Inactive Please help me to finish clean-up from Microsoft Security Suite malware invasion

Status
Not open for further replies.

jbmorgan

Posts: 81   +0
Hello! A few days ago, my eee PC laptop was unfortunately infected with the Microsoft Security Suite malware. I was able to install and run Malwarebytes in Safe Mode Networking, and that got rid of 90% of the problems. However, there are still a couple of strange things going on, such as the fact that my virus protection (Microsoft Security Essentials) isn't able to run updates, and my Windows Update also doesn't seem able to run. After consulting with some kind people in another thread on this site, I was advised to follow the 8-step procedure, which I just did. I was hoping that if I post the logs here, someone could take a look and tell me what else might need to be done. The logs were too long to paste so I've attached them. Thank you very much!
 

Attachments

  • Attach.txt
    29.4 KB · Views: 3
  • DDS.txt
    24.3 KB · Views: 3
  • gmer.log
    34.1 KB · Views: 4
  • mbam-log-2010-08-17 (16-48-23).txt
    912 bytes · Views: 4
Hi. Just a FYI. Keep away from cracks and keygens. They will ALL infect your pc. Not worth it.

====

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
Combofix log, as requested

Hello Crunchie,

Thanks a lot for your help. The Combofix log is attached. I don't know if you need this as well, but shortly after I started it, it told me that it had detected rootkit activity and asked me to write down the following: "Service: ACPIEC, Location: C\WINDOWS\system32\DRIVERS\ACPIEC.sys

--John
 

Attachments

  • log.txt
    116.7 KB · Views: 4
New problems...

Since I posted the last message, some new problems have occurred. First, I was pleasantly surprised to find that I was able to load the updates for Microsoft Security Essentials, which I was unable to do since the malware attack.After that I started running a fresh check with Malwarebytes. I was on-line on the Web at the time, but I certainly wasn't downloading any torrents or on any torrent sites. I got an alert from MSE which said that a trojan was attempting to infiltrate my system. It asked me if I wanted to clean it and of course I said yes, and it said it was able to get rid of it. Then, a few minutes later, I suddenly got the blue screen of death for no apparent reason and had to restart. Then I had the Microsoft Windows "The system has recovered from a serious error" pop-up on my screen, and I couldn't get it off my screen for some time, although it finally seems to have stopped reappearing. I don't know if this was a fresh infection or the result of the last one, but I thought I should describe it.
 
Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logs attached

The OTL logs are attached to this message.
 

Attachments

  • OTL.Txt
    152.1 KB · Views: 3
  • Extras.Txt
    49.9 KB · Views: 2
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\zmfdaenl.sys -- (zmfdaenl)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ydngsxyy.sys -- (ydngsxyy)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vqjskoqf.sys -- (vqjskoqf)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\JOHNB~1.MOR\LOCALS~1\Temp\lvehgy.sys -- (ujujcnlptkzyhs)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys -- (ShldDrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RT2860.sys -- (RT80x86)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RkPavproc3.sys -- (RkPavproc3)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RkPavproc2.sys -- (RkPavproc2)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\PavProc.sys -- (PavProc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ngghlbmg.sys -- (ngghlbmg)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\inyccpgo.sys -- (inyccpgo)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bxzadlol.sys -- (bxzadlol)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
    [2010/08/13 23:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\armrhjjrv
    [2010/08/08 03:29:58 | 000,000,000 | ---D | C] -- C:\4e0a71e16dec71b604201b5ae1bd35
    :Commands
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

===================

Let me know how the pc is please.
 
New OTL logs

Attached are the latest OTL logs (the first from when I ran the script you gave me, and the second from the scan I ran afterwards). For some reason it didn't create an Extras log this time.

So far my PC seems to be working all right although of course I just ran the script so it's a bit early to say. If I have any problems later I'll post about it here.
 

Attachments

  • 08202010_150541.log
    8.9 KB · Views: 1
  • OTL.Txt
    134.8 KB · Views: 0
New problem

Hello,

I'm sorry for being away for so long. I thought the problem was solved but today it re-emerged.

Earlier today I was infected by the Antivirus Action malware. I ran Malwarebytes and ran a full scan in Safe Mode. The first time it found and removed several infections. I ran it a second time and it found nothing. My system is greatly improved, but for some reason my Microsoft Security Essentials suite is switched off and I cannot get it to restart. In regular mode it is non-responsive, and even in Safe Mode I cannot switch it back on for monitoring (even though it will scan). I'm concerned that there may still be traces of the infection in my system. Thank you in advance.
 
I do not believe it has re-emerged. More likely you have got yourself re-infected.
Plese go through the procedure of posting the logs and I will take a look.
 
Malwarbytes log

Thank you. I suppose you're correct although I haven't downloaded anything recently.

My new Malwarebytes log is attached. I really appreciate your help.

--John
 

Attachments

  • mbam-log-2010-11-13 (01-51-32).txt
    896 bytes · Views: 1
Can you post the Gmer and DDS logs too please.
Also, logs are not to be attached anymore, so please just paste them into your reply.
If they are too long, break them over several posts.
 
GMER log

Yes, thank you. Below is the GMER log.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-14 20:51:33
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
Running: i3c1yjv1.exe; Driver: C:\DOCUME~1\JOHNB~1.MOR\LOCALS~1\Temp\awtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xB9EFEFFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EFF38C]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A8421F8
Device \Driver\atapi \Device\Ide\IdePort0 8A8421F8
Device \Driver\atapi \Device\Ide\IdePort1 8A8421F8
Device \FileSystem\Ntfs \Ntfs 8A8411F8
Device \FileSystem\Fastfat \Fat 898841F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS log #1

Here is the first DDS log:

DDS (Ver_10-11-10.01) - NTFSx86
Run by John B. Morgan IV at 20:55:34.82 on Sun 11/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1425 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\John B. Morgan IV\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.arktos.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Softonic English Findbar: {8c5ad199-66d9-4cea-849d-a72c81da26f3} - c:\program files\softonic_english\tbSof0.dll
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MobiLink3] c:\program files\novatel wireless\virgin mobile\MobiLink3.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SMSTray] c:\program files\samsung\emodio\SMSTray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\johnb~1.mor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\john b. morgan iv\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: bobibanking.com\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnb~1.mor\applic~1\mozilla\firefox\profiles\wlrr7xnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.arktos.com/
FF - prefs.js: keyword.URL - hxxp://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\john b. morgan iv\application data\mozilla\firefox\profiles\wlrr7xnj.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 LanmanSrv;Trusted Center;c:\windows\system32\svchost.exe -k netsvcs [2009-11-24 14336]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\rkpavproc1.sys [2009-4-24 16952]

=============== Created Last 30 ================

2010-11-12 20:07:14 -------- d-----w- c:\program files\winlogon.exe
2010-11-12 09:13:14 105984 --sha-r- c:\windows\system32\msvcrt208.dll
2010-11-12 04:54:05 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{aebbd557-1686-4fa4-8a21-cafe0e1ec9c5}\mpengine.dll
2010-11-11 19:04:35 -------- d-----w- c:\docume~1\johnb~1.mor\applic~1\com.adobe.ExMan

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-05-23 14:37:19 52355 ----a-w- c:\program files\common files\OnlineFilesManager.dll
2010-04-23 15:27:35 190464 ----a-w- c:\program files\common files\OnlineFilesManager.dll.old
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe

============= FINISH: 20:56:40.93 ===============
 
DDS log #2

The instructions say not to include the second DDS log unless it is specifically requested. Please let me know if you need it.
 
Actually our instructions ask for both to be posted, but not to worry :).
Couple of minor thins stand out there, but I will need you to download OTL.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL log

I followed your instructions exactly but for some reason it only generated an OTL log. No file called Extras came up or was saved. The OTL log is below:

OTL logfile created on: 11/14/2010 10:17:53 PM - Run 8
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John B. Morgan IV\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.99 Gb Total Space | 1.96 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
Drive D: | 61.20 Gb Total Space | 2.02 Gb Free Space | 3.31% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 1.68 Gb Free Space | 21.45% Space Free | Partition Type: NTFS

Computer Name: ATHENA | User Name: John B. Morgan IV | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 00:54:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/10/07 14:03:36 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/26 18:44:34 | 000,902,144 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/09/17 02:06:04 | 000,484,880 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\EmoDio\SMSTray.exe
PRC - [2008/09/03 21:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/09/03 13:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
PRC - [2008/09/02 22:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008/09/02 22:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008/08/22 19:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDDECT.EXE
PRC - [2008/05/21 03:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2007/12/20 01:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/08/04 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\brrgckcn.dll -- (LanmanSrv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/05 06:48:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2007/10/25 17:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/08/24 17:53:24 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser2.sys -- (NWVMPort2)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser.sys -- (NWVMPort)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmmdm.sys -- (NWVMModem)
DRV - [2008/08/25 03:59:40 | 000,026,112 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2008/08/12 18:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/29 01:03:20 | 000,016,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rkpavproc1.sys -- (RkPavproc1)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 17:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008/03/11 21:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/20 01:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/03 06:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/28 09:22:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/08/03 22:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/08/03 21:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arktos.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_English Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.arktos.com/"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/08/01 11:59:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 00:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 00:37:55 | 000,000,000 | ---D | M]

[2009/03/07 12:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Extensions
[2010/11/12 21:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions
[2010/08/09 22:27:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/11 22:12:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/06 02:54:18 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2010/07/20 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/19 02:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com
[2009/05/20 08:11:27 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\ask.xml
[2009/03/25 01:22:56 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\conduit.xml
[2010/06/19 02:41:56 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\daemon-search.xml
[2010/11/12 21:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/19 08:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2010/08/20 14:06:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MobiLink3] C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe (Novatel Wireless Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\John B. Morgan IV\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bobibanking.com ([www] https in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.194.38.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/02 12:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 22:16:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
[2010/11/12 15:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\winlogon.exe
[2010/11/11 14:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
[2010/10/20 13:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\ABBYY.FineReader.10.Corporate.Edition.Multilanguage-I_KnoW
[2010/04/09 03:51:33 | 000,190,464 | ---- | C] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll.old
[2008/09/11 08:03:04 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe

========== Files - Modified Within 30 Days ==========

[2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
[2010/11/14 21:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/14 19:36:12 | 013,836,576 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
[2010/11/14 07:14:38 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 07:14:13 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\QPLOCLGP.job
[2010/11/14 07:14:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 02:30:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/14 02:30:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/13 03:05:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/13 03:05:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/13 01:31:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/13 01:31:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/13 01:21:13 | 000,073,756 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
[2010/11/13 01:00:40 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
[2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 17:23:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/11/12 17:23:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/11/12 16:55:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/11/12 16:55:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/11/12 15:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/11/12 15:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/11/12 14:49:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/12 14:49:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/12 04:13:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/12 04:13:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/12 04:13:14 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\msvcrt208.dll
[2010/11/11 04:42:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/11 04:42:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/09 18:11:54 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
[2010/11/09 02:36:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/09 02:36:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/09 02:36:00 | 000,010,150 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
[2010/11/08 13:19:19 | 000,446,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 13:19:19 | 000,073,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 03:51:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/11/08 03:51:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/11/07 04:14:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/11/07 04:14:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/11/06 04:07:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/11/06 04:07:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/11/05 22:15:37 | 000,691,758 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\At SK Camp Hyd 10.jpg
[2010/11/05 01:36:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/11/05 01:36:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/11/04 12:57:46 | 004,405,936 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
[2010/11/04 03:01:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/11/04 03:01:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/11/03 03:54:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/11/03 03:54:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/11/02 03:21:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/11/02 03:21:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/10/31 01:47:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/10/31 01:47:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/10/30 02:19:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/10/30 02:19:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/10/30 01:50:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/10/30 01:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/10/28 23:15:08 | 848,217,088 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\jbmorgan.pst
[2010/10/27 23:38:11 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/27 23:09:16 | 000,013,609 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx
[2010/10/20 14:30:26 | 000,061,907 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\The Thule Society.docx
[2010/10/19 22:16:52 | 000,422,185 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\BLUEPRINT FOR SOCIO-SPIRITUAL REVOLUTION by Vraja Kishor dasa.webarchive
[2010/10/19 22:15:48 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/17 23:15:27 | 000,000,275 | ---- | M] () -- C:\Shortcut to Local Disk (D).lnk
[2010/10/17 20:49:40 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/17 16:11:39 | 000,118,042 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\ganesh_havan_3.jpg

========== Files Created - No Company Name ==========

[2010/11/14 19:34:13 | 013,836,576 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
[2010/11/13 01:09:10 | 000,073,756 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
[2010/11/13 00:53:07 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
[2010/11/12 15:36:17 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 04:13:15 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\QPLOCLGP.job
[2010/11/12 04:13:14 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\msvcrt208.dll
[2010/11/09 16:06:01 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
[2010/11/09 02:36:00 | 000,010,150 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
[2010/11/05 22:15:36 | 000,691,758 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\At SK Camp Hyd 10.jpg
[2010/11/04 12:55:46 | 004,405,936 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
[2010/10/27 23:38:11 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/27 18:06:28 | 000,013,609 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx
[2010/10/20 14:29:47 | 000,061,907 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\The Thule Society.docx
[2010/10/20 00:36:50 | 000,015,847 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\GHP appearance.docx
[2010/10/19 22:16:52 | 000,422,185 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\BLUEPRINT FOR SOCIO-SPIRITUAL REVOLUTION by Vraja Kishor dasa.webarchive
[2010/10/17 23:15:27 | 000,000,275 | ---- | C] () -- C:\Shortcut to Local Disk (D).lnk
[2010/10/17 16:11:38 | 000,118,042 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\ganesh_havan_3.jpg
[2010/09/29 13:23:08 | 000,015,228 | ---- | C] () -- C:\WINDOWS\alchemy.ini
[2010/08/17 11:45:04 | 000,445,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/02 16:00:20 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/19 14:28:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 03:51:33 | 000,052,355 | ---- | C] () -- C:\Program Files\Common Files\OnlineFilesManager.dll
[2010/02/24 04:56:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL50.dll
[2009/11/24 15:45:16 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/04/24 06:53:26 | 000,016,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rkpavproc1.sys
[2009/03/17 01:01:54 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 12:12:39 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\wklnhst.dat
[2009/03/06 11:02:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/02/13 08:45:41 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\fusioncache.dat
[2008/09/17 02:06:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 02:06:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 02:06:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 02:06:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/09/11 22:22:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/11 08:07:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/11 08:07:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/11 08:07:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/11 08:07:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/11 05:59:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/08/09 09:32:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/08/09 02:41:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 21:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008/03/17 17:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

========== LOP Check ==========

[2010/08/04 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/01 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/09/10 23:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/19 02:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/04 10:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/24 04:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagneticOne Store Manager for Magento
[2010/09/01 00:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/03/30 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/04 13:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/29 21:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 09:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/11 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
[2010/06/19 03:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DAEMON Tools Lite
[2010/07/01 09:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DataCast
[2010/11/14 22:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DNA
[2010/11/14 07:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox
[2008/09/11 22:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\InterVideo
[2010/09/15 16:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Kernel for Outlook
[2010/03/30 10:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Leadertech
[2009/03/06 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Template
[2010/06/19 05:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Uniblue
[2010/10/30 01:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\uTorrent
[2009/02/16 02:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Windows Live Writer
[2010/06/21 07:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEEVDO
[2010/06/21 07:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEMTUI
[2010/11/14 21:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/14 07:14:13 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\QPLOCLGP.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/04 02:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 02:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 02:00:00 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
[2010/11/12 04:13:14 | 000,105,984 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt208.dll

< %systemroot%\System32\config\*.sav >
[2010/08/02 07:31:53 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/08/02 11:05:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/08/02 07:31:53 | 037,224,448 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/08/02 07:31:53 | 010,485,760 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 351779 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..network.proxy.http_port: 50370
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

How are things now?
 
Had a chance yet?

I don't mean to be impatient but it's been a week and I was wondering if you'd had a chance to look at this yet. I'm still having a few weird problems, such as when I try to pull up a site through Google and I get redirected to other sites.
 
OTL scans 1

Dear Crunchie, I apologize for the delay. I hadn't realized that this thread had gone onto a second page and didn't see your reply until after you called my attention to it.

The first time I ran OTL Custom Fix, when it was done I tried to reboot but as soon as I touched the keyboard I got the "blue screen of death" instead, and didn't get a chance to save the log. I restarted my machine and it seemed to be OK after that. I ran the Custom Fix again and the log is below. I'm not sure but it may have happened because I forgot to close my browser until after I started the Fix. Here's the log that was generated during the second fix:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 50370 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John B. Morgan IV
->Temp folder emptied: 634883 bytes
->Temporary Internet Files folder emptied: 46548 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5086803 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 793 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11222010_124013

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Second OTL scan

Below is the scan I ran following the reboot after the OTL Fix was finished. By the way everything seems to be OK now - Google is working properly again.

OTL logfile created on: 11/22/2010 2:36:33 PM - Run 10
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John B. Morgan IV\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.99 Gb Total Space | 1.62 Gb Free Space | 2.03% Space Free | Partition Type: NTFS
Drive D: | 61.20 Gb Total Space | 2.02 Gb Free Space | 3.31% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 1.68 Gb Free Space | 21.45% Space Free | Partition Type: NTFS

Computer Name: ATHENA | User Name: John B. Morgan IV | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 00:54:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/10/07 14:03:36 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/26 18:44:34 | 000,902,144 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/09/17 02:06:04 | 000,484,880 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\EmoDio\SMSTray.exe
PRC - [2008/09/03 21:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/09/03 13:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
PRC - [2008/09/02 22:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008/09/02 22:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008/08/22 19:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDDECT.EXE
PRC - [2008/05/21 03:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2007/12/20 01:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/08/04 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\brrgckcn.dll -- (LanmanSrv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/05 06:48:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2007/10/25 17:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/08/24 17:53:24 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser2.sys -- (NWVMPort2)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser.sys -- (NWVMPort)
DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmmdm.sys -- (NWVMModem)
DRV - [2008/08/25 03:59:40 | 000,026,112 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2008/08/12 18:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/29 01:03:20 | 000,016,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rkpavproc1.sys -- (RkPavproc1)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 17:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008/03/11 21:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/20 01:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/03 06:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/28 09:22:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/08/03 22:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/08/03 21:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arktos.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_English Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.arktos.com/"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/08/01 11:59:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 00:37:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 00:37:55 | 000,000,000 | ---D | M]

[2009/03/07 12:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Extensions
[2010/11/17 17:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions
[2010/08/09 22:27:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/11 22:12:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/06 02:54:18 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2010/07/20 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/19 02:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com
[2009/05/20 08:11:27 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\ask.xml
[2009/03/25 01:22:56 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\conduit.xml
[2010/06/19 02:41:56 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\daemon-search.xml
[2010/11/17 17:08:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/19 08:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2010/11/22 12:40:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MobiLink3] C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe (Novatel Wireless Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\John B. Morgan IV\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bobibanking.com ([www] https in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/02 12:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 20:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\Blood Axis-Born Again
[2010/11/17 19:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sumkali
[2010/11/17 19:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\YP-Q1J (D)
[2010/11/14 22:16:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
[2010/11/12 15:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\winlogon.exe
[2010/11/11 14:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
[2010/04/09 03:51:33 | 000,190,464 | ---- | C] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll.old
[2008/09/11 08:03:04 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe

========== Files - Modified Within 30 Days ==========

[2010/11/22 12:41:50 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\QPLOCLGP.job
[2010/11/22 12:41:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/22 12:40:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/11/22 12:40:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/11/22 12:40:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/22 12:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/22 12:17:28 | 042,583,353 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Inspire No2.pdf
[2010/11/22 01:20:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/11/22 01:20:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/11/21 18:30:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/11/21 18:30:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/11/21 18:20:37 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/19 21:05:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/11/19 21:05:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/11/19 19:53:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/11/19 19:53:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/11/19 18:46:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/11/19 18:46:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/11/19 18:01:04 | 013,690,606 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Cushman.mp3
[2010/11/18 14:56:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/11/18 14:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/11/18 02:28:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/11/18 02:28:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/11/17 20:48:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/11/17 20:48:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/11/17 20:07:08 | 000,172,544 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Contemporary Esotericism - Traditionalism and ENR.doc
[2010/11/17 18:43:17 | 000,054,717 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Receipt 000149 - From MoneyWorks 1dc20a.pdf
[2010/11/16 20:33:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/11/16 20:33:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/11/16 16:46:21 | 000,382,464 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\droits.doc
[2010/11/16 04:12:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/11/16 04:12:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/11/15 05:20:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/11/15 05:20:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/11/15 03:40:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/11/15 03:40:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
[2010/11/14 19:36:12 | 013,836,576 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
[2010/11/14 02:30:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/14 02:30:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/13 03:05:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/13 03:05:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/13 01:31:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/13 01:31:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/13 01:21:13 | 000,073,756 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
[2010/11/13 01:00:40 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
[2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 17:23:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/11/12 17:23:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/11/12 16:55:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/11/12 16:55:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/11/12 15:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/11/12 15:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/11/12 14:49:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/11/12 14:49:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/12 04:13:14 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\msvcrt208.dll
[2010/11/09 18:11:54 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
[2010/11/09 02:36:00 | 000,010,150 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
[2010/11/08 13:19:19 | 000,446,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 13:19:19 | 000,073,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/04 12:57:46 | 004,405,936 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
[2010/10/28 23:15:08 | 848,217,088 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\jbmorgan.pst
[2010/10/27 23:38:11 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/27 23:09:16 | 000,013,609 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx

========== Files Created - No Company Name ==========

[2010/11/22 12:11:00 | 042,583,353 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Inspire No2.pdf
[2010/11/18 14:50:40 | 013,690,606 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Cushman.mp3
[2010/11/17 20:07:08 | 000,172,544 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Contemporary Esotericism - Traditionalism and ENR.doc
[2010/11/17 18:43:16 | 000,054,717 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Receipt 000149 - From MoneyWorks 1dc20a.pdf
[2010/11/16 16:46:20 | 000,382,464 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\droits.doc
[2010/11/14 19:34:13 | 013,836,576 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
[2010/11/13 01:09:10 | 000,073,756 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
[2010/11/13 00:53:07 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
[2010/11/12 15:36:17 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 04:13:15 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\QPLOCLGP.job
[2010/11/12 04:13:14 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\msvcrt208.dll
[2010/11/09 16:06:01 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
[2010/11/09 02:36:00 | 000,010,150 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
[2010/11/04 12:55:46 | 004,405,936 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
[2010/10/27 23:38:11 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/27 18:06:28 | 000,013,609 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx
[2010/09/29 13:23:08 | 000,015,228 | ---- | C] () -- C:\WINDOWS\alchemy.ini
[2010/08/17 11:45:04 | 000,445,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/02 16:00:20 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/19 14:28:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 03:51:33 | 000,052,355 | ---- | C] () -- C:\Program Files\Common Files\OnlineFilesManager.dll
[2010/02/24 04:56:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL50.dll
[2009/11/24 15:45:16 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/04/24 06:53:26 | 000,016,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rkpavproc1.sys
[2009/03/17 01:01:54 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 12:12:39 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\wklnhst.dat
[2009/03/06 11:02:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/02/13 08:45:41 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\fusioncache.dat
[2008/09/17 02:06:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 02:06:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 02:06:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 02:06:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/09/11 22:22:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/11 08:07:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/11 08:07:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/11 08:07:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/11 08:07:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/11 05:59:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/08/09 09:32:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/08/09 02:41:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 21:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008/03/17 17:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

========== LOP Check ==========

[2010/08/04 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/01 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/09/10 23:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/19 02:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/04 10:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/24 04:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagneticOne Store Manager for Magento
[2010/09/01 00:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/03/30 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/04 13:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/29 21:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 09:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/11 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
[2010/06/19 03:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DAEMON Tools Lite
[2010/07/01 09:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DataCast
[2010/11/22 14:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DNA
[2010/11/22 12:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox
[2008/09/11 22:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\InterVideo
[2010/09/15 16:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Kernel for Outlook
[2010/03/30 10:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Leadertech
[2009/03/06 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Template
[2010/06/19 05:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Uniblue
[2010/10/30 01:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\uTorrent
[2009/02/16 02:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Windows Live Writer
[2010/06/21 07:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEEVDO
[2010/06/21 07:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEMTUI
[2010/11/22 12:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/22 12:41:50 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\QPLOCLGP.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 351779 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
Status
Not open for further replies.
Back