TechSpot

Slow Computer after opening bad email

By theriffs1
Nov 20, 2010
  1. I opened an email from a friend and got a weird feeling right away. Sure enough, my computer starting running very slow. I have followed your 8 steps. Please provide some advice. Thank you.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5131

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/19/2010 10:58:46 PM
    mbam-log-2010-11-19 (22-58-46).txt

    Scan type: Quick scan
    Objects scanned: 154333
    Time elapsed: 40 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    E:\Documents and Settings\Violet\My Documents\downloads\Guffins.exe (PUP.FunWebProducts) -> No action taken.
    E:\RECYCLER\S-1-5-21-1844237615-329068152-682003330-1007\De38.exe (Adware.MyWebSearch) -> No action taken.
    -------
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-19 23:15:11
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3320620A rev.3.AAE
    Running: ytv0w8ij.exe; Driver: E:\DOCUME~1\BRETTN~1\LOCALS~1\Temp\fxeyyfob.sys


    ---- System - GMER 1.0.15 ----

    Code 86633180 ZwCreateSection
    Code 866389A0 ZwDuplicateObject
    Code 8655FA08 ZwSetInformationFile
    Code 8632F590 ZwSetSystemInformation
    Code 862C2620 ZwWriteFile
    Code 8663317F NtCreateSection
    Code 8663899F NtDuplicateObject
    Code 8655FA07 NtSetInformationFile
    Code 862C261F NtWriteFile

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    Device 86629B00

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

    ---- EOF - GMER 1.0.15 ----
    ------------------------------------------
    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Brett Norton at 23:16:07.43 on Fri 11/19/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.153 [GMT -8:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    E:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    E:\Program Files\Windows Defender\MsMpEng.exe
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Avira\AntiVir Desktop\sched.exe
    E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    E:\Program Files\Bonjour\mDNSResponder.exe
    E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    E:\Program Files\iolo\common\lib\ioloServiceManager.exe
    E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\HPZipm12.exe
    E:\WINDOWS\System32\svchost.exe -k imgsvc
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\DELLMMKB.EXE
    E:\WINDOWS\BCMSMMSG.exe
    E:\Program Files\Netropa\OSD.exe
    E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    E:\WINDOWS\system32\msiexec.exe
    E:\WINDOWS\system32\NOTEPAD.EXE
    E:\Program Files\Mozilla Firefox\plugin-container.exe
    E:\Documents and Settings\Brett Norton\My Documents\Downloads\ytv0w8ij.exe
    E:\Documents and Settings\Brett Norton\My Documents\Downloads\dds(2).scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
    uRun: [YSearchProtection] e:\program files\yahoo!\search protection\YspService.exe
    uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [DellTouch] e:\windows\DELLMMKB.EXE
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [SMSystemAnalyzer] "e:\program files\iolo\system mechanic 7\SMSystemAnalyzer.exe"
    mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - e:\program files\digital line detect\DLG.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192073469310
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll
    LSA: Authentication Packages = msv1_0 relog_ap

    ================= FIREFOX ===================

    FF - ProfilePath - e:\docume~1\brettn~1\applic~1\mozilla\firefox\profiles\w7hbpfyg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
    FF - plugin: e:\documents and settings\brett norton\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: e:\documents and settings\brett norton\application data\mozilla\firefox\profiles\w7hbpfyg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-11-16 64288]
    R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-11-19 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-11-19 135336]
    R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-11-19 267944]
    R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2010-11-19 60936]
    R2 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
    R2 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992]
    R2 ousbehci;NEC PCI to USB Enhanced Host Controller;e:\windows\system32\drivers\ousbehci.sys [2007-10-11 39040]
    R2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264]
    R3 Msikbd2k;DellTouch;e:\windows\system32\drivers\Msikbd2k.sys [2007-10-8 6942]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;e:\windows\system32\drivers\ousb2hub.sys [2007-10-11 54016]
    S0 is3srv;is3srv;e:\windows\system32\drivers\is3srv.sys --> e:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;e:\windows\system32\drivers\szkg.sys --> e:\windows\system32\drivers\szkg.sys [?]
    S0 szkgfs;szkgfs;e:\windows\system32\drivers\szkgfs.sys --> e:\windows\system32\drivers\szkgfs.sys [?]
    S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-6-1 135664]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\e:\windows\system32\drivers\nsdriver.sys --> e:\windows\system32\drivers\NSDriver.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2010-11-16 38224]
    S3 Radialpoint Security Services;Radialpoint Security Services;e:\windows\system32\dllhost.exe [2002-6-25 5120]
    S4 Nhksrv;Netropa NHK Server;e:\windows\Nhksrv.exe [2007-10-8 28672]

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-11-20 06:03:47 60936 ----a-w- e:\windows\system32\drivers\avgntflt.sys
    2010-11-20 06:03:47 -------- d-----w- e:\program files\Avira
    2010-11-20 06:03:47 -------- d-----w- e:\docume~1\alluse~1\applic~1\Avira
    2010-11-20 05:53:33 388096 ----a-r- e:\docume~1\brettn~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-11-20 05:50:58 -------- d-----w- e:\program files\Spybot - Search & Destroy
    2010-11-20 05:50:58 -------- d-----w- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-11-19 10:25:39 6273872 ----a-w- e:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b31c5cf0-5979-45b3-ad03-b8650d8abee9}\mpengine.dll
    2010-11-17 12:37:57 15880 ----a-w- e:\windows\system32\lsdelete.exe
    2010-11-17 04:53:12 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
    2010-11-17 04:53:04 98392 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
    2010-11-17 04:50:26 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Sunbelt Software
    2010-11-17 04:49:36 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-17 04:18:05 -------- d-----w- e:\docume~1\brettn~1\applic~1\Malwarebytes
    2010-11-17 04:17:57 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-17 04:17:56 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
    2010-11-17 04:17:56 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-17 04:17:55 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
    2010-11-17 04:09:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\MFAData
    2010-11-17 03:48:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
    2010-11-16 04:52:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-11-06 19:37:34 103864 ----a-w- e:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 19:37:34 103864 ----a-w- e:\program files\internet explorer\plugins\nppdf32.dll
    2010-11-06 04:36:47 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Yahoo
    2010-11-06 04:32:58 -------- d-----w- e:\docume~1\brettn~1\applic~1\PriceGong
    2010-11-06 04:31:42 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\FLVService
    2010-11-06 04:31:35 -------- d-----w- e:\windows\Freecorder

    ==================== Find3M ====================

    2010-10-19 18:41:44 222080 ------w- e:\windows\system32\MpSigStub.exe
    2010-09-08 18:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts

    ============= FINISH: 23:17:10.95 ===============
     

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    No attached files please. Just paste them all into your post.

    Did you remove the items that MBA-M found? Log says you didn't.

    ==

    All tools should be run from the desktop please (other than MBA-M).

    ==

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  3. theriffs1

    theriffs1 TS Rookie Topic Starter

    OTL report

    OTL logfile created on: 11/20/2010 2:28:23 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Brett Norton\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 28.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
    Drive E: | 127.99 Gb Total Space | 87.89 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
    Drive H: | 74.53 Gb Total Space | 4.76 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

    Computer Name: SPA-3BRGWZJ6EVG | User Name: Brett Norton | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/20 14:27:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Brett Norton\My Documents\Downloads\OTL.exe
    PRC - [2010/11/16 20:52:52 | 000,928,496 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/11/16 20:52:51 | 001,375,992 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/11/05 20:35:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/05/06 16:36:10 | 000,764,776 | ---- | M] () -- E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
    PRC - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
    PRC - [2007/04/20 07:03:02 | 000,411,168 | ---- | M] (Acronis) -- E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    PRC - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) -- E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    PRC - [2007/03/20 08:18:34 | 000,910,896 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2007/03/20 08:18:10 | 000,149,040 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
    PRC - [2001/09/23 06:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- E:\WINDOWS\DellMMKb.exe
    PRC - [2001/09/22 13:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- E:\Program Files\Netropa\OSD.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/20 14:27:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Brett Norton\My Documents\Downloads\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - File not found [Auto | Stopped] -- E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- E:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/16 20:52:51 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/09/03 10:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () [Auto | Running] -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () [Auto | Running] -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2008/03/17 18:59:36 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- E:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
    SRV - [2007/04/20 07:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) [Auto | Running] -- E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2002/05/03 10:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- E:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)
    SRV - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- E:\WINDOWS\Nhksrv.exe -- (Nhksrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\drivers\szkgfs.sys -- (szkgfs)
    DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\DRIVERS\MRVW245.sys -- (MRVW245)
    DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\drivers\is3srv.sys -- (is3srv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2010/11/16 20:53:00 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/10/11 19:43:40 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2007/10/11 19:43:40 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2007/10/11 19:43:33 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2007/10/08 21:25:40 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2007/04/04 17:15:02 | 000,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
    DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2002/12/24 12:52:40 | 000,054,016 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
    DRV - [2002/12/24 12:52:40 | 000,039,040 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
    DRV - [2002/08/30 08:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2002/05/03 10:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
    DRV - [2001/08/22 23:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2000/10/03 14:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)
    DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1060933&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 44
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/11/07 10:14:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/11/19 23:11:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010/09/26 06:59:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010/11/19 23:11:49 | 000,000,000 | ---D | M]

    [2010/08/27 16:42:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Extensions
    [2010/08/27 16:42:25 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/11/19 23:48:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions
    [2010/11/05 20:35:19 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2008/01/27 09:47:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/11/05 20:36:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/09/21 16:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/11/05 20:35:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\engine@conduit.com
    [2010/10/20 13:40:12 | 000,000,923 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\searchplugins\conduit.xml
    [2010/11/19 23:48:18 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
    [2008/01/27 00:24:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/05/27 05:21:20 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/27 05:20:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/11/20 00:47:00 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] E:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DellTouch] E:\WINDOWS\DellMMKb.exe (Netropa Corp.)
    O4 - HKLM..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SMSystemAnalyzer] E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe ()
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
    O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = E:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192073469310 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (autocheck smrgdf E:\Documents and Settings\Brett Norton\Application Data\iolo\) - File not found
    O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - E:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/20 08:28:56 | 000,000,000 | -HSD | C] -- E:\RECYCLER
    [2010/11/20 00:35:40 | 000,000,000 | RHSD | C] -- E:\cmdcons
    [2010/11/20 00:32:48 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
    [2010/11/20 00:32:48 | 000,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
    [2010/11/20 00:32:48 | 000,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
    [2010/11/20 00:32:48 | 000,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
    [2010/11/20 00:32:40 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
    [2010/11/20 00:32:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Application Data\Avira
    [2010/11/20 00:31:03 | 000,000,000 | ---D | C] -- E:\Qoobox
    [2010/11/20 00:27:47 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
    [2010/11/19 23:32:28 | 000,038,848 | ---- | C] (AVAST Software) -- E:\WINDOWS\avastSS.scr
    [2010/11/19 23:28:55 | 000,165,584 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswSP.sys
    [2010/11/19 23:28:55 | 000,017,744 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/11/19 23:28:54 | 000,023,376 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/11/19 23:28:53 | 000,046,672 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/11/19 23:28:52 | 000,100,176 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/11/19 23:28:52 | 000,094,544 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswmon.sys
    [2010/11/19 23:28:52 | 000,028,880 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/11/19 23:28:21 | 000,167,592 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\aswBoot.exe
    [2010/11/19 22:03:49 | 000,028,520 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/11/19 22:03:47 | 000,126,856 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys
    [2010/11/19 22:03:47 | 000,060,936 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/11/19 22:03:47 | 000,045,416 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/11/19 22:03:47 | 000,022,360 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/11/19 22:03:47 | 000,000,000 | ---D | C] -- E:\Program Files\Avira
    [2010/11/19 22:03:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Avira
    [2010/11/19 21:50:58 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
    [2010/11/19 21:50:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/11/16 20:53:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys
    [2010/11/16 20:53:04 | 000,098,392 | ---- | C] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/16 20:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Sunbelt Software
    [2010/11/16 20:49:36 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/11/16 20:18:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Application Data\Malwarebytes
    [2010/11/16 20:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/16 20:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/16 20:17:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/16 20:17:55 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/16 20:09:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/16 19:48:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/11/15 20:52:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/11/05 20:36:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Yahoo
    [2010/11/05 20:35:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Yahoo!
    [2010/11/05 20:31:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\My Documents\Freecorder 4
    [2010/11/05 20:31:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\FLVService
    [2010/11/05 20:31:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\Freecorder
    [2007/10/08 20:12:32 | 000,065,536 | ---- | C] ( ) -- E:\WINDOWS\System32\A3d.dll
    [4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/20 14:24:53 | 000,000,269 | ---- | M] () -- E:\WINDOWS\MSIOSD.INI
    [2010/11/20 14:08:00 | 000,000,898 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/20 07:51:20 | 000,000,894 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/20 07:06:26 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/11/20 07:04:21 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/20 07:03:08 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
    [2010/11/20 00:47:00 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/20 00:35:49 | 000,000,327 | RHS- | M] () -- E:\boot.ini
    [2010/11/19 23:52:56 | 000,002,626 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
    [2010/11/19 23:28:55 | 000,001,700 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/19 23:23:30 | 000,005,084 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Attach.zip
    [2010/11/19 23:11:53 | 000,001,729 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/19 22:04:01 | 000,001,707 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/19 21:56:47 | 000,002,461 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\HiJackThis.lnk
    [2010/11/19 21:51:05 | 000,000,951 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/11/19 21:51:05 | 000,000,933 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/19 21:40:38 | 000,002,329 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
    [2010/11/16 20:53:03 | 000,098,392 | ---- | M] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/16 20:49:35 | 000,000,885 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/16 20:49:35 | 000,000,867 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/11/16 20:18:00 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/16 20:04:27 | 000,000,672 | ---- | M] () -- E:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/11/14 16:13:59 | 000,000,312 | ---- | M] () -- E:\WINDOWS\MMKEYBD.INI
    [2010/11/13 18:53:02 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- E:\WINDOWS\MBR.exe
    [2010/11/07 20:47:46 | 000,014,139 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Spa Garbage.xlsx
    [2010/11/07 10:51:59 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
    [2010/11/07 10:22:07 | 000,401,064 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
    [2010/11/07 10:22:07 | 000,062,344 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
    [2010/10/31 08:20:39 | 000,041,832 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\2010 Award Letter.pdf
    [2010/10/30 12:15:17 | 000,031,744 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Oct. 30 2010 Bailey UW Finances.xls
    [2010/10/28 19:20:31 | 000,078,848 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Cash Flow Personal - 2010.xls
    [2010/10/26 19:12:55 | 000,176,727 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\GoalSettingwithSMARTGoals.pdf
    [2010/10/26 19:10:20 | 000,954,927 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Doc_Rivers_Transcript.pdf
    [2010/10/26 19:09:42 | 001,307,527 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Doug_Wilson_Transcript.pdf
    [2010/10/26 19:08:36 | 001,220,864 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Julie_Foudy_Transcript.pdf
    [2010/10/26 19:08:05 | 001,101,533 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Joy_Fawcett_Transcript.pdf
    [2010/10/26 19:05:59 | 001,160,951 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Alexi_Lalas_Transcript.pdf
    [2010/10/26 19:02:01 | 000,098,132 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\US Soccer Goal Setting.pdf
    [4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/20 00:35:49 | 000,000,210 | ---- | C] () -- E:\Boot.bak
    [2010/11/20 00:35:45 | 000,260,272 | RHS- | C] () -- E:\cmldr
    [2010/11/20 00:32:48 | 000,256,512 | ---- | C] () -- E:\WINDOWS\PEV.exe
    [2010/11/20 00:32:48 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
    [2010/11/20 00:32:48 | 000,089,088 | ---- | C] () -- E:\WINDOWS\MBR.exe
    [2010/11/20 00:32:48 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
    [2010/11/20 00:32:48 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
    [2010/11/19 23:28:55 | 000,001,700 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/11/19 23:23:30 | 000,005,084 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Attach.zip
    [2010/11/19 23:11:52 | 000,001,729 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/19 22:04:01 | 000,001,707 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/19 21:53:32 | 000,002,461 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\HiJackThis.lnk
    [2010/11/19 21:51:05 | 000,000,951 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/11/19 21:51:05 | 000,000,933 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Spybot - Search & Destroy.lnk
    [2010/11/17 04:37:57 | 000,015,880 | ---- | C] () -- E:\WINDOWS\System32\lsdelete.exe
    [2010/11/16 20:53:35 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/16 20:49:35 | 000,000,885 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/16 20:49:35 | 000,000,867 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/11/16 20:18:00 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/16 20:03:48 | 000,000,672 | ---- | C] () -- E:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/11/07 08:51:01 | 000,014,139 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Spa Garbage.xlsx
    [2010/10/31 08:20:39 | 000,041,832 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\2010 Award Letter.pdf
    [2010/10/30 12:15:17 | 000,031,744 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Oct. 30 2010 Bailey UW Finances.xls
    [2010/10/26 19:12:55 | 000,176,727 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\GoalSettingwithSMARTGoals.pdf
    [2010/10/26 19:10:19 | 000,954,927 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Doc_Rivers_Transcript.pdf
    [2010/10/26 19:09:42 | 001,307,527 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Doug_Wilson_Transcript.pdf
    [2010/10/26 19:08:36 | 001,220,864 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Julie_Foudy_Transcript.pdf
    [2010/10/26 19:08:05 | 001,101,533 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Joy_Fawcett_Transcript.pdf
    [2010/10/26 19:05:59 | 001,160,951 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Alexi_Lalas_Transcript.pdf
    [2010/10/26 19:02:01 | 000,098,132 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\US Soccer Goal Setting.pdf
    [2009/08/01 05:58:51 | 000,225,280 | ---- | C] () -- E:\WINDOWS\System32\nvwrsda.dll
    [2009/04/05 15:21:31 | 000,000,089 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\FASTWiz.log
    [2009/03/15 10:12:12 | 000,000,632 | ---- | C] () -- E:\WINDOWS\CoD.INI
    [2009/03/15 10:10:54 | 000,000,632 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
    [2008/07/17 08:40:28 | 000,069,632 | R--- | C] () -- E:\WINDOWS\System32\xmltok.dll
    [2008/07/17 08:40:27 | 000,036,864 | R--- | C] () -- E:\WINDOWS\System32\xmlparse.dll
    [2008/06/13 16:52:53 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\GTW32N50.dll
    [2008/04/10 15:48:14 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\rx_image.Cache
    [2007/10/13 08:44:50 | 000,004,413 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/10/13 07:41:48 | 000,000,135 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\fusioncache.dat
    [2007/10/12 03:54:42 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
    [2007/10/11 19:25:12 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
    [2007/10/10 19:08:52 | 000,428,904 | ---- | C] () -- E:\WINDOWS\System32\Incinerator.dll
    [2007/10/10 19:07:51 | 000,074,703 | ---- | C] () -- E:\WINDOWS\System32\mfc45.dll
    [2007/10/08 20:52:35 | 000,000,312 | ---- | C] () -- E:\WINDOWS\MMKEYBD.INI
    [2007/10/08 20:52:35 | 000,000,269 | ---- | C] () -- E:\WINDOWS\MSIOSD.INI
    [2007/10/08 20:52:33 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\msiosd32.dll
    [2007/10/08 20:52:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\WININIT.INI
    [2007/10/08 20:19:28 | 000,015,360 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/08 20:13:05 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
    [2007/10/08 20:13:05 | 000,000,000 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
    [2007/10/08 20:12:33 | 000,002,092 | ---- | C] () -- E:\WINDOWS\System32\P16X.ini
    [2007/10/08 20:12:32 | 000,039,936 | ---- | C] () -- E:\WINDOWS\System32\P16X.dll
    [2007/10/08 20:12:30 | 000,006,175 | ---- | C] () -- E:\WINDOWS\MIXDEF.INI
    [2007/10/08 20:12:30 | 000,005,917 | ---- | C] () -- E:\WINDOWS\SBMIXDEF.INI
    [2007/10/08 20:12:28 | 000,000,064 | ---- | C] () -- E:\WINDOWS\P16x.ini
    [2007/10/08 12:34:54 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
    [2005/02/24 06:32:00 | 000,540,672 | ---- | C] () -- E:\WINDOWS\System32\nvhwvid.dll
    [2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- E:\WINDOWS\System32\nvcod.dll
    [2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\NMSInst.dll
    [2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\PROInst.dll
    [2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- E:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2008/11/03 19:44:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Age of Empires 3
    [2010/11/16 19:48:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/05/20 08:55:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Applications
    [2007/10/28 18:10:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Avg7
    [2009/01/19 18:12:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\BVRP Software
    [2009/06/03 19:07:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2009/09/30 18:57:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Firefly Studios
    [2007/10/28 18:04:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Grisoft
    [2008/01/26 08:16:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\iolo
    [2007/12/02 21:53:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MailFrontier
    [2007/10/11 20:06:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Maxtor
    [2010/11/16 20:09:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MFAData
    [2009/07/29 20:02:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/11/16 20:06:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/06/20 18:52:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/11/16 20:49:41 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/06/25 19:39:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Facebook
    [2009/03/15 11:13:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\InterTrust
    [2009/05/25 09:31:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\iolo
    [2007/10/11 16:27:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Opera
    [2010/09/06 18:26:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Research In Motion
    [2007/10/13 11:51:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Smith Micro
    [2009/07/29 20:19:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\SystemRequirementsLab
    [2010/08/27 16:42:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Thunderbird
    [2007/10/21 22:09:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Uniblue
    [2009/11/25 18:24:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\WinPatrol
    [2010/11/20 07:04:21 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/11/20 07:06:26 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2002/06/25 13:36:22 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- E:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\ERDNT\cache\eventlog.dll
    [2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\ERDNT\cache\netlogon.dll
    [2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\ERDNT\cache\scecli.dll
    [2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\system32\scecli.dll
    [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2007/10/08 12:32:55 | 000,090,112 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
    [2007/10/08 12:32:55 | 000,606,208 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
    [2007/10/08 12:32:55 | 000,409,600 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav

    < End of report >
     
  4. theriffs1

    theriffs1 TS Rookie Topic Starter

    OTL Extras logfile created on: 11/20/2010 2:28:23 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Brett Norton\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 28.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
    Drive E: | 127.99 Gb Total Space | 87.89 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
    Drive H: | 74.53 Gb Total Space | 4.76 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

    Computer Name: SPA-3BRGWZJ6EVG | User Name: Brett Norton | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "E:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "E:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = E:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
    "E:\WINDOWS\system32\usmt\migwiz.exe" = E:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
    "E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{1196A3B6-9B62-4999-BF6C-1CCE1F581033}" = Nero 7 Essentials
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{15AD427B-9243-46C6-8A14-CA6BA264162B}" = MySoftware Fonts
    "{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}" = Opera 9.24
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor*MaxBlast
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "DivX Setup.divx.com" = DivX Setup
    "ESET Online Scanner" = ESET Online Scanner v3
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "LG USB Drivers" = LG USB Drivers
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
    "MUSICMATCH Jukebox" = MUSICMATCH Jukebox
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Non Driver CIO Components" = Non Driver CIO Components
    "NVIDIA Display Driver" = NVIDIA Display Driver
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROSet" = Intel(R) PRO Ethernet Adapter and Software
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
    "RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
    "System Mechanic 7_is1" = iolo technologies' System Mechanic 7
    "SystemRequirementsLab" = System Requirements Lab
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/20/2010 3:20:53 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 3:21:00 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    Error - 11/20/2010 3:34:47 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 3:34:57 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    Error - 11/20/2010 3:38:09 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 3:38:18 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    Error - 11/20/2010 4:24:55 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2010 4:25:02 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

    Error - 11/20/2010 4:25:05 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Error | ID = 1001
    Description = Fault bucket -2135977307.

    Error - 11/20/2010 4:25:05 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
    Description = Fault bucket -2137877539.

    [ OSession Events ]
    Error - 7/15/2009 7:42:07 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
    lasted 95 seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/20/2010 6:30:58 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:30:58 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:30:59 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:31:01 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:01 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5

    Error - 11/20/2010 6:31:03 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
    Description = Remote Access Connection Manager failed to start because it could
    not create buffers. Restart the computer. Access is denied.

    Error - 11/20/2010 6:31:03 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%5


    < End of report >
     
  5. crunchie

    crunchie Malware Helper Posts: 728

    Ok, just in case you missed the above. All tools should be run from the desktop please.
    OTL is running from the Downloads folder.

    ============

    You seem to be running more than one anti-virus program. You need to uninstall ALL but one of them or you are going to have problems.

    ============

    When did you last run Combofix? Post it's log please.

    ============

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
      :Commands
      [purity]
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...