TechSpot

Slow Computer after opening bad email

Inactive
By theriffs1
Nov 20, 2010
Topic Status:
Not open for further replies.
  1. I opened an email from a friend and got a weird feeling right away. Sure enough, my computer starting running very slow. I have followed your 8 steps. Please provide some advice. Thank you.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5131

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/19/2010 10:58:46 PM
    mbam-log-2010-11-19 (22-58-46).txt

    Scan type: Quick scan
    Objects scanned: 154333
    Time elapsed: 40 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    E:\Documents and Settings\Violet\My Documents\downloads\Guffins.exe (PUP.FunWebProducts) -> No action taken.
    E:\RECYCLER\S-1-5-21-1844237615-329068152-682003330-1007\De38.exe (Adware.MyWebSearch) -> No action taken.
    -------
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-19 23:15:11
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3320620A rev.3.AAE
    Running: ytv0w8ij.exe; Driver: E:\DOCUME~1\BRETTN~1\LOCALS~1\Temp\fxeyyfob.sys


    ---- System - GMER 1.0.15 ----

    Code 86633180 ZwCreateSection
    Code 866389A0 ZwDuplicateObject
    Code 8655FA08 ZwSetInformationFile
    Code 8632F590 ZwSetSystemInformation
    Code 862C2620 ZwWriteFile
    Code 8663317F NtCreateSection
    Code 8663899F NtDuplicateObject
    Code 8655FA07 NtSetInformationFile
    Code 862C261F NtWriteFile

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    Device 86629B00

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

    ---- EOF - GMER 1.0.15 ----
    ------------------------------------------
    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Brett Norton at 23:16:07.43 on Fri 11/19/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.153 [GMT -8:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    E:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    E:\Program Files\Windows Defender\MsMpEng.exe
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Avira\AntiVir Desktop\sched.exe
    E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    E:\Program Files\Bonjour\mDNSResponder.exe
    E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    E:\Program Files\iolo\common\lib\ioloServiceManager.exe
    E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\HPZipm12.exe
    E:\WINDOWS\System32\svchost.exe -k imgsvc
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\DELLMMKB.EXE
    E:\WINDOWS\BCMSMMSG.exe
    E:\Program Files\Netropa\OSD.exe
    E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    E:\WINDOWS\system32\msiexec.exe
    E:\WINDOWS\system32\NOTEPAD.EXE
    E:\Program Files\Mozilla Firefox\plugin-container.exe
    E:\Documents and Settings\Brett Norton\My Documents\Downloads\ytv0w8ij.exe
    E:\Documents and Settings\Brett Norton\My Documents\Downloads\dds(2).scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
    uRun: [YSearchProtection] e:\program files\yahoo!\search protection\YspService.exe
    uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [DellTouch] e:\windows\DELLMMKB.EXE
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [SMSystemAnalyzer] "e:\program files\iolo\system mechanic 7\SMSystemAnalyzer.exe"
    mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - e:\program files\digital line detect\DLG.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192073469310
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll
    LSA: Authentication Packages = msv1_0 relog_ap

    ================= FIREFOX ===================

    FF - ProfilePath - e:\docume~1\brettn~1\applic~1\mozilla\firefox\profiles\w7hbpfyg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
    FF - plugin: e:\documents and settings\brett norton\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: e:\documents and settings\brett norton\application data\mozilla\firefox\profiles\w7hbpfyg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-11-16 64288]
    R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-11-19 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-11-19 135336]
    R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-11-19 267944]
    R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2010-11-19 60936]
    R2 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
    R2 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992]
    R2 ousbehci;NEC PCI to USB Enhanced Host Controller;e:\windows\system32\drivers\ousbehci.sys [2007-10-11 39040]
    R2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264]
    R3 Msikbd2k;DellTouch;e:\windows\system32\drivers\Msikbd2k.sys [2007-10-8 6942]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;e:\windows\system32\drivers\ousb2hub.sys [2007-10-11 54016]
    S0 is3srv;is3srv;e:\windows\system32\drivers\is3srv.sys --> e:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;e:\windows\system32\drivers\szkg.sys --> e:\windows\system32\drivers\szkg.sys [?]
    S0 szkgfs;szkgfs;e:\windows\system32\drivers\szkgfs.sys --> e:\windows\system32\drivers\szkgfs.sys [?]
    S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-6-1 135664]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\e:\windows\system32\drivers\nsdriver.sys --> e:\windows\system32\drivers\NSDriver.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2010-11-16 38224]
    S3 Radialpoint Security Services;Radialpoint Security Services;e:\windows\system32\dllhost.exe [2002-6-25 5120]
    S4 Nhksrv;Netropa NHK Server;e:\windows\Nhksrv.exe [2007-10-8 28672]

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-11-20 06:03:47 60936 ----a-w- e:\windows\system32\drivers\avgntflt.sys
    2010-11-20 06:03:47 -------- d-----w- e:\program files\Avira
    2010-11-20 06:03:47 -------- d-----w- e:\docume~1\alluse~1\applic~1\Avira
    2010-11-20 05:53:33 388096 ----a-r- e:\docume~1\brettn~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-11-20 05:50:58 -------- d-----w- e:\program files\Spybot - Search & Destroy
    2010-11-20 05:50:58 -------- d-----w- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-11-19 10:25:39 6273872 ----a-w- e:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b31c5cf0-5979-45b3-ad03-b8650d8abee9}\mpengine.dll
    2010-11-17 12:37:57 15880 ----a-w- e:\windows\system32\lsdelete.exe
    2010-11-17 04:53:12 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
    2010-11-17 04:53:04 98392 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
    2010-11-17 04:50:26 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Sunbelt Software
    2010-11-17 04:49:36 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-17 04:18:05 -------- d-----w- e:\docume~1\brettn~1\applic~1\Malwarebytes
    2010-11-17 04:17:57 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-17 04:17:56 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
    2010-11-17 04:17:56 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-17 04:17:55 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
    2010-11-17 04:09:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\MFAData
    2010-11-17 03:48:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
    2010-11-16 04:52:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-11-06 19:37:34 103864 ----a-w- e:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 19:37:34 103864 ----a-w- e:\program files\internet explorer\plugins\nppdf32.dll
    2010-11-06 04:36:47 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Yahoo
    2010-11-06 04:32:58 -------- d-----w- e:\docume~1\brettn~1\applic~1\PriceGong
    2010-11-06 04:31:42 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\FLVService
    2010-11-06 04:31:35 -------- d-----w- e:\windows\Freecorder

    ==================== Find3M ====================

    2010-10-19 18:41:44 222080 ------w- e:\windows\system32\MpSigStub.exe
    2010-09-08 18:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts

    ============= FINISH: 23:17:10.95 ===============
     

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    No attached files please. Just paste them all into your post.

    Did you remove the items that MBA-M found? Log says you didn't.

    ==

    All tools should be run from the desktop please (other than MBA-M).

    ==

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  3. theriffs1

    theriffs1 TS Rookie Topic Starter

    OTL report

    OTL logfile created on: 11/20/2010 2:28:23 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Brett Norton\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 28.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
    Drive E: | 127.99 Gb Total Space | 87.89 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
    Drive H: | 74.53 Gb Total Space | 4.76 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

    Computer Name: SPA-3BRGWZJ6EVG | User Name: Brett Norton | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/20 14:27:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Brett Norton\My Documents\Downloads\OTL.exe
    PRC - [2010/11/16 20:52:52 | 000,928,496 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/11/16 20:52:51 | 001,375,992 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/11/05 20:35:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/05/06 16:36:10 | 000,764,776 | ---- | M] () -- E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
    PRC - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
    PRC - [2007/04/20 07:03:02 | 000,411,168 | ---- | M] (Acronis) -- E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    PRC - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) -- E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    PRC - [2007/03/20 08:18:34 | 000,910,896 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2007/03/20 08:18:10 | 000,149,040 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
    PRC - [2001/09/23 06:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- E:\WINDOWS\DellMMKb.exe
    PRC - [2001/09/22 13:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- E:\Program Files\Netropa\OSD.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/20 14:27:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Brett Norton\My Documents\Downloads\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - File not found [Auto | Stopped] -- E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- E:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/16 20:52:51 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/09/03 10:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () [Auto | Running] -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () [Auto | Running] -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2008/03/17 18:59:36 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- E:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
    SRV - [2007/04/20 07:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) [Auto | Running] -- E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2002/05/03 10:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- E:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)
    SRV - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- E:\WINDOWS\Nhksrv.exe -- (Nhksrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\drivers\szkgfs.sys -- (szkgfs)
    DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\DRIVERS\MRVW245.sys -- (MRVW245)
    DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\drivers\is3srv.sys -- (is3srv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2010/11/16 20:53:00 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/10/11 19:43:40 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2007/10/11 19:43:40 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2007/10/11 19:43:33 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2007/10/08 21:25:40 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2007/04/04 17:15:02 | 000,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2002/12/24 12:52:40 | 000,054,016 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
    DRV - [2002/12/24 12:52:40 | 000,039,040 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
    DRV - [2002/08/30 08:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2002/05/03 10:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
    DRV - [2001/08/22 23:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2000/10/03 14:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)
    DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1060933&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/11/07 10:14:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/11/19 23:11:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010/09/26 06:59:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010/11/19 23:11:49 | 000,000,000 | ---D | M]

    [2010/08/27 16:42:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Extensions
    [2010/08/27 16:42:25 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/11/19 23:48:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions
    [2010/11/05 20:35:19 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2008/01/27 09:47:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/11/05 20:36:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/09/21 16:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/11/05 20:35:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\engine@conduit.com
    [2010/10/20 13:40:12 | 000,000,923 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\searchplugins\conduit.xml
    [2010/11/19 23:48:18 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
    [2008/01/27 00:24:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/05/27 05:21:20 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/27 05:20:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/11/20 00:47:00 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] E:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DellTouch] E:\WINDOWS\DellMMKb.exe (Netropa Corp.)
    O4 - HKLM..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SMSystemAnalyzer] E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe ()
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
    O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = E:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192073469310 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (autocheck smrgdf E:\Documents and Settings\Brett Norton\Application Data\iolo\) - File not found
    O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - E:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/20 08:28:56 | 000,000,000 | -HSD | C] -- E:\RECYCLER
    [2010/11/20 00:35:40 | 000,000,000 | RHSD | C] -- E:\cmdcons
    [2010/11/20 00:32:48 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
    [2010/11/20 00:32:48 | 000,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
    [2010/11/20 00:32:48 | 000,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
    [2010/11/20 00:32:48 | 000,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
    [2010/11/20 00:32:40 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
    [2010/11/20 00:32:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Application Data\Avira
    [2010/11/20 00:31:03 | 000,000,000 | ---D | C] -- E:\Qoobox
    [2010/11/20 00:27:47 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
    [2010/11/19 23:32:28 | 000,038,848 | ---- | C] (AVAST Software) -- E:\WINDOWS\avastSS.scr
    [2010/11/19 23:28:55 | 000,165,584 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswSP.sys
    [2010/11/19 23:28:55 | 000,017,744 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/11/19 23:28:54 | 000,023,376 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/11/19 23:28:53 | 000,046,672 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/11/19 23:28:52 | 000,100,176 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/11/19 23:28:52 | 000,094,544 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswmon.sys
    [2010/11/19 23:28:52 | 000,028,880 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/11/19 23:28:21 | 000,167,592 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\aswBoot.exe
    [2010/11/19 22:03:49 | 000,028,520 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/11/19 22:03:47 | 000,126,856 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys
    [2010/11/19 22:03:47 | 000,060,936 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/11/19 22:03:47 | 000,045,416 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/11/19 22:03:47 | 000,022,360 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/11/19 22:03:47 | 000,000,000 | ---D | C] -- E:\Program Files\Avira
    [2010/11/19 22:03:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Avira
    [2010/11/19 21:50:58 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
    [2010/11/19 21:50:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/11/16 20:53:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys
    [2010/11/16 20:53:04 | 000,098,392 | ---- | C] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/16 20:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Sunbelt Software
    [2010/11/16 20:49:36 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/11/16 20:18:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Application Data\Malwarebytes
    [2010/11/16 20:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/16 20:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/16 20:17:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/16 20:17:55 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/16 20:09:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/16 19:48:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/11/15 20:52:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/11/05 20:36:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Yahoo
    [2010/11/05 20:35:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Yahoo!
    [2010/11/05 20:31:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\My Documents\Freecorder 4
    [2010/11/05 20:31:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\FLVService
    [2010/11/05 20:31:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\Freecorder
    [2007/10/08 20:12:32 | 000,065,536 | ---- | C] ( ) -- E:\WINDOWS\System32\A3d.dll
    [4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/20 14:24:53 | 000,000,269 | ---- | M] () -- E:\WINDOWS\MSIOSD.INI
    [2010/11/20 14:08:00 | 000,000,898 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/20 07:51:20 | 000,000,894 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/20 07:06:26 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/11/20 07:04:21 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/20 07:03:08 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
    [2010/11/20 00:47:00 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/20 00:35:49 | 000,000,327 | RHS- | M] () -- E:\boot.ini
    [2010/11/19 23:52:56 | 000,002,626 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
    [2010/11/19 23:28:55 | 000,001,700 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/19 23:23:30 | 000,005,084 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Attach.zip
    [2010/11/19 23:11:53 | 000,001,729 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/19 22:04:01 | 000,001,707 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/19 21:56:47 | 000,002,461 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\HiJackThis.lnk
    [2010/11/19 21:51:05 | 000,000,951 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/11/19 21:51:05 | 000,000,933 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/19 21:40:38 | 000,002,329 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
    [2010/11/16 20:53:03 | 000,098,392 | ---- | M] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/16 20:49:35 | 000,000,885 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/16 20:49:35 | 000,000,867 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/11/16 20:18:00 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/16 20:04:27 | 000,000,672 | ---- | M] () -- E:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/11/14 16:13:59 | 000,000,312 | ---- | M] () -- E:\WINDOWS\MMKEYBD.INI
    [2010/11/13 18:53:02 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- E:\WINDOWS\MBR.exe
    [2010/11/07 20:47:46 | 000,014,139 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Spa Garbage.xlsx
    [2010/11/07 10:51:59 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
    [2010/11/07 10:22:07 | 000,401,064 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
    [2010/11/07 10:22:07 | 000,062,344 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
    [2010/10/31 08:20:39 | 000,041,832 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\2010 Award Letter.pdf
    [2010/10/30 12:15:17 | 000,031,744 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Oct. 30 2010 Bailey UW Finances.xls
    [2010/10/28 19:20:31 | 000,078,848 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Cash Flow Personal - 2010.xls
    [2010/10/26 19:12:55 | 000,176,727 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\GoalSettingwithSMARTGoals.pdf
    [2010/10/26 19:10:20 | 000,954,927 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Doc_Rivers_Transcript.pdf
    [2010/10/26 19:09:42 | 001,307,527 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Doug_Wilson_Transcript.pdf
    [2010/10/26 19:08:36 | 001,220,864 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Julie_Foudy_Transcript.pdf
    [2010/10/26 19:08:05 | 001,101,533 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Joy_Fawcett_Transcript.pdf
    [2010/10/26 19:05:59 | 001,160,951 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Alexi_Lalas_Transcript.pdf
    [2010/10/26 19:02:01 | 000,098,132 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\US Soccer Goal Setting.pdf
    [4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/20 00:35:49 | 000,000,210 | ---- | C] () -- E:\Boot.bak
    [2010/11/20 00:35:45 | 000,260,272 | RHS- | C] () -- E:\cmldr
    [2010/11/20 00:32:48 | 000,256,512 | ---- | C] () -- E:\WINDOWS\PEV.exe
    [2010/11/20 00:32:48 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
    [2010/11/20 00:32:48 | 000,089,088 | ---- | C] () -- E:\WINDOWS\MBR.exe
    [2010/11/20 00:32:48 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
    [2010/11/20 00:32:48 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
    [2010/11/19 23:28:55 | 000,001,700 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/19 23:23:30 | 000,005,084 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Attach.zip
    [2010/11/19 23:11:52 | 000,001,729 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/19 22:04:01 | 000,001,707 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/19 21:53:32 | 000,002,461 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\HiJackThis.lnk
    [2010/11/19 21:51:05 | 000,000,951 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/11/19 21:51:05 | 000,000,933 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/17 04:37:57 | 000,015,880 | ---- | C] () -- E:\WINDOWS\System32\lsdelete.exe
    [2010/11/16 20:53:35 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/16 20:49:35 | 000,000,885 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/16 20:49:35 | 000,000,867 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/11/16 20:18:00 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/16 20:03:48 | 000,000,672 | ---- | C] () -- E:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/11/07 08:51:01 | 000,014,139 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Spa Garbage.xlsx
    [2010/10/31 08:20:39 | 000,041,832 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\2010 Award Letter.pdf
    [2010/10/30 12:15:17 | 000,031,744 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Oct. 30 2010 Bailey UW Finances.xls
    [2010/10/26 19:12:55 | 000,176,727 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\GoalSettingwithSMARTGoals.pdf
    [2010/10/26 19:10:19 | 000,954,927 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Doc_Rivers_Transcript.pdf
    [2010/10/26 19:09:42 | 001,307,527 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Doug_Wilson_Transcript.pdf
    [2010/10/26 19:08:36 | 001,220,864 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Julie_Foudy_Transcript.pdf
    [2010/10/26 19:08:05 | 001,101,533 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Joy_Fawcett_Transcript.pdf
    [2010/10/26 19:05:59 | 001,160,951 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Alexi_Lalas_Transcript.pdf
    [2010/10/26 19:02:01 | 000,098,132 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\US Soccer Goal Setting.pdf
    [2009/08/01 05:58:51 | 000,225,280 | ---- | C] () -- E:\WINDOWS\System32\nvwrsda.dll
    [2009/04/05 15:21:31 | 000,000,089 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\FASTWiz.log
    [2009/03/15 10:12:12 | 000,000,632 | ---- | C] () -- E:\WINDOWS\CoD.INI
    [2009/03/15 10:10:54 | 000,000,632 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
    [2008/07/17 08:40:28 | 000,069,632 | R--- | C] () -- E:\WINDOWS\System32\xmltok.dll
    [2008/07/17 08:40:27 | 000,036,864 | R--- | C] () -- E:\WINDOWS\System32\xmlparse.dll
    [2008/06/13 16:52:53 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\GTW32N50.dll
    [2008/04/10 15:48:14 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\rx_image.Cache
    [2007/10/13 08:44:50 | 000,004,413 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/10/13 07:41:48 | 000,000,135 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\fusioncache.dat
    [2007/10/12 03:54:42 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
    [2007/10/11 19:25:12 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
    [2007/10/10 19:08:52 | 000,428,904 | ---- | C] () -- E:\WINDOWS\System32\Incinerator.dll
    [2007/10/10 19:07:51 | 000,074,703 | ---- | C] () -- E:\WINDOWS\System32\mfc45.dll
    [2007/10/08 20:52:35 | 000,000,312 | ---- | C] () -- E:\WINDOWS\MMKEYBD.INI
    [2007/10/08 20:52:35 | 000,000,269 | ---- | C] () -- E:\WINDOWS\MSIOSD.INI
    [2007/10/08 20:52:33 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\msiosd32.dll
    [2007/10/08 20:52:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\WININIT.INI
    [2007/10/08 20:19:28 | 000,015,360 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/08 20:13:05 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
    [2007/10/08 20:13:05 | 000,000,000 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
    [2007/10/08 20:12:33 | 000,002,092 | ---- | C] () -- E:\WINDOWS\System32\P16X.ini
    [2007/10/08 20:12:32 | 000,039,936 | ---- | C] () -- E:\WINDOWS\System32\P16X.dll
    [2007/10/08 20:12:30 | 000,006,175 | ---- | C] () -- E:\WINDOWS\MIXDEF.INI
    [2007/10/08 20:12:30 | 000,005,917 | ---- | C] () -- E:\WINDOWS\SBMIXDEF.INI
    [2007/10/08 20:12:28 | 000,000,064 | ---- | C] () -- E:\WINDOWS\P16x.ini
    [2007/10/08 12:34:54 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
    [2005/02/24 06:32:00 | 000,540,672 | ---- | C] () -- E:\WINDOWS\System32\nvhwvid.dll
    [2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- E:\WINDOWS\System32\nvcod.dll
    [2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\NMSInst.dll
    [2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\PROInst.dll
    [2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- E:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2008/11/03 19:44:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Age of Empires 3
    [2010/11/16 19:48:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/05/20 08:55:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Applications
    [2007/10/28 18:10:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Avg7
    [2009/01/19 18:12:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\BVRP Software
    [2009/06/03 19:07:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2009/09/30 18:57:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Firefly Studios
    [2007/10/28 18:04:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Grisoft
    [2008/01/26 08:16:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\iolo
    [2007/12/02 21:53:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MailFrontier
    [2007/10/11 20:06:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Maxtor
    [2010/11/16 20:09:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MFAData
    [2009/07/29 20:02:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/11/16 20:06:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/06/20 18:52:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/16 20:49:41 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/06/25 19:39:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Facebook
    [2009/03/15 11:13:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\InterTrust
    [2009/05/25 09:31:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\iolo
    [2007/10/11 16:27:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Opera
    [2010/09/06 18:26:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Research In Motion
    [2007/10/13 11:51:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Smith Micro
    [2009/07/29 20:19:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\SystemRequirementsLab
    [2010/08/27 16:42:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Thunderbird
    [2007/10/21 22:09:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Uniblue
    [2009/11/25 18:24:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\WinPatrol
    [2010/11/20 07:04:21 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/11/20 07:06:26 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2002/06/25 13:36:22 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- E:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\ERDNT\cache\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\ERDNT\cache\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\ERDNT\cache\scecli.dll
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\system32\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2007/10/08 12:32:55 | 000,090,112 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
    [2007/10/08 12:32:55 | 000,606,208 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
    [2007/10/08 12:32:55 | 000,409,600 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav

    < End of report >
     
  4. theriffs1

    theriffs1 TS Rookie Topic Starter

    OTL Extras logfile created on: 11/20/2010 2:28:23 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Brett Norton\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 28.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
    Drive E: | 127.99 Gb Total Space | 87.89 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
    Drive H: | 74.53 Gb Total Space | 4.76 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

    Computer Name: SPA-3BRGWZJ6EVG | User Name: Brett Norton | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "E:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "E:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = E:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
    "E:\WINDOWS\system32\usmt\migwiz.exe" = E:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
    "E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{1196A3B6-9B62-4999-BF6C-1CCE1F581033}" = Nero 7 Essentials
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{15AD427B-9243-46C6-8A14-CA6BA264162B}" = MySoftware Fonts
    "{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}" = Opera 9.24
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor*MaxBlast
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "DivX Setup.divx.com" = DivX Setup
    "ESET Online Scanner" = ESET Online Scanner v3
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "LG USB Drivers" = LG USB Drivers
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
    "MUSICMATCH Jukebox" = MUSICMATCH Jukebox
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Non Driver CIO Components" = Non Driver CIO Components
    "NVIDIA Display Driver" = NVIDIA Display Driver
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROSet" = Intel(R) PRO Ethernet Adapter and Software
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
    "RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "System Mechanic 7_is1" = iolo technologies' System Mechanic 7
    "SystemRequirementsLab" = System Requirements Lab
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/20/2010 3:20:53 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 3:21:00 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    Error - 11/20/2010 3:34:47 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 3:34:57 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    Error - 11/20/2010 3:38:09 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 3:38:18 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    Error - 11/20/2010 4:24:55 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 4:25:02 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

    Error - 11/20/2010 4:25:05 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Error | ID = 1001
    Description = Fault bucket -2135977307.

    Error - 11/20/2010 4:25:05 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    [ OSession Events ]
    Error - 7/15/2009 7:42:07 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
    lasted 95 seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/20/2010 6:30:58 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:30:58 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:30:59 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:31:01 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:01 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:31:03 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:03 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5


    < End of report >
     
  5. crunchie

    crunchie Malware Helper Posts: 761

    Ok, just in case you missed the above. All tools should be run from the desktop please.
    OTL is running from the Downloads folder.

    ============

    You seem to be running more than one anti-virus program. You need to uninstall ALL but one of them or you are going to have problems.

    ============

    When did you last run Combofix? Post it's log please.

    ============

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
      :Commands
      [purity]
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.