Double-checking For Virus/malware[RESOLVED]

[CourierSS]

Within the past few weeks, I had 2 occurrences of 2 viruses discovered under the system volume information under the restore function of my Windows XP. Even though they're cleaned out, I've also noticed my maximum battery life to be lower than it used to be a month ago, so I want to double-check if this issue is related to a virus/malware. Please help if you can. Thanks!

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:08:10 PM, on 4/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Privoxy\privoxy.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe

O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe

O4 - Global Startup: SuperHybridEngine.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236637013781

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236637006187

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 7315 bytes

MBAM Log

Malwarebytes' Anti-Malware 1.36

Database version: 1976

Windows 5.1.2600 Service Pack 3

4/13/2009 11:45:31 AM

mbam-log-2009-04-13 (11-45-31).txt

Scan type: Quick Scan

Objects scanned: 69662

Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Edited April 14, 2009 by CourierSS

[Rorschach112]

lets see

• Download OTListIt2 to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Under Custom Scan paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %systemroot%\System32\antiwpa.dll
  %systemroot%\SYSTEM32\wpa.dll
  %systemroot%\setup\scripts\biestart.exe
  %systemroot%\system32\drivers\royal.sys
  %SYSTEMDRIVE%\*.
  %PROGRAMFILES%\*.
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

[CourierSS]

Thanks for your support!

I'll put it into two parts since it's very long as you said.

OTListIt

OTListIt logfile created on: 4/13/2009 2:10:54 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.83% Memory free

3.33 Gb Paging File | 2.90 Gb Available in Paging File | 87.22% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 82.82 Gb Total Space | 57.89 Gb Free Space | 69.90% Space Free | Partition Type: NTFS

Drive D: | 61.29 Gb Total Space | 61.23 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ENIGMA

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)

PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\athw.sys (Atheros Communications, Inc.)

DRV - (AsusACPI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys (ASUSTeK Computer Inc.)

DRV - (AvgLdx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX [system | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (btaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)

DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)

DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)

DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)

DRV - (ElbyCDIO [system | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (FsVga [system | Running]) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys (Microsoft Corporation)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (iPodDrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\iPodDrv.sys (Windows ® Codename Longhorn DDK provider)

DRV - (Ktp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ETD.sys (ELANTECH Devices Corp.)

DRV - (L1e [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\l1e51x86.sys (Atheros Communications, Inc.)

DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (STEC3 [Auto | Running]) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)

DRV - (VClone [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VClone.sys (Elaborate Bytes AG)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.2

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/13 09:07:14 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/10 23:53:32 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 13:23:09 | 00,000,000 | ---D | M]

[2009/03/09 15:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions

[2009/03/09 15:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/13 11:20:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1x2ndw9j.default\extensions

[2009/03/16 09:20:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1x2ndw9j.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2009/03/09 15:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1x2ndw9j.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/04/13 11:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1x2ndw9j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/03/09 15:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1x2ndw9j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/04/05 20:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1x2ndw9j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/04/13 11:20:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/03/28 13:23:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/03/23 00:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009/03/31 14:32:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/03/28 13:23:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/03/28 13:23:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/02/19 12:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/02/19 12:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/02/19 12:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/02/19 12:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/02/19 12:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/02/19 12:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/02/19 12:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1236637013781 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236637006187 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

O33 - MountPoints2\{78049ffd-0ce1-11de-aae6-00224363ab5d}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 -

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: AudioSrv - C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)

NetSvcs: Browser - C:\WINDOWS\System32\browser.dll (Microsoft Corporation)

NetSvcs: CryptSvc - C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)

NetSvcs: DMServer - C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)

NetSvcs: DHCP - C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)

NetSvcs: ERSvc - C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)

NetSvcs: EventSystem - C:\WINDOWS\system32\es.dll (Microsoft Corporation)

NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll (Microsoft Corporation)

NetSvcs: Ias -

NetSvcs: Iprip -

NetSvcs: Irmon -

NetSvcs: LanmanServer - C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)

NetSvcs: LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)

NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)

NetSvcs: Netman - C:\WINDOWS\System32\netman.dll (Microsoft Corporation)

NetSvcs: Nla - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

NetSvcs: Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation -

NetSvcs: Nwsapagent -

NetSvcs: Rasauto - C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)

NetSvcs: Rasman - C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)

NetSvcs: Remoteaccess - C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)

NetSvcs: Schedule - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)

NetSvcs: Seclogon - C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)

NetSvcs: SENS - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)

NetSvcs: Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)

NetSvcs: SRService - C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)

NetSvcs: Tapisrv - C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)

NetSvcs: Themes - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)

NetSvcs: TrkWks - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)

NetSvcs: W32Time - C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)

NetSvcs: WZCSVC - C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)

NetSvcs: Wmi -

NetSvcs: WmdmPmSp -

NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll (Microsoft Corporation)

NetSvcs: wscsvc - C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation)

NetSvcs: xmlprov - C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)

NetSvcs: napagent - C:\WINDOWS\System32\qagentrt.dll (Microsoft Corporation)

NetSvcs: hkmsvc - C:\WINDOWS\System32\kmsvc.dll (Microsoft Corporation)

NetSvcs: BITS - C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)

NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

NetSvcs: ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

NetSvcs: WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk - %ProgramFiles%\Dropbox\Dropbox.exe - ()

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Alcmtr - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\ALCMTR.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: AsusTray - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

MsConfig - StartUpReg: Google Update - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %UserProfile%\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: HotKeysCmds - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\hkcmd.exe (Intel Corporation)

MsConfig - StartUpReg: IgfxTray - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\igfxtray.exe (Intel Corporation)

MsConfig - StartUpReg: IMJPMIG8.1 - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

MsConfig - StartUpReg: MsnMsgr - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

MsConfig - StartUpReg: MSPY2002 - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\IME\PINTLGNT\ImScInst.exe ()

MsConfig - StartUpReg: Persistence - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\igfxpers.exe (Intel Corporation)

MsConfig - StartUpReg: PHIME2002A - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

MsConfig - StartUpReg: PHIME2002ASync - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RTHDCPL - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\RTHDCPL.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: VirtualCloneDrive - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\system32\svchost.exe (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)

SafeBootMin: DcomLaunch - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)

SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)

SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)

SafeBootMin: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)

SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Netlogon - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys (Microsoft Corporation)

SafeBootMin: SRService - %SystemRoot%\system32\srsvc.dll (Microsoft Corporation)

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)

SafeBootMin: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)

SafeBootNet: AppMgmt - %SystemRoot%\system32\svchost.exe (Microsoft Corporation)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: Browser - %SystemRoot%\System32\browser.dll (Microsoft Corporation)

SafeBootNet: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)

SafeBootNet: DcomLaunch - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootNet: Dhcp - %SystemRoot%\System32\dhcpcsvc.dll (Microsoft Corporation)

SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)

SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)

SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)

SafeBootNet: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)

SafeBootNet: DnsCache - %SystemRoot%\System32\dnsrslvr.dll (Microsoft Corporation)

SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: ip6fw.sys - %SystemRoot%\system32\DRIVERS\Ip6Fw.sys (Microsoft Corporation)

SafeBootNet: ipnat.sys - %SystemRoot%\system32\DRIVERS\ipnat.sys (Microsoft Corporation)

SafeBootNet: LanmanServer - %SystemRoot%\System32\srvsvc.dll (Microsoft Corporation)

SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll (Microsoft Corporation)

SafeBootNet: LmHosts - %SystemRoot%\System32\lmhsvc.dll (Microsoft Corporation)

SafeBootNet: Messenger - %SystemRoot%\System32\msgsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: Ndisuio - %SystemRoot%\system32\DRIVERS\ndisuio.sys (Microsoft Corporation)

SafeBootNet: NetBIOS - %SystemRoot%\system32\DRIVERS\netbios.sys (Microsoft Corporation)

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetBT - %SystemRoot%\system32\DRIVERS\netbt.sys (Microsoft Corporation)

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Netlogon - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)

SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NtLmSsp - %SystemRoot%\system32\lsass.exe (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys (Microsoft Corporation)

SafeBootNet: rdpdd.sys - %SystemRoot%\System32\rdpdd.dll (Microsoft Corporation)

SafeBootNet: rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys (Microsoft Corporation)

SafeBootNet: rdsessmgr - %SystemRoot%\system32\sessmgr.exe (Microsoft Corporation)

SafeBootNet: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: SharedAccess - %SystemRoot%\System32\ipnathlp.dll (Microsoft Corporation)

SafeBootNet: sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys (Microsoft Corporation)

SafeBootNet: SRService - %SystemRoot%\system32\srsvc.dll (Microsoft Corporation)

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: Tcpip - %SystemRoot%\system32\DRIVERS\tcpip.sys (Microsoft Corporation)

SafeBootNet: TDI - Driver Group

SafeBootNet: tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys (Microsoft Corporation)

SafeBootNet: tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys (Microsoft Corporation)

SafeBootNet: termservice - %SystemRoot%\System32\termsrv.dll (Microsoft Corporation)

SafeBootNet: vga.sys - Driver

SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)

SafeBootNet: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)

SafeBootNet: WZCSVC - %SystemRoot%\System32\wzcsvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\system32\VfWWDM32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: vidc.I420 - C:\WINDOWS\system32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.IYUV - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\system32\yv12vfw.dll (www.helixcommunity.org)

Drivers32: VIDC.YVU9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[2009/04/13 14:07:28 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

[2009/04/13 13:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ViStart

[2009/04/13 13:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ViStart Beta 6

[2009/04/13 13:37:26 | 00,417,838 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ViStart Beta 6.zip

[2009/04/13 11:36:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/04/13 11:35:35 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/04/13 11:35:22 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk

[2009/04/13 11:35:22 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk

[2009/04/13 11:35:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/04/13 11:32:35 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

[2009/04/13 11:27:47 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2009/04/13 11:27:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/04/13 11:27:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2009/04/13 09:01:06 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/04/13 09:01:05 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/04/13 09:00:59 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/04/13 09:00:57 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/04/13 09:00:54 | 35,077,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/04/13 09:00:54 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/04/13 09:00:54 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/04/13 09:00:54 | 00,093,231 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/04/13 09:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/04/13 09:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/04/11 20:02:48 | 20,859,765 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Max_Zombie.pdf

[2009/04/10 13:27:09 | 10,549,058 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lady_GaGa-Eh,_Eh_(Nothing_Else_I_Ca-01-Eh,_Eh_(Nothing_Else_I_Ca.mp3

[2009/04/09 00:52:06 | 01,618,335 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jp_grammar_guide.pdf

[2009/04/08 23:19:44 | 00,001,236 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Quotes - Part 2.rtf

[2009/04/08 14:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0

[2009/04/07 00:46:10 | 00,144,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SNT_Meeting_Guide-1-1.doc

[2009/04/06 13:35:15 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Tiresias and Kreon.doc

[2009/04/06 11:10:22 | 02,358,349 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LinAlg_Complete.pdf

[2009/04/05 20:51:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Feynman Lectures

[2009/04/05 14:10:05 | 10,673,4153 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Motion Mountain 22nd Edition.pdf

[2009/04/04 22:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\CoreAVC Pro

[2009/04/04 22:24:39 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack

[2009/04/04 19:35:21 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll

[2009/04/04 19:35:21 | 00,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll

[2009/04/04 19:35:20 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2009/04/04 19:35:20 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll

[2009/04/04 19:35:20 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009/04/04 19:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5

[2009/04/04 19:34:31 | 00,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax

[2009/04/04 19:34:31 | 00,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax

[2009/04/04 19:34:31 | 00,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax

[2009/04/04 19:34:31 | 00,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax

[2009/04/04 19:34:31 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax

[2009/04/04 19:34:31 | 00,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax

[2009/04/04 19:34:30 | 00,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax

[2009/04/04 19:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\eRightSoft

[2009/04/04 19:32:30 | 31,693,599 | ---- | C] (eRightSoft ) -- C:\Documents and Settings\Owner\My Documents\SUPERsetup.exe

[2009/04/04 19:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Creative

[2009/04/04 18:58:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative

[2009/04/04 18:58:13 | 00,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information

[2009/04/04 09:19:48 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\PW7_AntigoneDoingS09.doc

[2009/04/02 19:24:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/04/01 11:36:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Japanese

[2009/04/01 08:44:45 | 00,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk

[2009/03/31 20:53:57 | 00,000,581 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk

[2009/03/31 17:07:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2009/03/31 17:06:50 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/03/31 17:06:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/03/31 17:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/03/31 17:06:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/03/31 17:04:59 | 02,906,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe

[2009/03/31 13:19:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Amazon

[2009/03/31 13:16:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2009/03/30 22:04:16 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagwrn.xml

[2009/03/30 22:04:16 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml

[2009/03/30 18:45:07 | 00,000,676 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Windows Dreamspark Keys.rtf

[2009/03/30 18:44:32 | 18,811,41248 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\en_windows_server_2008_datacenter_enterprise_standard_x86_dvd_X14-26710.iso

[2009/03/30 11:50:37 | 00,006,022 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Antigone.rtf

[2009/03/30 10:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\School

[2009/03/29 22:06:31 | 00,046,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/03/29 19:18:09 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\College Spring Quarter Schedule.doc

[2009/03/29 10:19:52 | 00,000,000 | ---D | C] -- C:\Program Files\XMind

[2009/03/29 10:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\XMind

[2009/03/29 10:02:37 | 20,774,118 | ---- | C] (XMind Ltd.) -- C:\Documents and Settings\Owner\My Documents\xmind-win-3.0.2.200903221757.exe

[2009/03/28 15:18:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Search

[2009/03/28 15:17:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/03/28 15:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities

[2009/03/28 15:17:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

[2009/03/28 15:16:23 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2009/03/28 15:16:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy

[2009/03/28 15:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2009/03/28 07:15:46 | 00,006,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\iPodDrv.sys

[2009/03/27 08:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\INTERHEART

[2009/03/26 10:58:29 | 00,494,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Fast System Startup for PCs Running Windows.doc

[2009/03/25 23:10:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help

[2009/03/25 23:10:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help

[2009/03/25 21:40:05 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm

[2009/03/25 21:40:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm

[2009/03/23 23:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\TaskSwitchXP

[2009/03/21 09:50:38 | 00,000,103 | ---- | C] () -- C:\WINDOWS\auth.INI

[2009/03/21 09:50:35 | 00,002,368 | ---- | C] (AntiCracking) -- C:\WINDOWS\System32\STEC3.sys

[2009/03/21 09:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes

[2009/03/20 19:07:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Tor

[2009/03/20 18:42:26 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2009/03/20 18:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[2009/03/20 18:41:27 | 00,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\My Documents\utorrent.exe

[2009/03/20 12:12:26 | 00,082,542 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\College Housing Contract.pdf

[2009/03/19 19:38:11 | 22,711,584 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\antivir_workstation_winu_en_hp.exe

[2009/03/19 13:54:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Dropbox

[2009/03/19 13:52:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox

[2009/03/19 13:52:13 | 00,000,000 | ---D | C] -- C:\Program Files\Dropbox

[2009/03/19 13:48:42 | 14,888,263 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dropbox 0.6.402.exe

[2009/03/18 23:25:03 | 00,000,771 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Humanities Core Spring Quarter Reading.rtf

[2009/03/17 20:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Audacity

[2009/03/17 20:39:28 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)

[2009/03/17 18:56:54 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/03/17 13:23:52 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk

[2009/03/17 13:23:49 | 00,000,000 | ---D | C] -- C:\Program Files\Privoxy

[2009/03/17 09:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads

[2009/03/17 09:10:48 | 00,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-591339564-1611957406-3078930473-1006.job

[2009/03/17 09:10:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment

[2009/03/16 19:53:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2009/03/16 19:53:34 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache

[2009/03/15 16:53:27 | 00,000,000 | ---D | C] -- C:\Program Files\JkDefragGUI

[2009/03/15 13:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\MOV Download Tool

[2009/03/15 13:15:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer

[2009/03/15 13:06:02 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/03/15 13:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/03/15 13:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple

[2009/03/15 13:05:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer

[2009/03/14 20:06:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Live Writer

[2009/03/14 20:00:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/03/14 20:00:02 | 04,909,440 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\Silverlight.2.0.exe

[2009/01/08 22:31:17 | 00,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009/01/08 22:31:09 | 00,000,541 | ---- | C] () -- C:\WINDOWS\win.ini

[2009/01/08 22:31:09 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2009/01/08 03:15:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/01/08 01:50:39 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/01/08 01:50:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/01/08 01:50:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/01/08 01:50:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/01/08 01:50:39 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/01/08 01:50:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/01/08 01:37:43 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2008/11/14 16:12:56 | 00,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

[2008/09/02 05:25:26 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/07/30 17:31:52 | 00,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini

[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/02/17 10:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 10:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[2009/04/13 14:11:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/04/13 14:07:28 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

[2009/04/13 13:37:26 | 00,417,838 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ViStart Beta 6.zip

[2009/04/13 12:01:08 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-591339564-1611957406-3078930473-1006.job

[2009/04/13 11:54:25 | 00,550,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/04/13 11:54:25 | 00,462,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/04/13 11:54:25 | 00,078,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/04/13 11:50:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/04/13 11:50:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/04/13 11:49:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/04/13 11:35:35 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/04/13 11:35:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk

[2009/04/13 11:35:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk

[2009/04/13 11:27:47 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2009/04/13 11:27:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe

[2009/04/13 11:13:35 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/04/13 11:13:34 | 00,000,541 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/04/13 11:13:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/04/13 09:06:21 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/04/13 09:06:21 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/04/13 09:06:21 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/04/13 09:06:19 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/04/13 09:04:14 | 35,077,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/04/13 09:04:13 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/04/13 09:04:13 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/04/13 09:04:13 | 00,093,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/04/12 22:00:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2009/04/11 20:03:41 | 20,859,765 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Max_Zombie.pdf

[2009/04/10 13:27:09 | 10,549,058 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lady_GaGa-Eh,_Eh_(Nothing_Else_I_Ca-01-Eh,_Eh_(Nothing_Else_I_Ca.mp3

[2009/04/09 00:52:07 | 01,618,335 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jp_grammar_guide.pdf

[2009/04/08 23:26:45 | 00,001,236 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Quotes - Part 2.rtf

[2009/04/07 00:46:10 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SNT_Meeting_Guide-1-1.doc

[2009/04/06 22:15:38 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/04/06 14:13:22 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Tiresias and Kreon.doc

[2009/04/06 11:10:23 | 02,358,349 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LinAlg_Complete.pdf

[2009/04/05 14:34:15 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk

[2009/04/05 14:16:25 | 10,673,4153 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Motion Mountain 22nd Edition.pdf

[2009/04/04 19:33:42 | 31,693,599 | ---- | M] (eRightSoft ) -- C:\Documents and Settings\Owner\My Documents\SUPERsetup.exe

[2009/04/04 09:19:49 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PW7_AntigoneDoingS09.doc

[2009/04/01 08:44:45 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk

[2009/03/31 17:05:09 | 02,906,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe

[2009/03/30 22:04:23 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagwrn.xml

[2009/03/30 22:04:23 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml

[2009/03/30 21:43:53 | 18,811,41248 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\en_windows_server_2008_datacenter_enterprise_standard_x86_dvd_X14-26710.iso

[2009/03/30 18:45:07 | 00,000,676 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Windows Dreamspark Keys.rtf

[2009/03/30 17:41:45 | 00,006,022 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Antigone.rtf

[2009/03/29 22:06:31 | 00,046,880 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/03/29 19:18:09 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\College Spring Quarter Schedule.doc

[2009/03/29 10:06:11 | 00,046,968 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/03/29 10:02:51 | 20,774,118 | ---- | M] (XMind Ltd.) -- C:\Documents and Settings\Owner\My Documents\xmind-win-3.0.2.200903221757.exe

[2009/03/28 15:16:23 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2009/03/28 15:15:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/03/28 07:15:46 | 00,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\iPodDrv.sys

[2009/03/26 10:58:29 | 00,494,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fast System Startup for PCs Running Windows.doc

[2009/03/25 21:40:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/03/25 21:40:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/03/23 23:00:26 | 00,221,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/03/21 09:57:12 | 00,000,103 | ---- | M] () -- C:\WINDOWS\auth.INI

[2009/03/21 09:50:35 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\STEC3.sys

[2009/03/20 18:41:27 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\My Documents\utorrent.exe

[2009/03/20 12:12:26 | 00,082,542 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\College Housing Arroyo Contract.pdf

[2009/03/19 19:39:08 | 22,711,584 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\antivir_workstation_winu_en_hp.exe

[2009/03/19 13:51:07 | 14,888,263 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dropbox 0.6.402.exe

[2009/03/18 23:25:03 | 00,000,771 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Humanities Core Spring Quarter Reading.rtf

[2009/03/17 13:23:52 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk

[2009/03/16 18:49:20 | 00,003,031 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Philosophy.rtf

[2009/03/14 20:00:08 | 04,909,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\Silverlight.2.0.exe

========== LOP Check ==========

[2009/04/13 09:00:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/03/14 11:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/03/31 13:23:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon

[2009/03/15 13:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/01/08 02:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros

[2009/04/13 09:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/03/11 09:06:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/04/10 17:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo

[2009/04/04 19:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative

[2009/03/11 03:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ECAP

[2009/03/31 17:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/03/28 15:16:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/03/11 03:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software

[2009/03/11 03:28:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2009/03/12 17:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2009/03/11 01:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2009/03/11 23:35:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/01/08 01:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/01/08 01:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2009/04/13 13:38:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data

[2009/03/13 23:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.purple

[2009/03/14 11:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe

[2009/03/15 13:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer

[2009/03/17 20:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity

[2009/03/09 15:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CiscoCAA

[2009/03/14 11:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/04/04 19:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Creative

[2009/03/29 18:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox

[2009/03/12 01:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FastStone

[2009/03/14 03:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2009/03/13 23:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0

[2009/03/25 23:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help

[2009/01/08 23:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities

[2009/01/08 01:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield

[2009/03/27 08:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\INTERHEART

[2009/04/13 14:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jarte

[2009/03/09 16:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia

[2009/03/31 17:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2009/03/10 12:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic

[2009/04/13 09:00:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft

[2009/03/09 15:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla

[2009/03/12 17:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real

[2009/03/11 01:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype

[2009/03/11 01:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM

[2009/03/12 03:02:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftMaker

[2009/04/11 09:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StarOffice8

[2009/01/08 01:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun

[2009/03/11 23:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

[2009/03/27 17:29:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[2009/04/13 13:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViStart

[2009/03/28 15:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

[2009/03/14 20:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Live Writer

[2009/03/28 15:18:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

[2009/03/29 10:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XMind

[2009/04/13 14:11:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2008/04/14 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/04/13 12:01:08 | 00,000,930 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-591339564-1611957406-3078930473-1006.job

[2009/04/13 11:50:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/04/12 22:00:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %SYSTEMDRIVE%\*. >

[2009/04/13 14:07:28 | 00,000,000 | ---D | M] -- C:

[2009/04/13 11:32:35 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$

[2009/03/12 02:30:30 | 00,000,000 | ---D | M] -- C:\45e564d52e7d563007c6c5c7d20c

[2009/03/17 19:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings

[2009/01/08 01:36:30 | 00,000,000 | ---D | M] -- C:\Intel

[2009/04/13 14:01:44 | 00,000,000 | ---D | M] -- C:\Program Files

[2009/03/09 12:35:27 | 00,000,000 | -HSD | M] -- C:\RECYCLER

[2009/03/31 16:36:04 | 00,000,000 | -HSD | M] -- C:\System Volume Information

[2009/04/13 14:01:30 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*. >

[2009/04/13 14:01:44 | 00,000,000 | ---D | M] -- C:\Program Files

[2009/03/09 16:25:26 | 00,000,000 | ---D | M] -- C:\Program Files\7-Zip

[2009/03/14 11:26:17 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2009/01/08 01:43:18 | 00,000,000 | ---D | M] -- C:\Program Files\ASUS

[2009/01/08 02:17:54 | 00,000,000 | ---D | M] -- C:\Program Files\Atheros

[2009/03/17 20:39:33 | 00,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)

[2009/04/02 19:24:47 | 00,000,000 | ---D | M] -- C:\Program Files\AVG

[2009/04/04 19:35:19 | 00,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5

[2009/03/12 02:36:26 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2009/03/09 15:31:33 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco Systems

[2009/04/04 22:24:43 | 00,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack

[2009/04/04 21:28:53 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2009/04/10 17:10:38 | 00,000,000 | ---D | M] -- C:\Program Files\COMODO

[2009/04/04 22:29:34 | 00,000,000 | ---D | M] -- C:\Program Files\CoreAVC Pro

[2009/04/04 19:00:15 | 00,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information

[2009/03/12 22:43:57 | 00,000,000 | ---D | M] -- C:\Program Files\DivX

[2009/04/08 14:48:14 | 00,000,000 | ---D | M] -- C:\Program Files\doubleTwist 2.0

[2009/03/19 13:52:29 | 00,000,000 | ---D | M] -- C:\Program Files\Dropbox

[2009/03/11 03:50:49 | 00,000,000 | ---D | M] -- C:\Program Files\ECAP

[2009/01/08 02:25:29 | 00,000,000 | ---D | M] -- C:\Program Files\Eee Storage

[2009/03/12 22:29:44 | 00,000,000 | ---D | M] -- C:\Program Files\EeePC

[2009/03/21 09:28:30 | 00,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes

[2009/01/08 02:15:14 | 00,000,000 | ---D | M] -- C:\Program Files\Elantech

[2009/04/04 19:34:23 | 00,000,000 | ---D | M] -- C:\Program Files\eRightSoft

[2009/04/13 11:35:35 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT

[2009/03/12 01:59:46 | 00,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer

[2009/03/17 09:17:33 | 00,000,000 | ---D | M] -- C:\Program Files\FlashGet

[2009/03/09 16:19:06 | 00,000,000 | ---D | M] -- C:\Program Files\Google

[2009/04/04 18:59:27 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2009/01/08 01:36:38 | 00,000,000 | ---D | M] -- C:\Program Files\Intel

[2009/03/14 13:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2009/01/08 01:50:35 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo

[2009/03/12 02:52:08 | 00,000,000 | ---D | M] -- C:\Program Files\Jarte

[2009/03/31 14:32:31 | 00,000,000 | ---D | M] -- C:\Program Files\Java

[2009/03/15 16:54:01 | 00,000,000 | ---D | M] -- C:\Program Files\JkDefragGUI

[2009/04/13 11:40:22 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/03/13 20:35:54 | 00,000,000 | ---D | M] -- C:\Program Files\MediaMonkey

[2009/01/08 01:28:33 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger

[2009/01/08 23:48:06 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2009/03/16 19:53:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009/03/14 20:00:38 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight

[2009/01/08 01:43:27 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2009/03/15 13:24:24 | 00,000,000 | ---D | M] -- C:\Program Files\MOV Download Tool

[2009/01/08 23:45:39 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2009/04/13 11:20:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2009/03/12 02:31:06 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2009/03/16 19:53:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache

[2009/01/08 23:44:08 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone

[2009/01/08 23:45:44 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2009/01/08 23:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services

[2009/01/08 23:45:43 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2009/03/17 13:23:55 | 00,000,000 | ---D | M] -- C:\Program Files\Privoxy

[2009/03/15 13:24:23 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2009/01/08 01:39:14 | 00,000,000 | ---D | M] -- C:\Program Files\RALINK

[2009/03/12 17:23:20 | 00,000,000 | ---D | M] -- C:\Program Files\Real Alternative

[2009/01/08 02:12:47 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek

[2009/03/12 02:30:51 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2009/03/11 01:52:18 | 00,000,000 | R--D | M] -- C:\Program Files\Skype

[2009/03/12 03:02:55 | 00,000,000 | ---D | M] -- C:\Program Files\SoftMaker Office 2006

[2009/01/08 01:54:51 | 00,000,000 | ---D | M] -- C:\Program Files\Sun

[2009/04/07 22:34:23 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware

[2009/03/23 23:38:10 | 00,000,000 | ---D | M] -- C:\Program Files\TaskSwitchXP

[2009/04/13 11:27:45 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro

[2009/01/08 23:51:40 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2009/03/20 18:42:26 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent

[2009/01/08 01:39:34 | 00,000,000 | ---D | M] -- C:\Program Files\WIDCOMM

[2009/03/28 15:16:04 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search

[2009/03/09 15:24:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live

[2009/01/08 01:46:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar

[2009/01/08 01:53:01 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2

[2009/01/08 01:53:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2009/01/08 23:44:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2009/01/08 23:46:06 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2009/01/08 23:48:06 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

[2009/04/02 09:50:18 | 00,000,000 | ---D | M] -- C:\Program Files\XMind

< End of report >

Edited April 14, 2009 by CourierSS

[CourierSS]

Extras

OTListIt Extras logfile created on: 4/13/2009 2:10:54 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.83% Memory free

3.33 Gb Paging File | 2.90 Gb Available in Paging File | 87.22% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 82.82 Gb Total Space | 57.89 Gb Free Space | 69.90% Space Free | Partition Type: NTFS

Drive D: | 61.29 Gb Total Space | 61.23 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ENIGMA

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget File not found

C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)

C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)

C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 13

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{52F6065D-27D0-4680-B2BC-C49C9A252459}" = Motorola Driver Installation

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}" = ECAP

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)

"AVG8Uninstall" = AVG Free 8.0

"CCleaner" = CCleaner (remove only)

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18

"coreavc_is1" = CoreAVC Pro 1.8.5.0

"Dropbox" = Dropbox

"Eee Storage" = Eee Storage 1.2.16.309

"Elantech" = ETDWare PS/2-x86 7.0.3.12 For XP WHQL

"ERUNT_is1" = ERUNT 1.1j

"FastStone Image Viewer" = FastStone Image Viewer 3.7

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Jarte_is1" = Jarte 3.3

"JkDefragGUI" = JkDefragGUI 1.03

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaMonkey_is1" = MediaMonkey 3.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"movdltool_is1" = MOV Download Tool 1.1.0

"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Picasa 3" = Picasa 3

"Privoxy" = Privoxy (remove only)

"RealAlt_is1" = Real Alternative 1.9.0

"sm-un1.u32" = SoftMaker Office 2006 (C:\Program Files\SoftMaker Office 2006)

"TaskSwitchXP" = TaskSwitchXP

"VirtualCloneDrive" = VirtualCloneDrive

"ViStart" = ViStart

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XMind" = XMind

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/28/2009 2:18:09 AM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

Error - 3/29/2009 12:56:56 AM | Computer Name = ENIGMA | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Windows Application,

SystemIndex Catalog

Error - 3/31/2009 11:32:00 AM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

Error - 3/31/2009 4:19:01 PM | Computer Name = ENIGMA | Source = MsiInstaller | ID = 11904

Description = Product: Amazon Unbox Video -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx

failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 4/1/2009 10:39:30 AM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

Error - 4/1/2009 4:56:19 PM | Computer Name = ENIGMA | Source = Application Hang | ID = 1002

Description = Hanging application mgbd.exe, version 0.1.0.8, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/2/2009 12:24:48 PM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

Error - 4/2/2009 1:26:50 PM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

Error - 4/9/2009 12:26:33 PM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

Error - 4/9/2009 2:04:18 PM | Computer Name = ENIGMA | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 4/4/2009 3:33:30 PM | Computer Name = ENIGMA | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

Owner that believes that it is the master browser for the domain on transport NetBT_Tcpip_{44A46801-5EF5-4FE8-82.

The

master browser is stopping or an election is being forced.

Error - 4/4/2009 9:52:09 PM | Computer Name = ENIGMA | Source = WPDMTPDriver | ID = 80837

Description = MTP USB Driver has detected that the device has failed to respond

to the operation 0x100d in 5 minutes, which resulted in an attempt to cancel the

operation. Error 0x802a0006.

Error - 4/4/2009 9:54:08 PM | Computer Name = ENIGMA | Source = WPDMTPDriver | ID = 80836

Description = MTP WPD Driver has failed to start. Error 0x8007001f.

Error - 4/5/2009 4:57:20 PM | Computer Name = ENIGMA | Source = PlugPlayManager | ID = 12

Description = The device 'AzureWave Wireless Network Adapter' (PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&37028e5f&0&00E3)

disappeared from the system without first being prepared for removal.

Error - 4/5/2009 10:33:33 PM | Computer Name = ENIGMA | Source = Dhcp | ID = 1001

Description = Your computer was not assigned an address from the network (by the

DHCP Server) for the Network Card with network address 00224363AB5D. The following

error occurred: %%121. Your computer will continue to try and obtain an address on

its own from the network address (DHCP) server.

Error - 4/5/2009 10:50:52 PM | Computer Name = ENIGMA | Source = PlugPlayManager | ID = 12

Description = The device 'AzureWave Wireless Network Adapter' (PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&37028e5f&0&00E3)

disappeared from the system without first being prepared for removal.

Error - 4/6/2009 12:06:35 PM | Computer Name = ENIGMA | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 169.234.4.62 on

the Network Card with network address 00224363AB5D.

Error - 4/6/2009 12:07:55 PM | Computer Name = ENIGMA | Source = PlugPlayManager | ID = 12

Description = The device 'AzureWave Wireless Network Adapter' (PCI\VEN_168C&DEV_002A&SUBSYS_10671A3B&REV_01\4&37028e5f&0&00E3)

disappeared from the system without first being prepared for removal.

Error - 4/6/2009 12:07:56 PM | Computer Name = ENIGMA | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{44A46801-5EF5-4FE8-821F-A1C63245BACD}

because another computer on the network has the same name. The server could not

start.

Error - 4/6/2009 3:43:21 PM | Computer Name = ENIGMA | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 169.234.7.32 on

the Network Card with network address 00224363AB5D.

< End of report >

Edited April 14, 2009 by CourierSS

[Rorschach112]

hello

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[CourierSS]

MBAM Log

Malwarebytes' Anti-Malware 1.36

Database version: 1976

Windows 5.1.2600 Service Pack 3

4/13/2009 5:25:20 PM

mbam-log-2009-04-13 (17-25-20).txt

Scan type: Quick Scan

Objects scanned: 69586

Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Kaspersky

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Monday, April 13, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Tuesday, April 14, 2009 01:41:07

Records in database: 2041925

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Files scanned: 50198

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 01:16:30

No malware has been detected. The scan area is clean.

The selected area was scanned.

[Rorschach112]

your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

• Click the Pt. Restauration button and press OK to the prompts.
  
• Click the Corbeille button and press OK to the prompt.
  
• Click the Fichiers temp button and press OK to the prompt.
  
• Click the Recherche button and let it run ( it may look like it freezes but let it continue )
  
• Once it is done click the Suppression button and let it remove anything it finds.
  
• Close the program
  

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    

  [*]ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

  Here

  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
    
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    

  [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[CourierSS]

Thank you for your help! My battery life seems to be restored to its original capabilities. Thanks again!

Edited April 14, 2009 by CourierSS

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.