
[2009/11/01 01:13:13 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\mcs.rma
[2009/06/17 23:25:14 | 000,011,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\pifigowu
[2009/06/11 21:03:48 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2009/04/22 19:37:48 | 000,005,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/04/16 19:23:50 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/01/19 14:30:28 | 000,035,868 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\spanishvocabmaintenance2.plist
[2009/01/19 14:25:44 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\spanishvocabhighscores.plist
[2009/01/19 14:25:44 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\spanishvocab.plist
[2009/01/02 21:53:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/10/05 21:49:24 | 000,000,737 | ---- | C] () -- C:\WINDOWS\clikbook.ini
[2008/10/02 20:31:10 | 000,006,612 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\PrimoPDFSet.xml
[2008/10/02 20:24:49 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/08/04 23:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008/05/22 15:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 15:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/12 18:49:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/26 15:12:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/26 15:11:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/03/10 16:27:51 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\d3d8caps.dat
[2008/02/20 19:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/21 01:33:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/21 01:33:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/26 17:12:05 | 000,002,162 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2007/09/10 21:30:59 | 000,000,163 | ---- | C] () -- C:\WINDOWS\memphis.ini
[2007/09/10 21:30:10 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WERP.INI
[2007/09/04 16:06:58 | 000,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2007/09/04 15:46:35 | 000,000,312 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/08/29 22:05:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/07/11 09:53:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/06/17 19:06:59 | 000,000,635 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/05/12 18:15:50 | 000,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/11/28 20:54:17 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/11/28 20:54:17 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/11/05 00:52:17 | 000,001,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/27 17:39:01 | 000,011,135 | ---- | C] () -- C:\WINDOWS\System32\msvcr20.dll
[2006/04/27 11:24:24 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2006/03/16 16:34:12 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/07 22:29:04 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/01/29 21:34:15 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/28 23:32:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/10/14 11:40:22 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/10/11 18:10:52 | 026,214,400 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\cxl1706
[2005/10/04 15:07:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\PFP120JPR.{PB
[2005/10/04 15:07:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\PFP120JCM.{PB
[2005/09/22 17:12:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2005/09/22 16:39:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/14 13:00:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/14 12:50:52 | 000,000,436 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/14 12:20:00 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/21 23:37:42 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 14:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 14:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/27 05:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 05:13:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2003/10/28 10:07:20 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\ffvfw.dll
[2003/06/20 05:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/29 04:23:16 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/09/29 04:23:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/09/29 04:23:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/12/03 17:50:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 17:50:20 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 07:49:30 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/05 15:48:08 | 000,053,689 | ---- | M] () -- C:\aaw7boot.log
[2008/01/21 19:28:48 | 000,001,682 | ---- | M] () -- C:\APIHook.log
[2009/11/20 15:52:31 | 000,009,422 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2004/08/19 14:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/01 23:10:09 | 000,011,445 | ---- | M] () -- C:\bdlog.txt
[2010/09/06 23:54:10 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/09/19 19:21:51 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/12 15:11:26 | 000,058,504 | ---- | M] () -- C:\ComboFix.txt
[2004/08/19 14:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/25 00:22:17 | 000,000,105 | ---- | M] () -- C:\CTSUFile.txt
[2005/09/14 12:23:34 | 000,005,728 | RH-- | M] () -- C:\dell.sdr
[2007/09/22 20:15:29 | 000,004,997 | -H-- | M] () -- C:\ffastun.ffa
[2007/09/22 20:15:27 | 001,548,288 | -H-- | M] () -- C:\ffastun.ffl
[2007/09/22 20:15:29 | 001,773,568 | -H-- | M] () -- C:\ffastun.ffo
[2007/09/22 20:15:27 | 006,975,488 | -H-- | M] () -- C:\ffastun0.ffx
[2010/10/05 15:48:12 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/17 17:56:19 | 000,032,187 | ---- | M] () -- C:\HijackPatrol.log
[2005/10/01 09:10:28 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/19 14:07:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/06/18 14:19:26 | 000,001,925 | -H-- | M] () -- C:\IPH.PH
[2010/08/19 17:13:40 | 000,014,437 | ---- | M] () -- C:\JavaRa.log
[2004/08/19 14:07:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:56:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\npwmsdrm.dll
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/08 23:03:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/05 15:48:09 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 20:39:28 | 000,007,645 | ---- | M] () -- C:\pcglicense.txt
[2007/01/30 10:14:11 | 000,001,677 | ---- | M] () -- C:\photodex-presenter-install.log
[2006/11/01 21:41:41 | 000,000,026 | ---- | M] () -- C:\register.js
[2010/10/05 18:13:43 | 000,004,308 | ---- | M] () -- C:\RootRepeal report 10-05-10 (18-13-43).txt
[2005/09/14 12:49:31 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/08/20 17:46:44 | 000,057,422 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_20.08.2010_17.46.05_log.txt
[2010/09/06 14:17:01 | 000,057,284 | ---- | M] () -- C:\TDSSKiller.2.4.2.0_06.09.2010_14.16.32_log.txt
[2006/03/14 20:44:31 | 000,000,000 | ---- | M] () -- C:\wizard.txt

< %systemroot%\Fonts\*.com >
[2006/04/19 20:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/07/02 22:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 20:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/07/02 22:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[35 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/19 14:06:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[35 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/02 15:38:36 | 000,044,957 | ---- | M] (Blue Squirrel) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CBWP.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/07/27 10:10:27 | 000,278,528 | ---- | M] (Simple Star, Inc.) -- C:\WINDOWS\Comcast PhotoShow.scr
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[1997/07/11 01:00:00 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\ArtGalry.cag

< %PROGRAMFILES%\*.* >
[2004/05/21 01:30:02 | 000,052,736 | ---- | M] (Cypherix) -- C:\Program Files\cryptainerlemobile.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/19 13:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 13:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 13:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/08 23:10:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/12/26 17:17:43 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/19 14:14:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/04/17 22:55:17 | 005,296,128 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\audacity.exe
[2009/07/11 18:57:05 | 014,100,376 | ---- | M] ( ) -- C:\Documents and Settings\Family\Desktop\klcodec495f.exe
[2010/04/17 22:57:15 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Snippy.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/09/22 17:13:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Family\Favorites\Desktop.ini
[2010/01/23 16:38:19 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Family\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/05 18:53:56 | 000,098,304 | -HS- | M] () -- C:\Documents and Settings\Family\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[12 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >
[66 C:\WINDOWS\system32\Setup\*.tmp files -> C:\WINDOWS\system32\Setup\*.tmp -> ]

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2007/04/25 16:35:21 | 000,000,032 | R--- | M] () -- C:\Documents and Settings\Family\hash.dat
[2010/06/18 20:16:31 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Family\jagex_runescape_preferences.dat
[2010/06/18 20:16:31 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Family\jagex_runescape_preferences2.dat
[2010/06/18 20:14:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Family\jagex__preferences3.dat
[2010/10/05 02:13:24 | 029,097,984 | ---- | M] () -- C:\Documents and Settings\Family\ntuser.dat
[2 C:\Documents and Settings\Family\*.tmp files -> C:\Documents and Settings\Family\*.tmp -> ]

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/03/06 06:18:00 | 000,723,128 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
[2007/02/02 18:57:42 | 000,202,912 | ---- | M] (SEIKO EPSON CORP.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE
[2007/03/09 05:01:00 | 000,173,056 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTCFA.EXE
[2007/04/04 05:02:00 | 000,156,672 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNCFA.EXE
[2007/03/23 06:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICFA.EXE
[2007/04/09 01:02:00 | 000,176,128 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSCFA.EXE
[2007/05/08 10:08:00 | 000,105,984 | ---- | M] (SEIKO EPSON Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCFA.EXE
[2006/10/31 04:00:00 | 000,196,608 | ---- | M] (SEIKO EPSON CORP.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRECFA.EXE
[2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2005/06/05 11:12:38 | 000,090,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\G-Force.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2008/03/29 15:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2008/01/13 16:08:47 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2008/10/02 20:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2010/01/20 21:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/10/13 22:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2007/08/03 14:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\AM-DeadLink
[2009/02/03 19:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/03/26 15:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2007/02/12 17:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Argali White & Yellow
[2009/12/10 18:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2006/11/18 22:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2007/05/19 18:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Audible
[2006/12/24 21:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\AvantGo Connect
[2009/05/02 13:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2006/12/18 13:46:32 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/03/01 17:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Barnes & Noble
[2008/10/05 12:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2007/09/08 21:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\BitPim
[2010/10/05 15:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\Blue Coat K9 Web Protection
[2008/10/05 21:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Blue Squirrel
[2007/12/08 13:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\BlueBlitz MagicBeamer Demo
[2010/06/18 22:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/06/30 19:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/10/02 16:42:54 | 000,000,000 | ---D | M] -- C:\Program Files\Codec
[2005/11/03 22:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2010/09/18 18:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/04/23 13:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/04/24 18:45:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2007/10/27 16:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Cryptainer
[2009/05/02 14:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Cryptainer LE
[2005/09/14 12:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/05/04 21:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/02/04 09:12:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/12 15:42:15 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2008/12/25 13:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Praise
[2010/09/02 21:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/03/18 20:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\e-Sword
[2008/08/17 00:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\eMedia Beginner Guitar Lessons
[2008/03/26 15:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/09/06 00:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/02/16 16:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
[2007/09/13 21:52:38 | 000,000,000 | ---D | M] -- C:\Program Files\ffvfw
[2010/05/17 21:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\File Shredder
[2006/08/02 21:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\FolderSize
[2010/02/13 20:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Free Sound Recorder
[2006/12/11 15:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\FSCBoss
[2010/08/18 20:23:53 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2009/09/19 18:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\GiPo@Utilities
[2009/12/31 14:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/01/13 16:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2007/01/25 15:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2010/05/18 15:43:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/09/14 12:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/18 17:52:47 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/09/14 12:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2009/09/20 21:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/06/18 22:22:53 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/08/19 14:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/06/18 22:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2006/11/28 20:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\IVT Corporation
[2007/09/04 16:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
[2009/08/07 17:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\JAP
[2005/09/14 12:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/08/19 17:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/01/05 18:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Jawbreaker
[2010/06/28 16:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2005/09/14 12:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2008/07/26 12:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2008/10/11 19:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/09/16 12:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/02/16 16:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2005/10/02 21:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Media Player Classic
[2010/05/08 23:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/04/07 11:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/09/14 18:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/19 14:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/18 15:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/08/18 17:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Platform SDK
[2005/09/14 12:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/09/14 12:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/10/05 15:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/08/30 15:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/03/08 23:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/09/22 21:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/02/12 17:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\MOBILedit!
[2007/02/12 17:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2007/02/12 17:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2010/08/12 00:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/05/05 18:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/09/16 00:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/08/18 17:53:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/09/16 12:22:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/09/25 19:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/19 14:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/08/20 19:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2006/11/15 23:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/09/14 19:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/08/23 19:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/04/09 21:42:30 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2010/02/13 15:59:22 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010/05/08 23:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/19 14:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/06/30 14:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2008/09/21 19:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Orban
[2010/05/31 02:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/09/01 20:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\OverDrive Media Console
[2010/10/02 16:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2009/01/03 14:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\PDF reDirect
[2007/01/30 10:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex Presenter
[2007/09/15 18:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Pixmantec
[2007/02/10 21:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Pocket e-Sword
[2010/07/11 14:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\Python31
[2010/04/01 19:13:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/12/30 15:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/02/12 17:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Real Alternative
[2007/09/14 19:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/02/12 17:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2009/08/22 20:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2010/07/11 14:41:43 | 000,000,000 | ---D | M] -- C:\Program Files\SanDisk
[2010/02/26 21:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2005/09/14 12:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/10/02 17:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\SmartTweak Software
[2008/09/25 16:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Snocap
[2009/01/15 21:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Songbird
[2005/09/14 12:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2007/08/30 15:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2007/08/30 15:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2007/08/01 20:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\SoundSpectrum
[2009/06/25 17:31:05 | 000,000,000 | ---D | M] -- C:\Program Files\SourceTec
[2009/10/13 17:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/11 21:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2006/01/28 23:36:57 | 000,000,000 | ---D | M] -- C:\Program Files\Susteen
[2010/08/22 22:10:03 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2010/10/04 20:29:54 | 000,000,000 | ---D | M] -- C:\Program Files\TimezAttackLauncher
[2010/05/18 15:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/09/08 11:15:47 | 000,000,000 | ---D | M] -- C:\Program Files\TypingMaster
[2006/11/20 23:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\UnH Solutions
[2007/08/30 15:14:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/05/22 16:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/05/12 18:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\viewsonic
[2010/10/01 14:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/06/08 15:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2005/09/14 12:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2010/09/16 12:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2010/05/08 20:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/05/08 23:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2007/09/22 20:59:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Messaging
[2010/05/08 23:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/19 14:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2004/08/19 14:05:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/08/19 14:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/01/21 01:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2006/11/04 22:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2005/09/14 12:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-05 22:58:21
< End of report >

Edited by Danc20, 05 October 2010 - 08:11 PM.

  • 0

#7
Danc20
Posted 05 October 2010 - 08:12 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OTL Extras logfile created on: 10/5/2010 6:55:20 PM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Family\Desktop\GeeksToGo2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 10.37 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4050:TCP" = 4050:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Susteen\DataPilot\DpLauncher.exe" = C:\Program Files\Susteen\DataPilot\DpLauncher.exe:*:Enabled: DataPilot Launcher -- (Susteen Inc.,)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE" = C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Family\Desktop\Neutral\Azureus\Azureus.exe" = C:\Documents and Settings\Family\Desktop\Neutral\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Snocap\Download Manager\active\downloadmgr.exe" = C:\Program Files\Snocap\Download Manager\active\downloadmgr.exe:*:Enabled:MyStore Download Manager -- (SNOCAP Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam.exe -- (Valve Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\SteamApps\[email protected]\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\[email protected]\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- File not found
"C:\Program Files\Steam\SteamApps\[email protected]\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\[email protected]\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{295C7ABA-3D12-11D5-99EB-0080C82BC2DE}" = Sothink HTML Editor 2.5
"{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3DD53CF7-941F-45CB-B3AF-7D7FB4D64490}" = Pocket e-Sword (2005)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CE76A-B1FF-48FB-813F-22094537D143}" = HelloWorld Spanish Verb Conjugator V2.0
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}" = DataPilot USB Driver Pack
"{59FD743D-A699-449E-8197-BD2899DAD69A}" = OverDrive Media Console
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{605D374E-DEF0-4432-8194-92B8C0D377C9}" = AmbiCom WL11-SD for Windows Mobile
"{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin_USA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B5E816C-A761-4F5B-BF48-84B794556CAA}_is1" = Freelang Dictionary (wordlist)
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A95C2DC-779A-4EA8-9DE3-B118D1411E8B}_is1" = Freelang Dictionary 3.74 beta
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C33E05F-963E-4E7B-9445-8AFE5F5B1F69}" = e-Sword
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{900b1197-53f5-4f46-a882-2cfffe2eedcb}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{AEFD48FE-2A76-11D3-928B-00C04FB90523}" = Microsoft Reader for Pocket PC
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Beginner Guitar Lessons
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B58436F5-EEC6-4005-A1B7-26597CD4B644}" = DataPilot
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD104A82-D92A-484B-90F9-4CA044315DEC}" = UpdateMyDrivers
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5F5364A-7B98-4E86-9B5B-9C916F9C8439}" = Guitar Praise
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.1
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"99_is1" = Jawbreaker
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"aignesamdeadlink_is1" = AM-DeadLink 3.1
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.296
"BlueBlitz MagicBeamer Demo4.5" = BlueBlitz MagicBeamer Demo
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"ClickBook_is1" = Blue Squirrel ClickBook 11
"Comcast PhotoShow Deluxe 4" = Comcast PhotoShow Deluxe 4
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"crydrs_is1" = Cryptainer Drivers
"CSCLIB" = Canon Camera Support Core Library
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Debut" = Debut Video Capture Software
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ffvfw" = ffvfw (uninstall only)
"File Shredder_is1" = File Shredder 2.0
"FlashLynx" = FlashLynx Video Download Software
"getPlus®_ocx" = getPlus®_ocx
"G-Force" = G-Force
"Golden" = Golden Records Vinyl to CD Converter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE Privacy Keeper" = IE Privacy Keeper
"ie7" = Windows Internet Explorer 7
"InstallShield_{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}" = DataPilot USB Driver Pack
"InstallShield_{B58436F5-EEC6-4005-A1B7-26597CD4B644}" = DataPilot
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LimeWire" = LimeWire 4.18.8
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOBILedit!" = MOBILedit! 2.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF reDirect" = PDF reDirect (remove only)
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PrimoPDF4.1.0.9" = PrimoPDF
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RawShooter essentials 2006" = RawShooter essentials 2006
"RealAlt_is1" = Real Alternative 1.43
"Recordpad" = RecordPad Sound Recorder
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.89
"Rhapsody" = Rhapsody
"Scribe" = Express Scribe
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SNOCAP MyStore Download Manager" = SNOCAP MyStore Download Manager
"SoftSkies" = SoftSkies
"Soulseek" = SoulSeek Client 156c
"sscrle_is1" = Cryptainer LE
"ST5UNST #1" = Argali White & Yellow
"StoryHarp version 1.32_is1" = StoryHarp version 1.32
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"TempoPerfect" = TempoPerfect
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Timez Attack Launcher G" = Timez Attack Launcher
"ToolBox" = NCH Toolbox
"Tweak UI 2.10" = Tweak UI
"UpdateMyDrivers" = UpdateMyDrivers
"VideoPad" = VideoPad Video Editor
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2008
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WUDF01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"AppAway_is1" = AppAway 1.0
"AVI Splitter_is1" = AVI Splitter
"ea973adb42edb53d" = Disk Space Finder
"Inspector Parker_is1" = Inspector Parker
"Keylogger Hunter_is1" = Keylogger Hunter 2.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Ocean - Research Library_is1" = Ocean - Research Library
"Trillian" = Trillian
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2010 6:55:15 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/5/2010 6:55:21 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/5/2010 6:55:30 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2416473,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/5/2010 6:57:31 PM | Computer Name = DELL | Source = NativeWrapper | ID = 5000
Description =

Error - 10/5/2010 6:57:38 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/5/2010 6:58:01 PM | Computer Name = DELL | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Silverlight -- Error 1402. Could not open key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT.
System error 5. Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 10/5/2010 6:58:06 PM | Computer Name = DELL | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Silverlight - Update 'Microsoft Silverlight 4.0.50917.0'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\Family\LOCALS~1\Temp\SilverlightMSI.log.

Error - 10/5/2010 6:58:11 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/5/2010 6:58:15 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/5/2010 6:58:20 PM | Computer Name = DELL | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2416473,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

[ OSession Events ]
Error - 8/19/2007 3:38:50 PM | Computer Name = DELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 9/4/2007 9:56:37 PM | Computer Name = DELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 10/5/2010 6:55:15 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Silverlight (KB2416427).

Error - 10/5/2010 6:55:21 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET
Framework Assistant 1.0 x86 (KB963707).

Error - 10/5/2010 6:55:27 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

Error - 10/5/2010 6:55:35 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).

Error - 10/5/2010 6:57:36 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).

Error - 10/5/2010 6:57:43 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and
3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 10/5/2010 6:58:11 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Silverlight (KB2416427).

Error - 10/5/2010 6:58:16 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET
Framework Assistant 1.0 x86 (KB963707).

Error - 10/5/2010 6:58:21 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

Error - 10/5/2010 6:58:26 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).


< End of report >
  • 0

#8
Render
Posted 06 October 2010 - 01:39 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Danc20

Gabest (or Media Player Classic) asks to change my extensions from Windows Media Player (avi, mp3, midi, etc) and win patrol notifies me. It is important to note that this has only happened on my mom's and Dad's user accounts for some reason.The exe that starts Gabest is called mplayerc which is in a folder named: C:\Program Files\Media Player Classic where it and a (.ini) file of the same name is in there. These are the only two files present...weird?

This is normal. If you don't want to use MPC just uninstall K-Lite Codec Pack 4.9.5 (Full).

On a side note, there are at least 3 files in my windows folder which Virustotal has marked as bad by 1-2 virus versions, but I have not deleted them yet.

Please tell me the name and path to these three files.

Edit: Since posting I think that the reason for not being able to install some windows updates (.net Framework 3.5 and Microsoft Silverlight updates) is a software issue, I need to uninstall/reinstall I guess, so I don't think this is malware since I can install other updates.

For problems with installing updates for .NET Framework 3.5 please refer to this article: http://support.microsoft.com/kb/976982

PS: Would it be okay if I could keep my mom and Dad's temp? My mom is really wanting to keep her history in IE and stuff.

No. During malware removal process temporary files will be removed.

LimeWire is a file-sharing (P2P) program. Be aware:
  • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  • P2P programs have always been a target of malware writers and increasingly so of late with viruses, worms and other malware being distributed with the downloaded files.
  • Many of the files in P2P networks are copyrighted and legal action could result.
  • P2P programs will slow down your internet connection speed.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
    ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

    :Files

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy (press CTRL+A and then CTRL+C) and Paste (press CTRL+V) that report in your next reply.

Step 2

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


In next reply please include following logs:
  • OTL.txt
  • AVP log

  • 0

#9
Danc20
Posted 06 October 2010 - 05:49 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Thanks for responding to all those questions. I have never seen that .NET Framework page, but it is FAR superior to any I have viewed before! Thanks a million!

No. During malware removal process temporary files will be removed.

Ahh, really? I don't mind my temp files, or even my dad's temp files being removed, but is it possible to keep hers? My mom REALLY wants to keep her cookies, passwords, etc so she can not have to retype stuff in all the time and remember websites. Emptying temp does affect this, right? It is my parents computer so it is non-negotiable on my end ;). Say it ain't so?

Thanks for the limewire warning, unfortunately my family minus me uses it :D.

Virus Total Detections

C:\WINDOWS\Ask & Record Toolbar
C:\WINDOWS\BlueBlitz MagicBeamer Demo
C:\WINDOWS\Freecorder
C:\WINDOWS\PrimoPDF4 (not detected by Virus Total) - but similar uninstall.exe inside.

Edited by Danc20, 06 October 2010 - 05:50 PM.

  • 0

#10
Render
Posted 07 October 2010 - 04:41 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Danc20

My mom REALLY wants to keep her cookies, passwords, etc so she can not have to retype stuff in all the time and remember websites. Emptying temp does affect this, right?


Emptying temporary files does not affect saved passwords, browsing history and bookmarks or favorites, but there is command emptyflash which wipe out all cookies. So if cookies are so important for your mother then I recommend you to skip step 1 and continue with step 2.

C:\WINDOWS\Ask & Record Toolbar
C:\WINDOWS\BlueBlitz MagicBeamer Demo
C:\WINDOWS\Freecorder
C:\WINDOWS\PrimoPDF4 (not detected by Virus Total) - but similar uninstall.exe inside.

These folders are definitively in wrong place, but lets see what AVP tool will say.

In next reply please include following logs:
  • AVP log

  • 0

Advertisements

#11
Danc20
Posted 07 October 2010 - 06:27 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Errr....yikes! I ran OTL without doing [emptytemp], but no log came out. I thought it just [emptyflash] emptied the flash cookies. I just checked, all 7000+ cookies are intact for her, must be a miracle :D. Thanks a lot for over-looking step 1.

I scanned with AVP, but I clicked both My Computer and Local C drive, so I think it began scanning the C drive over again. It was at 76% and after 6 hours I had to shut it off because my Dad has to sleep in the same room. I checked the filter and it said it had caught no detections. I clicked report, but it would not produce a log (probably because I stopped it?) and I tried to copy past the scanned files, but it froze up. Perhaps I am good? Considering the redirect is the only symptom left and only happened when I ran combofix..?

I'll wait for your guidance though.

PS: Adobe wants to update. I didn't want to make any system changes so I wanted to let you know before I did anything.

Edited by Danc20, 07 October 2010 - 06:28 PM.

  • 0

#12
Render
Posted 08 October 2010 - 03:49 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please let the AVP do his job once again and then post the AVP log.

Considering the redirect is the only symptom left and only happened when I ran combofix..?

Do you still having problems with redirects?

Did you successfully install .NET Framework and Silverlight updates?

PS: Adobe wants to update. I didn't want to make any system changes so I wanted to let you know before I did anything.

Yes. Please do it.
  • 0

#13
Danc20
Posted 08 October 2010 - 03:59 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Can I try fixing the .Net Framework first?

Sorry for jumping the gun, (I didn't think to ask) but when I started uninstalling .net Framework 1.1 with the tool after doing it's job for a while it says at the bottom: "Product cleanup failed. See log for details". Then I hit it again and it said it was succesful, yet there are folders in C:\Windows\Microsoft.net that say v1.~. Also under Add/Remove program 1.1 says it is still there.

Should I continue uninstalling the other .Net Frameworks?

Edited by Danc20, 08 October 2010 - 06:00 PM.

  • 0

#14
Render
Posted 08 October 2010 - 07:13 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes, you should try it.:D
  • 0

#15
Danc20
Posted 08 October 2010 - 08:38 PM

Danc20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Awesome :D

Well I tried following that article and my eyes were near glistening when the last one - the .NET Framework 1.1 SP1 - failed. The error codes read:

"Fatal execution engine error (0x7925e0c4)"

I click okay then another comes up

Top bar reads: "SL148.tmp - Common Language Runtime Debugging Services"
Message reads: Application has generated an exception that could not be handled.
Process id=0xbf4 (3060), Thread id=0x960 (2400).

Click OK to terminate the application.
Click CANCEL to debug the application.

Then when clicking CANCEL

Top reads: Sl148.tmp - No debugger found.
Registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2 (2). Please check computer settings.
cordbg.exe !a 0xbf4

Click on Retry to have the process wait while attaching a debugger manually.
Click on cancel to abort the JIT debug request.


I googled it and...lo! Another Geekstogo guy who had issues. Link. It is a dead end though :/.

2/3 is not bad though! And at least we know which one might be the troublemaker.

Do you think I should skip over this and try to update?

Edited by Danc20, 08 October 2010 - 08:45 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP