Solved Virtumonde.sdn can't remove

[jlc]

Hi,
This virus keeps slowing up my computer and I have tried various things to get rid of it.
Thank you for your help!

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[jlc]

Logs

Hi,

This is the first time I've posted. Please let me know if you need additional info.

Thanks!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4306

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/12/2010 9:17:20 PM
mbam-log-2010-07-12 (21-17-20).txt

Scan type: Quick scan
Objects scanned: 205878
Time elapsed: 39 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-12 22:31:07
Windows 6.0.6002 Service Pack 2
Running: 95fnjk4i.exe; Driver: C:\Users\JILLIP~1\AppData\Local\Temp\fglyafod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6be32d6b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37e573a5
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001a6be32d6b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e37e573a5 (not active ControlSet)

---- EOF - GMER 1.0.15 ----



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2008 6:50:16 PM
System Uptime: 7/12/2010 10:32:29 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30C0
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | U10 | 2401/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 51.36 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2 GiB total, 1.315 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 0.728 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


32 Bit HP CIO Components Installer
6200
6200_Help
6200Trb
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Agere Systems HDA Modem
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B14
avast! Free Antivirus
AVS Audio Editor version 5.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bob the Builder - Bob's Castle Adventure
Bonjour
BufferChm
Business Contact Manager for Outlook 2007 SP2
Copy
Credential Manager for HP ProtectTools
CustomerResearchQFolder
Danger Zone!
DeductionPro 2007
DeductionPro 2008
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Drive Encryption for HP ProtectTools
DVD-CLONER V4.02 Build 907
eMedia Guitar Method
ESU for Microsoft Vista
eSupportQFolder
Farm Craft 2
Fax
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Guitar Pro 5.2
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Active Support Library 32 bit components
HP Backup & Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
HP Notebook Accessories Product Tour
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.40 B2
HP Solution Center 8.0
HP Total Care Advisor
HP User Guides 0064
HP Wireless Assistant
HPProductAssistant
HPSSupply
Insaniquarium! Deluxe
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
JSWPFCom
JSWPFGradeK
JumpStart 3D Ages 4-6
JumpStart Animal Adventures
LightScribe 1.6.43.1
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
MicroMachines V4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Home Publishing 2000
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Monopoly
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASCAR SimRacing
OGA Notifier 2.0.0048.0
PDF Complete
Pivot Stickfigure Animator
Plants vs. Zombies
Power Tab Editor 1.7
QuickTime
Risk II
Roblox for Jill iphone
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sibelius Scorch (ActiveX Only)
SolutionCenter
Sonic Activation Module
Sony Picture Utility
Sony USB Driver
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
TaxCut Massachusetts 2008
TaxCut Premium + State + Efile 2008
Toolbox
TrayApp
TrueSwitch Wizard Verizon
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Default Settings
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Walmart MP3 Music Downloads
WD Diagnostics
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
WinRAR archiver
Wizard101

==== End Of File ===========================

Thank you for your help!!!!!!!

 

[Broni]

You did almost fine
I still need DDS.txt

 

[jlc]

Sorry! I thought I did that : ). Thanks! Let me know if you need anything else! I really apprecite it! Here it is. I'm getting a message that the text is too long. I will post it in 2 parts.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jill iphone at 22:41:16.09 on Mon 07/12/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2039.690 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jill iphone\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\jillip~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll,c:\windows\system32\deskmon32.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-27 64288]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-3-29 13696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-24 165456]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-4-22 5808]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-17 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-6-17 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-24 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-4-22 221184]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2007-1-5 18944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-10-3 540448]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-24 40384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-10-3 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-07-13 01:57:56 93056 ----a-w- C:\fglyafod.sys
2010-07-13 01:46:03 295111402 ----a-w- c:\windows\MEMORY.DMP
2010-07-08 01:09:08 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 21:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 21:09:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 13:39:31 0 d-----w- c:\users\jillip~1\appdata\roaming\Malwarebytes
2010-06-28 02:02:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-28 02:02:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-28 01:59:25 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-28 01:57:54 0 d-----w- c:\programdata\Lavasoft
2010-06-28 01:57:54 0 d-----w- c:\program files\Lavasoft
2010-06-28 01:43:36 0 d-----w- C:\VundoFix Backups
2010-06-28 01:35:36 0 d-----w- c:\programdata\Malwarebytes
2010-06-28 01:35:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 07:13:33 0 d-----w- c:\program files\Windows Portable Devices
2010-06-27 07:13:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-27 07:12:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-27 07:10:21 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-27 07:10:20 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-27 07:10:20 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-27 07:08:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-27 07:08:08 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-27 07:08:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-27 07:01:50 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-27 07:01:50 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-27 07:01:49 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-27 07:01:49 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-27 07:01:49 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-26 13:08:28 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-26 13:08:26 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-26 13:08:26 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-25 17:12:55 0 d-----w- c:\program files\YNAB 3
2010-06-24 23:13:39 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-24 23:10:28 0 d-----w- c:\programdata\Alwil Software
2010-06-24 22:04:51 0 d-----w- c:\users\jillip~1\appdata\roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2010-06-24 21:14:36 0 d-----w- c:\users\jillip~1\appdata\roaming\Verizon
2010-06-24 01:22:05 0 d-----w- c:\program files\Internet Content Filter
2010-06-24 01:17:22 0 d-----w- c:\program files\McAfee.com
2010-06-24 01:17:10 0 d-----w- c:\program files\McAfee
2010-06-24 01:11:28 0 d-----w- c:\programdata\Radialpoint
2010-06-24 01:11:26 0 d-----w- c:\programdata\Verizon
2010-06-22 14:20:22 0 d-----w- c:\windows\system32\eu-ES
2010-06-22 14:20:22 0 d-----w- c:\windows\system32\ca-ES
2010-06-22 14:20:21 0 d-----w- c:\windows\system32\vi-VN
2010-06-20 21:20:18 0 d-----w- c:\users\jillip~1\appdata\roaming\Printer Info Cache
2010-06-20 02:19:23 0 d-sh--w- c:\programdata\SysWoW32
2010-06-20 02:19:07 203776 --sh--w- c:\programdata\unrar.exe
2010-06-18 02:18:58 0 d-----w- c:\program files\iPod
2010-06-18 02:18:56 0 d-----w- c:\program files\iTunes
2010-06-18 02:12:46 0 d-----w- c:\program files\Bonjour
2010-06-13 22:03:16 0 d-----w- c:\users\jillip~1\appdata\roaming\NevoSoft Games
2010-06-13 22:00:59 0 d-----w- c:\program files\Farm Craft 2
2010-06-13 21:55:09 19 ----a-w- c:\windows\popcinfo.dat
2010-06-13 21:21:59 0 d---a-w- c:\programdata\TEMP
2010-06-13 21:21:53 0 d-----w- c:\program files\Insaniquarium! Deluxe

 

[jlc]

Here is the rest of the file

==================== Find3M ====================
2010-06-27 07:13:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-27 07:13:23 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-27 07:13:23 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-27 07:13:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-22 14:03:09 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-06-18 00:44:13 148984 ----a-w- c:\windows\hpoins19.dat
2010-06-06 14:11:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-07 00:54:36 2060596375 ----a-w- c:\program files\Garmin_RMU_CNNANT2010C.exe
2008-12-29 08:19:31 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-06-10 10:53:13 22 --sha-w- c:\windows\sminst\HPCD.sys
============= FINISH: 22:44:06.20 ===============

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[jlc]

Here it is. It all wouldn't fit so I will post the rest in another reply.

Thanks again!

ComboFix 10-07-13.02 - Jill iphone 07/13/2010 23:42:02.1.2 - x86
Running from: c:\users\Jill iphone\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u1640410336v4
c:\programdata\SysWoW32\_u1640410336v5
c:\programdata\SysWoW32\_u1640410336v6
c:\programdata\SysWoW32\_u1640410336v7
c:\programdata\SysWoW32\mu1640410336v4
c:\programdata\SysWoW32\mu1640410336v4.kwd
c:\programdata\SysWoW32\mu1640410336v5
c:\programdata\SysWoW32\mu1640410336v5.kwd
c:\programdata\SysWoW32\mu1640410336v6
c:\programdata\SysWoW32\mu1640410336v6.kwd
c:\programdata\SysWoW32\mu1640410336v7
c:\programdata\SysWoW32\mu1640410336v7.kwd
c:\programdata\SysWoW32\wu1640410336v0
c:\programdata\SysWoW32\wu1640410336v0.kwd
c:\programdata\SysWoW32\wu1640410336v1
c:\programdata\SysWoW32\wu1640410336v1.kwd
c:\programdata\SysWoW32\wu1640410336v2
c:\programdata\SysWoW32\wu1640410336v2.kwd
c:\programdata\SysWoW32\wu1640410336v3
c:\programdata\SysWoW32\wu1640410336v3.kwd
c:\programdata\unrar.exe
c:\users\Chris\AppData\Roaming\02000000b21c2dff957C.manifest
c:\users\Chris\AppData\Roaming\02000000b21c2dff957O.manifest
c:\users\Chris\AppData\Roaming\02000000b21c2dff957P.manifest
c:\users\Chris\AppData\Roaming\02000000b21c2dff957S.manifest
c:\users\Cody\AppData\Roaming\02000000b21c2dff957C.manifest
c:\users\Cody\AppData\Roaming\02000000b21c2dff957O.manifest
c:\users\Cody\AppData\Roaming\02000000b21c2dff957P.manifest
c:\users\Cody\AppData\Roaming\02000000b21c2dff957S.manifest
c:\users\Jill iphone\AppData\Roaming\02000000b21c2dff957C.manifest
c:\users\Jill iphone\AppData\Roaming\02000000b21c2dff957O.manifest
c:\users\Jill iphone\AppData\Roaming\02000000b21c2dff957P.manifest
c:\users\Jill iphone\AppData\Roaming\02000000b21c2dff957S.manifest
c:\users\Jill\AppData\Roaming\02000000b21c2dff957C.manifest
c:\users\Jill\AppData\Roaming\02000000b21c2dff957O.manifest
c:\users\Jill\AppData\Roaming\02000000b21c2dff957P.manifest
c:\users\Jill\AppData\Roaming\02000000b21c2dff957S.manifest
c:\users\Zachary\AppData\Roaming\02000000b21c2dff957C.manifest
c:\users\Zachary\AppData\Roaming\02000000b21c2dff957O.manifest
c:\users\Zachary\AppData\Roaming\02000000b21c2dff957P.manifest
c:\users\Zachary\AppData\Roaming\02000000b21c2dff957S.manifest
c:\windows\MailSwitch.ocx
c:\windows\system32\%appdata%
c:\windows\xpsp1hfm.log
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Zachary\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Old Ipod\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Jill\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\IPOD touch\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Cody\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Chris Shuffle\AppData\Local\temp
2010-07-14 04:30 . 2010-07-14 04:30 -------- d-----w- c:\users\Sammy\AppData\Local\temp
2010-07-13 01:57 . 2010-07-13 01:57 93056 ----a-w- C:\fglyafod.sys
2010-07-08 01:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-06 21:55 . 2010-07-06 21:56 -------- d-----w- c:\users\Jill iphone\AppData\Local\Roblox
2010-07-05 15:05 . 2010-07-05 15:05 -------- d-----w- c:\users\Chris Shuffle\AppData\Roaming\Malwarebytes
2010-06-28 21:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 21:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 13:39 . 2010-06-28 13:39 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Malwarebytes
2010-06-28 02:02 . 2010-06-28 02:01 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-28 02:02 . 2010-06-28 02:02 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-28 01:59 . 2010-06-28 01:59 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-28 01:57 . 2010-06-28 02:02 -------- d-----w- c:\programdata\Lavasoft
2010-06-28 01:57 . 2010-06-28 01:59 -------- d-----w- c:\program files\Lavasoft
2010-06-28 01:43 . 2010-06-28 01:43 -------- d-----w- C:\VundoFix Backups
2010-06-28 01:35 . 2010-06-28 01:35 -------- d-----w- c:\programdata\Malwarebytes
2010-06-28 01:35 . 2010-07-13 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 07:13 . 2010-06-27 07:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-27 07:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-27 07:10 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-27 07:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-27 07:08 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-27 07:08 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-27 07:08 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-27 07:01 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-27 07:01 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-27 07:01 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-27 07:01 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-27 07:01 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-26 13:08 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-26 13:08 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-26 13:08 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-25 17:12 . 2010-06-25 17:13 -------- d-----w- c:\program files\YNAB 3
2010-06-24 23:13 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 23:13 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-24 23:13 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-24 23:13 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-24 23:13 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-24 23:11 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-24 23:10 . 2010-06-24 23:10 -------- d-----w- c:\programdata\Alwil Software
2010-06-24 23:10 . 2010-06-24 23:10 -------- d-----w- c:\program files\Alwil Software
2010-06-24 22:04 . 2010-06-24 22:04 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2010-06-24 21:14 . 2010-06-24 21:14 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Verizon
2010-06-24 01:22 . 2010-06-24 01:22 -------- d-----w- c:\program files\Internet Content Filter
2010-06-24 01:17 . 2010-06-24 01:17 -------- d-----w- c:\program files\McAfee.com
2010-06-24 01:17 . 2010-06-24 01:19 -------- d-----w- c:\program files\McAfee
2010-06-24 01:11 . 2010-06-24 01:11 -------- d-----w- c:\users\Chris\AppData\Roaming\Verizon
2010-06-24 01:11 . 2010-06-24 01:11 -------- d-----w- c:\programdata\Radialpoint
2010-06-24 01:11 . 2010-06-24 01:11 -------- d-----w- c:\programdata\Verizon
2010-06-22 14:20 . 2010-06-22 14:20 -------- d-----w- c:\windows\system32\ca-ES
2010-06-22 14:20 . 2010-06-22 14:20 -------- d-----w- c:\windows\system32\eu-ES
2010-06-22 14:20 . 2010-06-22 14:20 -------- d-----w- c:\windows\system32\vi-VN
2010-06-22 13:43 . 2010-06-22 13:43 -------- d-----w- c:\users\Zachary\AppData\Roaming\Apple Computer
2010-06-21 16:44 . 2010-06-21 16:45 -------- d-----w- c:\users\Cody\AppData\Roaming\LimeWire
2010-06-20 21:20 . 2010-06-20 21:20 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Printer Info Cache
2010-06-20 21:20 . 2010-06-20 21:20 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Image Zone Express
2010-06-20 02:29 . 2010-06-20 02:45 -------- d-----w- c:\users\Chris\Incomplete
2010-06-20 02:26 . 2010-06-20 02:44 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2010-06-19 14:14 . 2010-06-19 14:14 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\SampleView
2010-06-18 02:18 . 2010-06-18 02:18 -------- d-----w- c:\program files\iPod
2010-06-18 02:18 . 2010-06-18 02:20 -------- d-----w- c:\program files\iTunes
2010-06-18 02:12 . 2010-06-18 02:12 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 04:32 . 2007-10-03 08:26 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-13 08:16 . 2008-06-28 13:37 -------- d-----w- c:\programdata\Google Updater
2010-06-27 07:13 . 2010-06-27 07:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-27 07:12 . 2010-06-27 07:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-25 17:13 . 2009-09-18 17:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-25 12:37 . 2007-10-03 09:33 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 02:37 . 2009-07-07 00:52 -------- d-----w- c:\program files\Guitar Pro 5
2010-06-25 02:37 . 2008-10-17 01:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-24 04:19 . 2009-01-28 20:11 -------- d-----w- c:\programdata\McAfee
2010-06-24 01:22 . 2007-10-03 09:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 01:11 . 2009-03-26 18:46 -------- d-----w- c:\program files\Verizon
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-06-22 14:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-06-22 13:43 . 2010-01-02 01:30 142560 ----a-w- c:\users\Zachary\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-18 02:18 . 2008-06-14 00:52 -------- d-----w- c:\program files\Common Files\Apple
2010-06-18 02:13 . 2008-09-10 00:59 -------- d-----w- c:\users\Jill\AppData\Roaming\Apple Computer
2010-06-18 02:11 . 2010-03-21 23:11 -------- d-----w- c:\program files\Safari
2010-06-18 00:44 . 2008-06-12 16:49 148984 ----a-w- c:\windows\hpoins19.dat
2010-06-13 22:03 . 2010-06-13 22:03 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\NevoSoft Games
2010-06-13 22:01 . 2010-06-13 22:00 -------- d-----w- c:\program files\Farm Craft 2
2010-06-13 21:55 . 2010-06-13 21:55 19 ----a-w- c:\windows\popcinfo.dat
2010-06-13 21:23 . 2010-06-13 21:21 -------- d-----w- c:\program files\Insaniquarium! Deluxe
2010-06-11 07:16 . 2007-10-03 09:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 02:13 . 2010-06-09 02:13 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\InterVideo
2010-06-09 00:59 . 2010-06-09 00:59 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-06 14:13 . 2007-10-03 10:06 -------- d-----w- c:\program files\Common Files\Java
2010-06-06 14:11 . 2010-06-06 14:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-06 14:11 . 2007-10-03 10:06 -------- d-----w- c:\program files\Java
2010-06-06 12:50 . 2009-06-03 00:58 -------- d-----w- c:\users\Cody\AppData\Roaming\Apple Computer
2010-06-05 15:12 . 2010-05-23 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 01:48 . 2010-05-03 21:27 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\HP
2010-05-31 23:18 . 2009-12-31 18:51 142560 ----a-w- c:\users\IPOD touch\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 22:54 . 2008-08-01 11:25 142560 ----a-w- c:\users\Cody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 14:05 . 2008-09-01 01:35 142560 ----a-w- c:\users\Jill\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 17:12 . 2007-10-03 09:43 -------- d-----w- c:\programdata\Roxio
2010-05-26 17:06 . 2010-06-11 05:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 05:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-02 20:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 23:02 . 2008-06-09 15:43 142560 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 01:08 . 2010-05-03 21:27 142560 ----a-w- c:\users\Jill iphone\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-19 23:35 . 2010-05-19 23:35 -------- d-----w- c:\programdata\AVS4YOU
2010-05-19 23:35 . 2010-05-19 23:35 -------- d-----w- c:\users\Chris Shuffle\AppData\Roaming\AVS4YOU
2010-05-19 23:35 . 2008-12-25 13:36 142560 ----a-w- c:\users\Chris Shuffle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-19 23:35 . 2010-05-19 23:33 -------- d-----w- c:\program files\AVS4YOU
2010-05-19 23:35 . 2010-05-19 23:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-19 23:34 . 2010-05-19 23:34 -------- d-----w- c:\users\Chris\AppData\Roaming\AVS4YOU
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59 . 2010-06-11 05:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 05:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 05:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 05:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 05:53 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 13:51 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:47 . 2010-04-20 00:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-04-20 00:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 00:54 . 2009-05-07 00:36 2060596375 ----a-w- c:\program files\Garmin_RMU_CNNANT2010C.exe
2008-06-10 10:53 . 2008-06-10 10:53 22 --sha-w- c:\windows\SMINST\HPCD.sys

 

[jlc]

Here is the rest of the combo fix log

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-05 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-17 1097728]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

c:\users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-19 344064]
TrueAssistant.lnk - c:\program files\TrueSwitchVerizon\TrueWizard.exe [2009-4-7 1069056]

c:\users\Jill iphone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-9 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2009-11-15 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):95,76,33,2d,17,12,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-28 64288]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:01]

2010-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-28 21:36]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:08]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:08]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{1793ED6A-7632-4CA8-91A7-49A6DF4BE32C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{6EA59A76-5CE1-40A1-9254-65A07DAD6639}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{7EADEBFF-4350-440F-A38D-A3CAAB912AD3}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{9B79E8A3-964E-49F0-B204-F6F15A4BE0E1}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 03:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\SbHpNp.dll

- - - - - - - > 'Explorer.exe'(5516)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SMINST\scheduler.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Common Files\microsoft shared\Works Shared\wkcalrem.exe
c:\program files\Common Files\microsoft shared\Works Shared\WksCal.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Completion time: 2010-07-14 03:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-14 07:21

Pre-Run: 55,618,482,176 bytes free
Post-Run: 54,946,959,360 bytes free

- - End Of File - - 3C2EF478D5D02962F00B14E5CFE0DF9D

 

[Broni]

You're running two AV programs, Avast and Norton. One of them has to go.
If Norton, use Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

========================================================================

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\fglyafod.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[jlc]

Thanks! I uninstalled Norton. I didn't realize it was still installed/running. Below is the combo fix log from tonight. I really appreciate your help!

ComboFix 10-07-14.01 - Jill iphone 07/14/2010 20:28:33.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2039.700 [GMT -4:00]
Running from: c:\users\Jill iphone\Desktop\ComboFix.exe
Command switches used :: c:\users\Jill iphone\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\fglyafod.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fglyafod.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Zachary\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Sammy\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Old Ipod\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Jill\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\IPOD touch\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Cody\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Chris\AppData\Local\temp
2010-07-15 00:41 . 2010-07-15 00:41 -------- d-----w- c:\users\Chris Shuffle\AppData\Local\temp
2010-07-08 01:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-06 21:55 . 2010-07-06 21:56 -------- d-----w- c:\users\Jill iphone\AppData\Local\Roblox
2010-07-05 15:05 . 2010-07-05 15:05 -------- d-----w- c:\users\Chris Shuffle\AppData\Roaming\Malwarebytes
2010-06-28 21:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 21:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 13:39 . 2010-06-28 13:39 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Malwarebytes
2010-06-28 02:02 . 2010-06-28 02:01 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-28 02:02 . 2010-06-28 02:02 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-28 01:59 . 2010-06-28 01:59 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-28 01:57 . 2010-06-28 02:02 -------- d-----w- c:\programdata\Lavasoft
2010-06-28 01:57 . 2010-06-28 01:59 -------- d-----w- c:\program files\Lavasoft
2010-06-28 01:43 . 2010-06-28 01:43 -------- d-----w- C:\VundoFix Backups
2010-06-28 01:35 . 2010-06-28 01:35 -------- d-----w- c:\programdata\Malwarebytes
2010-06-28 01:35 . 2010-07-13 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 07:13 . 2010-06-27 07:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-27 07:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-27 07:10 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-27 07:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-27 07:08 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-27 07:08 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-27 07:08 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-27 07:01 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-27 07:01 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-27 07:01 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-27 07:01 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-27 07:01 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-26 13:08 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-26 13:08 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-26 13:08 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-25 17:12 . 2010-06-25 17:13 -------- d-----w- c:\program files\YNAB 3
2010-06-24 23:13 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 23:13 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-24 23:13 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-24 23:13 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-24 23:13 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-24 23:11 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-24 23:10 . 2010-06-24 23:10 -------- d-----w- c:\programdata\Alwil Software
2010-06-24 23:10 . 2010-06-24 23:10 -------- d-----w- c:\program files\Alwil Software
2010-06-24 22:04 . 2010-06-24 22:04 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2010-06-24 21:14 . 2010-06-24 21:14 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Verizon
2010-06-24 01:22 . 2010-06-24 01:22 -------- d-----w- c:\program files\Internet Content Filter
2010-06-24 01:11 . 2010-06-24 01:11 -------- d-----w- c:\users\Chris\AppData\Roaming\Verizon
2010-06-24 01:11 . 2010-06-24 01:11 -------- d-----w- c:\programdata\Radialpoint
2010-06-24 01:11 . 2010-06-24 01:11 -------- d-----w- c:\programdata\Verizon
2010-06-22 14:20 . 2010-06-22 14:20 -------- d-----w- c:\windows\system32\ca-ES
2010-06-22 14:20 . 2010-06-22 14:20 -------- d-----w- c:\windows\system32\eu-ES
2010-06-22 14:20 . 2010-06-22 14:20 -------- d-----w- c:\windows\system32\vi-VN
2010-06-22 13:43 . 2010-06-22 13:43 -------- d-----w- c:\users\Zachary\AppData\Roaming\Apple Computer
2010-06-21 16:44 . 2010-06-21 16:45 -------- d-----w- c:\users\Cody\AppData\Roaming\LimeWire
2010-06-20 21:20 . 2010-06-20 21:20 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Printer Info Cache
2010-06-20 21:20 . 2010-06-20 21:20 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\Image Zone Express
2010-06-20 02:29 . 2010-06-20 02:45 -------- d-----w- c:\users\Chris\Incomplete
2010-06-20 02:26 . 2010-06-20 02:44 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2010-06-19 14:14 . 2010-06-19 14:14 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\SampleView
2010-06-18 02:18 . 2010-06-18 02:18 -------- d-----w- c:\program files\iPod
2010-06-18 02:18 . 2010-06-18 02:20 -------- d-----w- c:\program files\iTunes
2010-06-18 02:12 . 2010-06-18 02:12 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 00:09 . 2007-10-03 08:26 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-14 23:49 . 2007-10-03 09:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-14 09:17 . 2008-06-28 13:37 -------- d-----w- c:\programdata\Google Updater
2010-06-27 07:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-27 07:13 . 2010-06-27 07:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-27 07:12 . 2010-06-27 07:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-25 17:13 . 2009-09-18 17:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-25 12:37 . 2007-10-03 09:33 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 02:37 . 2009-07-07 00:52 -------- d-----w- c:\program files\Guitar Pro 5
2010-06-25 02:37 . 2008-10-17 01:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-24 01:22 . 2007-10-03 09:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 01:11 . 2009-03-26 18:46 -------- d-----w- c:\program files\Verizon
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-06-22 14:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-22 14:20 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-06-22 13:43 . 2010-01-02 01:30 142560 ----a-w- c:\users\Zachary\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-18 02:18 . 2008-06-14 00:52 -------- d-----w- c:\program files\Common Files\Apple
2010-06-18 02:13 . 2008-09-10 00:59 -------- d-----w- c:\users\Jill\AppData\Roaming\Apple Computer
2010-06-18 02:11 . 2010-06-18 02:11 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-18 02:11 . 2010-03-21 23:11 -------- d-----w- c:\program files\Safari
2010-06-18 02:10 . 2010-06-18 02:10 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-18 00:44 . 2008-06-12 16:49 148984 ----a-w- c:\windows\hpoins19.dat
2010-06-13 22:03 . 2010-06-13 22:03 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\NevoSoft Games
2010-06-13 22:01 . 2010-06-13 22:00 -------- d-----w- c:\program files\Farm Craft 2
2010-06-13 21:55 . 2010-06-13 21:55 19 ----a-w- c:\windows\popcinfo.dat
2010-06-13 21:23 . 2010-06-13 21:21 -------- d-----w- c:\program files\Insaniquarium! Deluxe
2010-06-11 07:16 . 2007-10-03 09:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 02:13 . 2010-06-09 02:13 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\InterVideo
2010-06-09 00:59 . 2010-06-09 00:59 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-06 14:13 . 2007-10-03 10:06 -------- d-----w- c:\program files\Common Files\Java
2010-06-06 14:11 . 2010-06-06 14:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-06 14:11 . 2007-10-03 10:06 -------- d-----w- c:\program files\Java
2010-06-06 12:50 . 2009-06-03 00:58 -------- d-----w- c:\users\Cody\AppData\Roaming\Apple Computer
2010-06-05 15:12 . 2010-05-23 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 11:52 . 2010-06-03 11:52 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb44E0.tmp.exe
2010-06-01 01:48 . 2010-05-03 21:27 -------- d-----w- c:\users\Jill iphone\AppData\Roaming\HP
2010-05-31 23:18 . 2009-12-31 18:51 142560 ----a-w- c:\users\IPOD touch\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 22:54 . 2008-08-01 11:25 142560 ----a-w- c:\users\Cody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 14:05 . 2008-09-01 01:35 142560 ----a-w- c:\users\Jill\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-27 17:12 . 2007-10-03 09:43 -------- d-----w- c:\programdata\Roxio
2010-05-26 17:06 . 2010-06-11 05:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 05:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-02 20:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 23:02 . 2008-06-09 15:43 142560 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 01:08 . 2010-05-03 21:27 142560 ----a-w- c:\users\Jill iphone\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-19 23:35 . 2010-05-19 23:35 -------- d-----w- c:\programdata\AVS4YOU
2010-05-19 23:35 . 2010-05-19 23:35 -------- d-----w- c:\users\Chris Shuffle\AppData\Roaming\AVS4YOU
2010-05-19 23:35 . 2008-12-25 13:36 142560 ----a-w- c:\users\Chris Shuffle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-19 23:35 . 2010-05-19 23:33 -------- d-----w- c:\program files\AVS4YOU
2010-05-19 23:35 . 2010-05-19 23:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-19 23:34 . 2010-05-19 23:34 -------- d-----w- c:\users\Chris\AppData\Roaming\AVS4YOU
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59 . 2010-06-11 05:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 05:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 05:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 05:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 05:53 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 10:08 . 2010-04-24 10:08 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 14:13 . 2010-05-26 13:51 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:47 . 2010-04-20 00:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-04-20 00:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 16:43 . 2010-06-26 13:08 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-26 13:08 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-26 13:08 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-26 13:08 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2009-05-07 00:54 . 2009-05-07 00:36 2060596375 ----a-w- c:\program files\Garmin_RMU_CNNANT2010C.exe
2008-06-10 10:53 . 2008-06-10 10:53 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

 

[jlc]

Below is the rest of the file: Thanks!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-11 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-11 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-11 133912]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-05 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-17 1097728]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

c:\users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Jill iphone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-9 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2009-11-15 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):95,76,33,2d,17,12,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-28 64288]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:01]

2010-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-28 21:36]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:08]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:08]

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{1793ED6A-7632-4CA8-91A7-49A6DF4BE32C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{6EA59A76-5CE1-40A1-9254-65A07DAD6639}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{7EADEBFF-4350-440F-A38D-A3CAAB912AD3}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]

2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{9B79E8A3-964E-49F0-B204-F6F15A4BE0E1}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 20:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\windows\SbHpNp.dll
.
Completion time: 2010-07-14 20:48:24
ComboFix-quarantined-files.txt 2010-07-15 00:48
ComboFix2.txt 2010-07-14 07:21

Pre-Run: 58,815,401,984 bytes free
Post-Run: 58,795,479,040 bytes free

- - End Of File - - 3604FD4657526EEE9A24E4EB13F84DE9

 

[Broni]

You're very welcome
How is your computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[jlc]

Hi,
Computer seems better, but it's hard to tell. Here is the extras.txt log

OTL Extras logfile created on: 7/14/2010 9:44:42 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Jill iphone\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.73 Gb Total Space | 54.91 Gb Free Space | 24.76% Space Free | Partition Type: NTFS
Drive D: | 505.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.73% Space Free | Partition Type: NTFS
Drive F: | 9.60 Gb Total Space | 0.73 Gb Free Space | 7.59% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAIGHTONPC
Current User Name: Jill iphone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16DAA0FC-F442-45C0-B094-DBA524BE34F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5443E722-9073-4306-ADB5-5A75937E16D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{569B9265-8900-4B6B-85BE-39AD608075FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7BD7325F-7E7F-49A0-A8BD-8E39FF54BCFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E44D42C-16C4-4333-A7FD-C1611060EB7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91F1BB44-D502-41A7-A047-AF71489891D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9F0A2D0-14AD-4C07-8CC1-358E32203207}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D4AE95F4-950F-4158-BDC4-3A3A86C54BD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3D5BBC3-7173-4BC8-B605-A5C3B7C4D4E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17C1CF3B-6C8F-421F-ACDF-E5400FE0A56D}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{1E9AA3FD-731D-4A96-8091-A342B9E83032}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E5F9CCA-2E46-494A-B156-E6AB71F3F8B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{304A4218-6F7C-485E-BD28-61939630ED28}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{34C79B72-539F-4512-9598-482E4F0A5B0C}" = protocol=17 | dir=in | app=c:\users\jill iphone\appdata\local\temp\7zsd280.tmp\symnrt.exe |
"{4E35D396-7E63-4F15-979E-39D948670CD9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{54D66579-AE52-45C6-A787-E368E2C4A6DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B24C852-3888-4B02-BF95-FD3E779AC5DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E0EB2C5-2378-49B3-ADB5-83751B6284A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{654D06D6-6FF1-43CA-8C52-18E2FE018308}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69E4D3C0-D18A-40F3-AEFB-707451AB44E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6A560C40-2CB3-484C-83C9-654AF9F73EC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{78069414-54A9-4616-B221-C298ED474110}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{841A6460-ABE0-42B5-A669-F9D90542797B}" = protocol=6 | dir=out | app=system |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{98D99B58-A97E-43B5-ACFD-E83115D9FF9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EE2E33B-DAF9-43A5-9A14-95A22D6AC5B1}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{A4766DCA-3180-48B0-AF64-571F93ACBB36}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A65C5679-4298-4A23-B37F-250DED87AE26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B9A1D705-0AF9-4230-B650-975FAD36D81C}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C6D43605-5164-445E-ACF7-98C887C5D9FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CECFF028-89CC-456B-B2EA-CD2B499F36C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1AB7C9F-0635-43F3-BE87-4FC66ACD24DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCFAC3A2-85A8-404F-B88E-C75B638B18FF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DFD1A09B-7F7D-4686-9A82-8CCC3DA9826D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5186DE3-F554-44E0-9C9D-1CA346EBD99E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9A434D8-FF89-4FB8-94A4-4CE5132E59CF}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{F3EE1ED3-B3B5-4FDD-9841-E64E4E61380E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F66CCBF0-EA1D-4C97-8A8B-9806FC89E05C}" = protocol=6 | dir=in | app=c:\users\jill iphone\appdata\local\temp\7zsd280.tmp\symnrt.exe |
"TCP Query User{57F3B761-E07C-4E6B-BC8C-378AFB867C64}G:\techwizard.exe" = protocol=6 | dir=in | app=g:\techwizard.exe |
"TCP Query User{728631C1-9361-4A1E-A3AF-95D854B29BBE}C:\windows\sminst\scheduler.exe" = protocol=6 | dir=in | app=c:\windows\sminst\scheduler.exe |
"TCP Query User{C3C19125-93B1-4FD6-A268-953F01F79E30}C:\windows\sminst\scheduler.exe" = protocol=6 | dir=in | app=c:\windows\sminst\scheduler.exe |
"UDP Query User{122676DE-7A7E-4880-927B-626D0B68F2EF}C:\windows\sminst\scheduler.exe" = protocol=17 | dir=in | app=c:\windows\sminst\scheduler.exe |
"UDP Query User{B40FDF9B-EAB0-44EF-9D6E-11409D76965B}G:\techwizard.exe" = protocol=17 | dir=in | app=g:\techwizard.exe |
"UDP Query User{F7300BA5-7F24-44AA-9309-2924E01FD91F}C:\windows\sminst\scheduler.exe" = protocol=17 | dir=in | app=c:\windows\sminst\scheduler.exe |

 

[jlc]

Here's the rest of the extras log
========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}" = Microsoft Home Publishing 2000
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E900196-D879-4905-0098-B3BCECF72AB9}" = NASCAR SimRacing
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B14A44F-5815-4136-9ECF-B56E928CEC0F}" = 6200
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2A905A-2F85-4A25-858E-27F92E56B61C}" = Vista Default Settings
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68AB3A70-25E1-4D41-BDFF-7ED20C07D623}" = 6200Trb
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E993AC6-2086-4CAA-9486-702D28B296C0}" = Bob the Builder - Bob's Castle Adventure
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D7B871-D25E-4EFF-8BE6-FBB11D47AF6E}" = TaxCut Massachusetts 2008
"{7985F97F-7363-4A1E-80B9-50C4F0E8D19E}" = 6200_Help
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0A59-B202-4D2A-9343-A7E5ACE852B7}" = JSWPFCom
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5607B7F-C208-4B66-9E0D-8434F4C23528}" = ESU for Microsoft Vista
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EB23D7-8AA5-457F-82B8-4F60321A9CC7}" = JSWPFGradeK
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Guitar Method
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F8A678B8-AC50-4B57-B520-0E37A51020E4}" = HP 3D DriveGuard
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BFG-Farm Craft 2" = Farm Craft 2
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Danger Zone!" = Danger Zone!
"DVD-CLONER IV_is1" = DVD-CLONER V4.02 Build 907
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"JumpStart 3D Ages 4-6" = JumpStart 3D Ages 4-6
"JumpStart Animal Adventures" = JumpStart Animal Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2008b" = Microsoft Money Plus
"PDF Complete" = PDF Complete
"Plants vs. Zombies" = Plants vs. Zombies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueSwitch Wizard Verizon" = TrueSwitch Wizard Verizon
"UnityWebPlayer" = Unity Web Player
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Jill iphone

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2010 9:52:44 PM | Computer Name = LaightonPC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 9:52:44 PM | Computer Name = LaightonPC | Source = Bonjour Service | ID = 100
Description = 252: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 9:52:44 PM | Computer Name = LaightonPC | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 11:41:18 PM | Computer Name = LaightonPC | Source = Application Error | ID = 1000
Description = Faulting application HIDEC.exe, version 0.0.0.0, time stamp 0x42c12411,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000142, fault offset 0x00009eed, process id 0x744, application start time
0x01cb230669e7ba9d.

Error - 7/13/2010 11:41:18 PM | Computer Name = LaightonPC | Source = Application Error | ID = 1000
Description = Faulting application PEV.cfxxe, version 0.0.0.0, time stamp 0x4bd0e994,
faulting module comctl32.dll_unloaded, version 0.0.0.0, time stamp 0x4791a629,
exception code 0xc0000005, fault offset 0x74ac3135, process id 0x1afc, application
start time 0x01cb230669d93bad.

Error - 7/14/2010 12:31:09 AM | Computer Name = LaightonPC | Source = Application Error | ID = 1000
Description = Faulting application REGT.cfxxe, version 6.0.6001.18000, time stamp
0x47918ae8, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000142, fault offset 0x00009eed, process id 0xd8c, application
start time 0x01cb230d6223f33d.

Error - 7/14/2010 12:31:11 AM | Computer Name = LaightonPC | Source = Application Error | ID = 1000
Description = Faulting application PEV.cfxxe, version 0.0.0.0, time stamp 0x4bd0e994,
faulting module comctl32.dll_unloaded, version 0.0.0.0, time stamp 0x4791a629,
exception code 0xc0000005, fault offset 0x74ac3135, process id 0x1a50, application
start time 0x01cb230d6214b0fd.

Error - 7/14/2010 12:31:37 AM | Computer Name = LaightonPC | Source = Application Error | ID = 1000
Description = Faulting application PEV.cfxxe, version 0.0.0.0, time stamp 0x4bd0e994,
faulting module comctl32.dll_unloaded, version 0.0.0.0, time stamp 0x4791a629,
exception code 0xc0000005, fault offset 0x74ac3135, process id 0x13e0, application
start time 0x01cb230d723717cd.

Error - 7/14/2010 12:31:37 AM | Computer Name = LaightonPC | Source = Application Error | ID = 1000
Description = Faulting application REGT.cfxxe, version 6.0.6001.18000, time stamp
0x47918ae8, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000142, fault offset 0x00009eed, process id 0x4d0, application
start time 0x01cb230d724e705d.

Error - 7/14/2010 12:37:27 AM | Computer Name = LaightonPC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 10/5/2008 5:50:30 AM | Computer Name = LaightonPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/17/2008 10:02:50 PM | Computer Name = LaightonPC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/21/2008 2:47:05 AM | Computer Name = LaightonPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:16:43 PM | Computer Name = LaightonPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/6/2009 6:35:59 PM | Computer Name = LaightonPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/10/2010 6:22:45 PM | Computer Name = LaightonPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/14/2010 8:11:29 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/14/2010 8:18:11 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/14/2010 8:28:04 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/14/2010 8:41:35 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/14/2010 9:24:59 PM | Computer Name = LaightonPC | Source = Application Popup | ID = 875
Description = Driver sfdrv01.sys has been blocked from loading.

Error - 7/14/2010 9:25:38 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/14/2010 9:27:57 PM | Computer Name = LaightonPC | Source = DCOM | ID = 10005
Description =

Error - 7/14/2010 9:27:57 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/14/2010 9:27:57 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/14/2010 9:32:34 PM | Computer Name = LaightonPC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

 

[jlc]

Here is the otl.txt part 1
OTL logfile created on: 7/14/2010 9:44:42 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Jill iphone\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.73 Gb Total Space | 54.91 Gb Free Space | 24.76% Space Free | Partition Type: NTFS
Drive D: | 505.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.73% Space Free | Partition Type: NTFS
Drive F: | 9.60 Gb Total Space | 0.73 Gb Free Space | 7.59% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAIGHTONPC
Current User Name: Jill iphone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/14 21:32:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jill iphone\Desktop\OTL.exe
PRC - [2010/06/30 22:28:55 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/27 22:01:36 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/05/05 14:42:10 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/04/11 02:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/06/28 09:37:51 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/06 17:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007/05/08 11:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/05/08 11:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/04/22 19:32:42 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/04/15 21:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/03/29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/01/09 18:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/02 21:40:10 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/12/10 21:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 21:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2006/10/17 10:55:20 | 001,097,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [1999/07/29 11:49:44 | 000,131,127 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
PRC - [1999/07/29 11:33:02 | 000,053,317 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\wkcalrem.exe


========== Modules (SafeList) ==========

MOD - [2010/07/14 21:32:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jill iphone\Desktop\OTL.exe
MOD - [2010/03/05 10:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/09/24 22:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 02:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/11 02:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/11 02:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009/04/11 02:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 02:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/11 02:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/19 03:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008/01/19 03:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 08:32:26 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/30 22:28:55 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/08 11:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/22 19:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/04/15 21:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/03/13 02:23:18 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 02:23:18 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/06 21:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/22 01:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

 

[jlc]

otl.txt part 2
========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JILLIP~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/27 22:01:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/19 03:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/11 06:42:48 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/05/11 06:42:46 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/05/11 06:42:46 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/05/08 05:55:08 | 001,675,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/22 19:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/04/22 19:24:58 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/04/15 21:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/10 18:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/29 19:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/03/21 08:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/01 09:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/26 10:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/01/12 09:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/05 03:00:02 | 000,027,136 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/01/05 03:00:02 | 000,018,944 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/12/21 11:21:44 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/09 16:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/03/26 08:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 12:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 05:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F 25 02 18 EF B0 36 46 88 78 10 28 2F 5D C1 A0 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

[jlc]

otl.txt part 3
O1 HOSTS File: ([2010/07/14 20:41:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Jill iphone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jill iphone\Pictures\2010\03-Mar\03-10-10-Last LTS (12).JPG
O24 - Desktop BackupWallPaper: C:\Users\Jill iphone\Pictures\2010\03-Mar\03-10-10-Last LTS (12).JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/28 18:36:46 | 000,136,088 | R--- | M] (Knowledge Adventure) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2007/01/10 20:21:04 | 000,000,496 | R--- | M] () - D:\AUTORUN.EXE.manifest -- [ CDFS ]
O32 - AutoRun File - [2008/09/15 12:24:08 | 000,005,173 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[jlc]

otl.txt part 4
========== Files/Folders - Created Within 90 Days ==========

[2010/07/14 21:32:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jill iphone\Desktop\OTL.exe
[2010/07/14 21:23:15 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/14 20:48:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/14 19:52:19 | 004,501,118 | -H-- | C] () -- C:\Users\Jill iphone\AppData\Local\IconCache.db
[2010/07/13 23:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/13 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\WinRAR
[2010/07/12 20:35:41 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jill iphone\Desktop\mbam-setup.exe
[2010/07/12 20:03:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jill iphone\Desktop\TFC.exe
[2010/07/07 21:09:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/06 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Roblox
[2010/06/28 17:09:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/28 17:09:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/28 17:07:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jill iphone\Desktop\vudokiller.exe
[2010/06/28 09:39:31 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Malwarebytes
[2010/06/27 22:02:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/27 22:02:14 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/27 21:59:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/27 21:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/27 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/27 21:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 21:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 03:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/06/26 09:58:25 | 000,000,000 | ---- | C] () -- C:\Users\Jill iphone\AppData\Local\FnF4.txt
[2010/06/25 13:14:01 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\YNAB
[2010/06/25 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\YNAB 3
[2010/06/25 11:34:01 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\Wizard101
[2010/06/24 19:13:48 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/24 19:13:47 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/24 19:13:46 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/24 19:13:45 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/24 19:13:39 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/24 19:11:27 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/24 19:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/24 19:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/24 18:04:51 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010/06/24 17:14:36 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Verizon
[2010/06/23 21:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Content Filter
[2010/06/23 21:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2010/06/23 21:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2010/06/22 10:20:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/06/22 10:20:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/06/22 10:20:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/06/20 17:20:18 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Printer Info Cache
[2010/06/20 17:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Image Zone Express
[2010/06/20 17:07:30 | 000,000,039 | ---- | C] () -- C:\Users\Jill iphone\AppData\Roaming\6b1cf1bd
[2010/06/19 22:19:36 | 000,000,571 | -HS- | C] () -- C:\ProgramData\1808574186
[2010/06/19 22:19:36 | 000,000,571 | -HS- | C] () -- C:\ProgramData\1808574186
[2010/06/19 22:19:34 | 000,000,817 | ---- | C] () -- C:\ProgramData\1000142522
[2010/06/19 22:19:34 | 000,000,817 | ---- | C] () -- C:\ProgramData\1000142522
[2010/06/19 22:19:23 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl170734712
[2010/06/19 22:19:23 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl170734712
[2010/06/19 10:14:30 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\SampleView
[2010/06/17 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 22:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/17 22:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\NevoSoft Games
[2010/06/13 18:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Craft 2
[2010/06/13 17:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/13 17:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Insaniquarium! Deluxe
[2010/06/08 22:17:21 | 000,003,584 | ---- | C] () -- C:\Users\Jill iphone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/08 22:13:28 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\InterVideo
[2010/06/08 20:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/06/08 20:59:29 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Office Genuine Advantage
[2010/06/06 10:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/23 18:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/22 08:11:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/19 19:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/05/19 19:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/05/19 19:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/09 16:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Roxio
[2010/05/09 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Microsoft Games
[2010/05/06 12:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/05/06 12:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/05/03 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\TaxCut
[2010/05/03 21:55:34 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\tablature
[2010/05/03 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\OneNote Notebooks
[2010/05/03 21:55:23 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\NASCAR SimRacing
[2010/05/03 21:55:23 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\My Smilebox Creations
[2010/05/03 21:55:23 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\My Scans
[2010/05/03 21:55:21 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\my recordings
[2010/05/03 21:55:20 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\My Garmin
[2010/05/03 21:55:20 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\Downloads
[2010/05/03 21:55:20 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\DeductionPro
[2010/05/03 21:54:28 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Desktop\Cody Stuff
[2010/05/03 21:54:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Jill iphone\Desktop\setup-spybotsd162.exe
[2010/05/03 21:32:46 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Adobe
[2010/05/03 21:31:39 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Adobe
[2010/05/03 21:31:19 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Google
[2010/05/03 17:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/03 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Apple
[2010/05/03 17:27:46 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\HP
[2010/05/03 17:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Apple Computer
[2010/05/03 17:27:26 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Bluetooth Software
[2010/05/03 17:27:26 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\Documents\Bluetooth Exchange Folder
[2010/05/03 17:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Apple Computer
[2010/05/03 17:27:18 | 000,000,000 | ---- | C] () -- C:\Users\Jill iphone\AppData\Local\QSwitch.txt
[2010/05/03 17:27:18 | 000,000,000 | ---- | C] () -- C:\Users\Jill iphone\AppData\Local\DSwitch.txt
[2010/05/03 17:27:18 | 000,000,000 | ---- | C] () -- C:\Users\Jill iphone\AppData\Local\AtStart.txt
[2010/05/03 17:27:05 | 000,142,560 | ---- | C] () -- C:\Users\Jill iphone\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/03 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Google
[2010/05/03 17:26:33 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Searches
[2010/05/03 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Identities
[2010/05/03 17:26:28 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Contacts
[2010/05/03 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\VirtualStore
[2010/05/03 17:25:39 | 000,524,288 | -HS- | C] () -- C:\Users\Jill iphone\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/05/03 17:25:39 | 000,524,288 | -HS- | C] () -- C:\Users\Jill iphone\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/05/03 17:25:39 | 000,262,144 | -H-- | C] () -- C:\Users\Jill iphone\ntuser.dat.LOG1
[2010/05/03 17:25:39 | 000,065,536 | -HS- | C] () -- C:\Users\Jill iphone\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/05/03 17:25:39 | 000,000,020 | -HS- | C] () -- C:\Users\Jill iphone\ntuser.ini
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\AppData\Local\Temporary Internet Files
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Templates
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Start Menu
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\SendTo
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Recent
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\PrintHood
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\NetHood
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Documents\My Videos
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Documents\My Pictures
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Documents\My Music
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\My Documents
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Local Settings
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\AppData\Local\History
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Cookies
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\Application Data
[2010/05/03 17:25:39 | 000,000,000 | -HSD | C] -- C:\Users\Jill iphone\AppData\Local\Application Data
[2010/05/03 17:25:39 | 000,000,000 | -H-- | C] () -- C:\Users\Jill iphone\ntuser.dat.LOG2
[2010/05/03 17:25:38 | 001,835,008 | -HS- | C] () -- C:\Users\Jill iphone\ntuser.dat
[2010/05/03 17:25:38 | 000,000,000 | --SD | C] -- C:\Users\Jill iphone\AppData\Roaming\Microsoft
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Videos
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Saved Games
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Pictures
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Music
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Links
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Favorites
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Downloads
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Documents
[2010/05/03 17:25:38 | 000,000,000 | R--D | C] -- C:\Users\Jill iphone\Desktop
[2010/05/03 17:25:38 | 000,000,000 | -H-D | C] -- C:\Users\Jill iphone\AppData
[2010/05/03 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Temp
[2010/05/03 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Microsoft Help
[2010/05/03 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Local\Microsoft
[2010/05/03 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Media Center Programs
[2010/05/03 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jill iphone\AppData\Roaming\Macromedia
[2010/04/28 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/28 22:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

 

[jlc]

otl.txt part 5
========== Files - Modified Within 90 Days ==========

[2010/07/14 21:46:22 | 001,835,008 | -HS- | M] () -- C:\Users\Jill iphone\ntuser.dat
[2010/07/14 21:44:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1793ED6A-7632-4CA8-91A7-49A6DF4BE32C}.job
[2010/07/14 21:43:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EADEBFF-4350-440F-A38D-A3CAAB912AD3}.job
[2010/07/14 21:42:59 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9B79E8A3-964E-49F0-B204-F6F15A4BE0E1}.job
[2010/07/14 21:42:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6EA59A76-5CE1-40A1-9254-65A07DAD6639}.job
[2010/07/14 21:32:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jill iphone\Desktop\OTL.exe
[2010/07/14 21:28:58 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/14 21:28:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/14 21:26:28 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/14 21:25:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/14 21:25:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/14 21:25:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/14 21:25:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/14 21:25:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/14 21:23:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/14 21:23:44 | 000,524,288 | -HS- | M] () -- C:\Users\Jill iphone\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 21:23:44 | 000,065,536 | -HS- | M] () -- C:\Users\Jill iphone\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/14 21:23:30 | 004,501,118 | -H-- | M] () -- C:\Users\Jill iphone\AppData\Local\IconCache.db
[2010/07/14 20:41:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/14 20:41:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/14 19:45:53 | 013,766,656 | ---- | M] () -- C:\Users\Jill iphone\Documents\My Money.mny
[2010/07/13 20:42:10 | 000,782,280 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/13 20:42:10 | 000,660,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/13 20:42:10 | 000,125,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/13 09:23:42 | 000,002,585 | ---- | M] () -- C:\Users\Jill iphone\Desktop\Microsoft Office Excel 2007.lnk
[2010/07/12 22:32:44 | 000,476,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/12 21:55:16 | 295,111,402 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/12 21:28:58 | 000,293,376 | ---- | M] () -- C:\Users\Jill iphone\Desktop\95fnjk4i.exe
[2010/07/12 20:35:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jill iphone\Desktop\mbam-setup.exe
[2010/07/12 20:03:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jill iphone\Desktop\TFC.exe
[2010/07/07 21:09:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/05 21:01:03 | 000,000,405 | ---- | M] () -- C:\Users\Jill iphone\Desktop\Acton-Boxboro Youth Hockey Association - News.url
[2010/07/05 18:07:23 | 000,014,447 | ---- | M] () -- C:\Users\Jill iphone\Documents\Oil Gallons Used.xlsx
[2010/07/02 08:42:25 | 000,001,570 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/01 12:02:04 | 002,390,016 | ---- | M] () -- C:\Users\Jill iphone\Desktop\The John Deere Collection 2nd edition.ppt
[2010/06/30 19:50:24 | 000,147,777 | ---- | M] () -- C:\Users\Jill iphone\Documents\star wars clones.pptx
[2010/06/30 19:36:58 | 000,014,244 | ---- | M] () -- C:\Users\Jill iphone\Documents\Dover Invoice-12-09.xlsx
[2010/06/30 19:33:26 | 000,000,539 | ---- | M] () -- C:\Users\Jill iphone\Desktop\Google Calendar.url
[2010/06/28 17:08:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jill iphone\Desktop\vudokiller.exe
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/27 22:02:10 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/27 22:01:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/27 21:59:20 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/27 03:13:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/06/27 03:12:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/06/24 19:13:49 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/24 19:05:31 | 000,000,039 | ---- | M] () -- C:\Users\Jill iphone\AppData\Roaming\6b1cf1bd
[2010/06/24 17:05:37 | 000,000,817 | ---- | M] () -- C:\ProgramData\1000142522
[2010/06/24 12:32:22 | 000,000,571 | -HS- | M] () -- C:\ProgramData\1808574186
[2010/06/22 12:16:03 | 000,000,189 | ---- | M] () -- C:\Users\Jill iphone\Desktop\VIDEO&PICS (G) - Shortcut.lnk
[2010/06/20 17:45:03 | 000,018,748 | ---- | M] () -- C:\Users\Jill iphone\Documents\To Do List-2009.xlsx
[2010/06/19 22:19:23 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl170734712
[2010/06/19 10:05:04 | 000,040,960 | ---- | M] () -- C:\Users\Jill iphone\Documents\p's.xls
[2010/06/18 20:56:01 | 000,048,400 | ---- | M] () -- C:\Users\Jill iphone\Desktop\BOXBOROUGH SUMMER CAMP IS GOING GREEN.docx
[2010/06/17 22:20:05 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/17 22:11:05 | 000,001,854 | ---- | M] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/17 20:44:13 | 000,148,984 | ---- | M] () -- C:\Windows\hpoins19.dat
[2010/06/17 20:42:48 | 000,000,135 | ---- | M] () -- C:\Windows\win.ini
[2010/06/13 18:01:49 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play Farm Craft 2.lnk
[2010/06/13 17:55:09 | 000,000,019 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/06/13 17:21:57 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\Play Insaniquarium! Deluxe.lnk
[2010/06/11 21:11:28 | 000,800,602 | ---- | M] () -- C:\Users\Jill iphone\Documents\Plants vs. Zombies 1.lnk.pptx
[2010/06/10 18:10:43 | 002,002,026 | ---- | M] () -- C:\Users\Jill iphone\Documents\Plants vs. Zombies 2.lnk.pptx
[2010/06/08 22:25:46 | 000,018,046 | ---- | M] () -- C:\Users\Jill iphone\Documents\US Savings Bonds.xlsx
[2010/06/08 22:21:30 | 000,022,528 | ---- | M] () -- C:\Users\Jill iphone\Documents\Car Maintenance Logs.xls
[2010/06/08 22:17:21 | 000,003,584 | ---- | M] () -- C:\Users\Jill iphone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 19:28:29 | 000,010,169 | ---- | M] () -- C:\Users\Jill iphone\Desktop\sony-bdp-s350-frontpanel.jpg
[2010/05/31 21:20:21 | 013,663,872 | R--- | M] () -- C:\Users\Jill iphone\Documents\My Money Backup 1.mbf
[2010/05/26 22:26:28 | 000,015,192 | ---- | M] () -- C:\Users\Jill iphone\Documents\CPE Log.xlsx
[2010/05/26 22:03:57 | 000,154,624 | ---- | M] () -- C:\Users\Jill iphone\Documents\Address List.xls
[2010/05/26 18:22:20 | 000,122,544 | ---- | M] () -- C:\Users\Jill iphone\Documents\Indians.pptx
[2010/05/22 08:31:11 | 000,267,573 | ---- | M] () -- C:\Users\Jill iphone\Documents\playoffs 2010.pptx
[2010/05/19 21:08:18 | 000,142,560 | ---- | M] () -- C:\Users\Jill iphone\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/19 14:10:06 | 000,017,940 | ---- | M] () -- C:\Users\Jill iphone\Desktop\budget-5-19-10-new.xlsx
[2010/05/19 08:03:33 | 000,002,089 | ---- | M] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\HDD Handycam Utility.lnk
[2010/05/13 12:56:36 | 000,000,943 | ---- | M] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/12 20:30:32 | 000,040,960 | ---- | M] () -- C:\Users\Jill iphone\Documents\Copy of p's.xls
[2010/05/10 20:35:13 | 000,001,111 | ---- | M] () -- C:\Users\Jill iphone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/09 16:44:49 | 000,001,460 | ---- | M] () -- C:\Users\Jill iphone\Documents\Pics-Jan-Nov 2009.ROXIO
[2010/05/06 12:54:00 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2010/05/03 17:25:39 | 000,524,288 | -HS- | M] () -- C:\Users\Jill iphone\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/05/03 17:25:39 | 000,000,020 | -HS- | M] () -- C:\Users\Jill iphone\ntuser.ini
[2010/05/01 17:22:02 | 001,538,048 | ---- | M] () -- C:\Users\Jill iphone\Documents\Zack - 6th Bday-Thank You.php
[2010/05/01 17:00:43 | 000,206,934 | ---- | M] () -- C:\Users\Jill iphone\Documents\GOGOS.pptx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 13:59:32 | 000,000,319 | ---- | M] () -- C:\Users\Jill iphone\Desktop\FunBrain Game Finder-2.url
[2010/04/16 12:06:06 | 000,005,842 | ---- | M] () -- C:\Users\Jill iphone\Documents\4-16-10-Budget-2.csv
[2010/04/16 11:59:28 | 000,005,873 | ---- | M] () -- C:\Users\Jill iphone\Documents\4-16-10-Budget.csv

 

[jlc]

otl.txt part 6
========== Files Created - No Company Name ==========

[2010/07/12 21:46:03 | 295,111,402 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/12 21:28:44 | 000,293,376 | ---- | C] () -- C:\Users\Jill iphone\Desktop\95fnjk4i.exe
[2010/07/11 22:15:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/01 11:55:02 | 002,390,016 | ---- | C] () -- C:\Users\Jill iphone\Desktop\The John Deere Collection 2nd edition.ppt
[2010/06/30 19:50:23 | 000,147,777 | ---- | C] () -- C:\Users\Jill iphone\Documents\star wars clones.pptx
[2010/06/27 21:59:20 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/27 03:13:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/06/27 03:12:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/06/24 19:13:49 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/22 12:16:03 | 000,000,189 | ---- | C] () -- C:\Users\Jill iphone\Desktop\VIDEO&PICS (G) - Shortcut.lnk
[2010/06/20 17:45:02 | 000,018,748 | ---- | C] () -- C:\Users\Jill iphone\Documents\To Do List-2009.xlsx
[2010/06/18 20:55:54 | 000,048,400 | ---- | C] () -- C:\Users\Jill iphone\Desktop\BOXBOROUGH SUMMER CAMP IS GOING GREEN.docx
[2010/06/17 22:20:05 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/17 22:11:05 | 000,001,854 | ---- | C] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/13 18:01:49 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play Farm Craft 2.lnk
[2010/06/13 17:55:09 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/06/13 17:21:57 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\Play Insaniquarium! Deluxe.lnk
[2010/06/10 18:10:43 | 002,002,026 | ---- | C] () -- C:\Users\Jill iphone\Documents\Plants vs. Zombies 2.lnk.pptx
[2010/06/09 20:41:13 | 000,800,602 | ---- | C] () -- C:\Users\Jill iphone\Documents\Plants vs. Zombies 1.lnk.pptx
[2010/06/06 19:28:36 | 000,010,169 | ---- | C] () -- C:\Users\Jill iphone\Desktop\sony-bdp-s350-frontpanel.jpg
[2010/06/06 08:17:53 | 000,000,416 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{6EA59A76-5CE1-40A1-9254-65A07DAD6639}.job
[2010/05/31 21:20:21 | 013,663,872 | R--- | C] () -- C:\Users\Jill iphone\Documents\My Money Backup 1.mbf
[2010/05/26 18:22:19 | 000,122,544 | ---- | C] () -- C:\Users\Jill iphone\Documents\Indians.pptx
[2010/05/19 14:09:12 | 000,017,940 | ---- | C] () -- C:\Users\Jill iphone\Desktop\budget-5-19-10-new.xlsx
[2010/05/19 08:03:33 | 000,002,089 | ---- | C] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\HDD Handycam Utility.lnk
[2010/05/18 20:03:34 | 000,000,539 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Google Calendar.url
[2010/05/13 09:21:12 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/12 20:30:30 | 000,040,960 | ---- | C] () -- C:\Users\Jill iphone\Documents\Copy of p's.xls
[2010/05/10 20:35:13 | 000,001,111 | ---- | C] () -- C:\Users\Jill iphone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/09 16:44:49 | 000,001,460 | ---- | C] () -- C:\Users\Jill iphone\Documents\Pics-Jan-Nov 2009.ROXIO
[2010/05/06 12:54:00 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk

 

[jlc]

[2010/05/03 21:55:20 | 001,962,496 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack - 6th Bday.php
[2010/05/03 21:55:20 | 000,617,022 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack-9-10-08.pptx
[2010/05/03 21:55:20 | 000,214,507 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack - Lego Star Wars.pptx
[2010/05/03 21:55:20 | 000,201,172 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack - Star Wars Battle.pptx
[2010/05/03 21:55:20 | 000,150,651 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack's Farm Animals...pptx
[2010/05/03 21:55:20 | 000,144,287 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack's Farm Animals.pptx
[2010/05/03 21:55:20 | 000,126,079 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack - Star Wars - 01-07-09.pptx
[2010/05/03 21:55:20 | 000,106,418 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack's Army Guys.pptx
[2010/05/03 21:55:20 | 000,036,067 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack - Bruins.docx
[2010/05/03 21:55:19 | 002,196,353 | ---- | C] () -- C:\Users\Jill iphone\Documents\Wizard 101.pptx
[2010/05/03 21:55:19 | 001,585,039 | ---- | C] () -- C:\Users\Jill iphone\Documents\yu gi ho cards.pptx
[2010/05/03 21:55:19 | 001,538,048 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zack - 6th Bday-Thank You.php
[2010/05/03 21:55:19 | 000,484,385 | ---- | C] () -- C:\Users\Jill iphone\Documents\yu gi ho.pptx
[2010/05/03 21:55:19 | 000,155,767 | ---- | C] () -- C:\Users\Jill iphone\Documents\wizard 101........pptx
[2010/05/03 21:55:19 | 000,143,812 | ---- | C] () -- C:\Users\Jill iphone\Documents\yu gi ho-Zack.pptx
[2010/05/03 21:55:19 | 000,087,040 | ---- | C] () -- C:\Users\Jill iphone\Documents\Zachary Label.php
[2010/05/03 21:55:19 | 000,041,472 | ---- | C] () -- C:\Users\Jill iphone\Documents\Word Search Grid.xls
[2010/05/03 21:55:18 | 001,362,497 | ---- | C] () -- C:\Users\Jill iphone\Documents\wizard 101 cont....pptx
[2010/05/03 21:55:18 | 001,172,622 | ---- | C] () -- C:\Users\Jill iphone\Documents\Wizard 101 pet list.pptx
[2010/05/03 21:55:18 | 000,689,396 | ---- | C] () -- C:\Users\Jill iphone\Documents\wizard 101 cont..pptx
[2010/05/03 21:55:18 | 000,546,783 | ---- | C] () -- C:\Users\Jill iphone\Documents\Webkinz.pptx
[2010/05/03 21:55:18 | 000,501,397 | ---- | C] () -- C:\Users\Jill iphone\Documents\Weapons.pptx
[2010/05/03 21:55:18 | 000,480,917 | ---- | C] () -- C:\Users\Jill iphone\Documents\Untitled (4).wma
[2010/05/03 21:55:18 | 000,377,647 | ---- | C] () -- C:\Users\Jill iphone\Documents\Untitled (3).wma
[2010/05/03 21:55:18 | 000,229,477 | ---- | C] () -- C:\Users\Jill iphone\Documents\Untitled (2).wma
[2010/05/03 21:55:18 | 000,036,228 | ---- | C] () -- C:\Users\Jill iphone\Documents\wizard 101 cont......pptx
[2010/05/03 21:55:18 | 000,018,046 | ---- | C] () -- C:\Users\Jill iphone\Documents\US Savings Bonds.xlsx
[2010/05/03 21:55:18 | 000,007,244 | ---- | C] () -- C:\Users\Jill iphone\Documents\steve_E_rev0.ROXIO
[2010/05/03 21:55:17 | 000,633,014 | ---- | C] () -- C:\Users\Jill iphone\Documents\spore 1.pptx
[2010/05/03 21:55:17 | 000,431,847 | ---- | C] () -- C:\Users\Jill iphone\Documents\star wars zack1.pptx
[2010/05/03 21:55:17 | 000,371,280 | ---- | C] () -- C:\Users\Jill iphone\Documents\star wars zack.pptx
[2010/05/03 21:55:17 | 000,267,948 | ---- | C] () -- C:\Users\Jill iphone\Documents\shed drawing.pptx
[2010/05/03 21:55:17 | 000,194,658 | ---- | C] () -- C:\Users\Jill iphone\Documents\Sonic & Chaotic Guys.pptx
[2010/05/03 21:55:17 | 000,092,966 | ---- | C] () -- C:\Users\Jill iphone\Documents\spore.pptx
[2010/05/03 21:55:17 | 000,088,763 | ---- | C] () -- C:\Users\Jill iphone\Documents\Spiders.pptx
[2010/05/03 21:55:17 | 000,068,939 | ---- | C] () -- C:\Users\Jill iphone\Documents\Spider Web.pptx
[2010/05/03 21:55:17 | 000,063,291 | ---- | C] () -- C:\Users\Jill iphone\Documents\Star Wars Game Pieces.pptx
[2010/05/03 21:55:17 | 000,060,416 | ---- | C] () -- C:\Users\Jill iphone\Documents\Snowmen Label.php
[2010/05/03 21:55:17 | 000,009,383 | ---- | C] () -- C:\Users\Jill iphone\Documents\Shed.xlsx
[2010/05/03 21:55:17 | 000,003,783 | ---- | C] () -- C:\Users\Jill iphone\Documents\scooby.jpg
[2010/05/03 21:55:16 | 003,265,668 | ---- | C] () -- C:\Users\Jill iphone\Documents\pokemon.pptx
[2010/05/03 21:55:16 | 001,485,881 | ---- | C] () -- C:\Users\Jill iphone\Documents\pokemon 1.pptx
[2010/05/03 21:55:16 | 001,313,729 | ---- | C] () -- C:\Users\Jill iphone\Documents\Roblox.pptx
[2010/05/03 21:55:16 | 000,845,983 | ---- | C] () -- C:\Users\Jill iphone\Documents\Presentation1.pptx
[2010/05/03 21:55:16 | 000,544,876 | ---- | C] () -- C:\Users\Jill iphone\Documents\robin hood-Zack.pptx
[2010/05/03 21:55:16 | 000,381,035 | ---- | C] () -- C:\Users\Jill iphone\Documents\robin hood.pptx
[2010/05/03 21:55:16 | 000,372,934 | ---- | C] () -- C:\Users\Jill iphone\Documents\pokemon - zack2.pptx
[2010/05/03 21:55:16 | 000,306,631 | ---- | C] () -- C:\Users\Jill iphone\Documents\pokemon energy.pptx
[2010/05/03 21:55:16 | 000,111,489 | ---- | C] () -- C:\Users\Jill iphone\Documents\Presentatio.pptx
[2010/05/03 21:55:16 | 000,003,103 | ---- | C] () -- C:\Users\Jill iphone\Documents\scooby.htm
[2010/05/03 21:55:15 | 013,766,656 | ---- | C] () -- C:\Users\Jill iphone\Documents\My Money.mny
[2010/05/03 21:55:15 | 005,728,752 | ---- | C] () -- C:\Users\Jill iphone\Documents\Monopoly 1.pptx
[2010/05/03 21:55:15 | 003,409,088 | R--- | C] () -- C:\Users\Jill iphone\Documents\My Money Backup 0.mbf
[2010/05/03 21:55:15 | 001,433,092 | ---- | C] () -- C:\Users\Jill iphone\Documents\pokemon - zack.pptx
[2010/05/03 21:55:15 | 000,325,479 | ---- | C] () -- C:\Users\Jill iphone\Documents\pokemon - zack1.pptx
[2010/05/03 21:55:15 | 000,289,053 | ---- | C] () -- C:\Users\Jill iphone\Documents\Nascar Cars.pptx
[2010/05/03 21:55:15 | 000,267,573 | ---- | C] () -- C:\Users\Jill iphone\Documents\playoffs 2010.pptx
[2010/05/03 21:55:15 | 000,221,157 | ---- | C] () -- C:\Users\Jill iphone\Documents\New House Bedrooms.pdf
[2010/05/03 21:55:15 | 000,167,936 | ---- | C] () -- C:\Users\Jill iphone\Documents\new House.xls
[2010/05/03 21:55:15 | 000,103,351 | ---- | C] () -- C:\Users\Jill iphone\Documents\Pirate Stuff.pptx
[2010/05/03 21:55:15 | 000,040,960 | ---- | C] () -- C:\Users\Jill iphone\Documents\p's.xls
[2010/05/03 21:55:15 | 000,028,672 | ---- | C] () -- C:\Users\Jill iphone\Documents\Nar Wars Legos cheatcodes.xls
[2010/05/03 21:55:15 | 000,021,504 | ---- | C] () -- C:\Users\Jill iphone\Documents\pickem stats.xls
[2010/05/03 21:55:15 | 000,014,447 | ---- | C] () -- C:\Users\Jill iphone\Documents\Oil Gallons Used.xlsx
[2010/05/03 21:55:15 | 000,011,508 | ---- | C] () -- C:\Users\Jill iphone\Documents\Pet Sitter.docx
[2010/05/03 21:55:15 | 000,011,063 | ---- | C] () -- C:\Users\Jill iphone\Documents\Nascar Race Refund Request.docx
[2010/05/03 21:55:15 | 000,003,999 | ---- | C] () -- C:\Users\Jill iphone\Documents\Place2.rbxl
[2010/05/03 21:55:14 | 002,712,447 | ---- | C] () -- C:\Users\Jill iphone\Documents\lucky2.wma
[2010/05/03 21:55:14 | 002,586,727 | ---- | C] () -- C:\Users\Jill iphone\Documents\lucky3.wma
[2010/05/03 21:55:14 | 002,155,687 | ---- | C] () -- C:\Users\Jill iphone\Documents\last kiss pj.wma
[2010/05/03 21:55:14 | 002,061,397 | ---- | C] () -- C:\Users\Jill iphone\Documents\lame.wma
[2010/05/03 21:55:14 | 001,949,147 | ---- | C] () -- C:\Users\Jill iphone\Documents\margaret.wma
[2010/05/03 21:55:14 | 001,210,977 | ---- | C] () -- C:\Users\Jill iphone\Documents\mlb nfl logos.pptx
[2010/05/03 21:55:14 | 000,625,010 | ---- | C] () -- C:\Users\Jill iphone\Documents\Medical Release0001.pdf
[2010/05/03 21:55:14 | 000,497,752 | ---- | C] () -- C:\Users\Jill iphone\Documents\hockey cards & logos.pptx
[2010/05/03 21:55:14 | 000,369,644 | ---- | C] () -- C:\Users\Jill iphone\Documents\game group.pptx
[2010/05/03 21:55:14 | 000,206,934 | ---- | C] () -- C:\Users\Jill iphone\Documents\GOGOS.pptx
[2010/05/03 21:55:14 | 000,202,750 | ---- | C] () -- C:\Users\Jill iphone\Documents\hockey logos.pptx
[2010/05/03 21:55:14 | 000,190,620 | ---- | C] () -- C:\Users\Jill iphone\Documents\mario.pptx
[2010/05/03 21:55:14 | 000,148,992 | ---- | C] () -- C:\Users\Jill iphone\Documents\hockey logos-2.pptx
[2010/05/03 21:55:14 | 000,134,875 | ---- | C] () -- C:\Users\Jill iphone\Documents\Knights.pptx
[2010/05/03 21:55:14 | 000,113,809 | ---- | C] () -- C:\Users\Jill iphone\Documents\Lego Characters - Cody 1.pptx
[2010/05/03 21:55:14 | 000,092,616 | ---- | C] () -- C:\Users\Jill iphone\Documents\Lego Characters - Cody.pptx
[2010/05/03 21:55:14 | 000,022,704 | ---- | C] () -- C:\Users\Jill iphone\Documents\Master Card Gift Card Fraud Letter.docx
[2010/05/03 21:55:14 | 000,011,161 | ---- | C] () -- C:\Users\Jill iphone\Documents\Lands End Return - 1-9-09.docx
[2010/05/03 21:55:14 | 000,010,991 | ---- | C] () -- C:\Users\Jill iphone\Documents\Info for Margaret & Padge.docx
[2010/05/03 21:55:14 | 000,010,928 | ---- | C] () -- C:\Users\Jill iphone\Documents\Lagers roster.xlsx
[2010/05/03 21:55:14 | 000,010,627 | ---- | C] () -- C:\Users\Jill iphone\Documents\Medical Authorization Letter.docx
[2010/05/03 21:55:14 | 000,004,266 | ---- | C] () -- C:\Users\Jill iphone\Documents\images.jpg
[2010/05/03 21:55:13 | 002,105,344 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody Bday Thank You Football.php
[2010/05/03 21:55:13 | 002,105,344 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody Bday Invite Football.php
[2010/05/03 21:55:13 | 001,098,526 | ---- | C] () -- C:\Users\Jill iphone\Documents\Electric Fence.pdf
[2010/05/03 21:55:13 | 000,847,342 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody Bank Pictures.pptx
[2010/05/03 21:55:13 | 000,781,747 | ---- | C] () -- C:\Users\Jill iphone\Documents\dee.wma
[2010/05/03 21:55:13 | 000,738,793 | ---- | C] () -- C:\Users\Jill iphone\Documents\cody money project.pptx
[2010/05/03 21:55:13 | 000,419,389 | ---- | C] () -- C:\Users\Jill iphone\Documents\football.pptx
[2010/05/03 21:55:13 | 000,362,704 | ---- | C] () -- C:\Users\Jill iphone\Documents\Crab Game.pptx
[2010/05/03 21:55:13 | 000,292,864 | ---- | C] () -- C:\Users\Jill iphone\Documents\Dover Invoice-8-08.xls
[2010/05/03 21:55:13 | 000,224,784 | ---- | C] () -- C:\Users\Jill iphone\Documents\deer.pptx
[2010/05/03 21:55:13 | 000,221,179 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody Name Plate.pptx
[2010/05/03 21:55:13 | 000,104,770 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody's Soliders.pptx
[2010/05/03 21:55:13 | 000,092,672 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody - Thank You 7th Bday.php
[2010/05/03 21:55:13 | 000,064,554 | ---- | C] () -- C:\Users\Jill iphone\Documents\Football Party Games.pptx
[2010/05/03 21:55:13 | 000,058,263 | ---- | C] () -- C:\Users\Jill iphone\Documents\Dover Invoice-1-09.xlsx
[2010/05/03 21:55:13 | 000,058,222 | ---- | C] () -- C:\Users\Jill iphone\Documents\Dover Invoice-10-09.xlsx
[2010/05/03 21:55:13 | 000,056,507 | ---- | C] () -- C:\Users\Jill iphone\Documents\Dover Invoice-12-08.xlsx
[2010/05/03 21:55:13 | 000,032,768 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody Football Label.php
[2010/05/03 21:55:13 | 000,027,648 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody School Fall 08 Admission Letter.doc
[2010/05/03 21:55:13 | 000,015,192 | ---- | C] () -- C:\Users\Jill iphone\Documents\CPE Log.xlsx
[2010/05/03 21:55:13 | 000,014,244 | ---- | C] () -- C:\Users\Jill iphone\Documents\Dover Invoice-12-09.xlsx
[2010/05/03 21:55:13 | 000,013,007 | ---- | C] () -- C:\Users\Jill iphone\Documents\DLC, Inc.-2009.xlsx
[2010/05/03 21:55:13 | 000,003,577 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody's Pivot Animation-12-12-09.piv
[2010/05/03 21:55:12 | 002,057,026 | ---- | C] () -- C:\Users\Jill iphone\Documents\BEAVERS-2.pptx
[2010/05/03 21:55:12 | 000,654,278 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody - Star Wars -01-09-09.pptx
[2010/05/03 21:55:12 | 000,278,098 | ---- | C] () -- C:\Users\Jill iphone\Documents\bskugan z.pptx
[2010/05/03 21:55:12 | 000,186,428 | ---- | C] () -- C:\Users\Jill iphone\Documents\Bruins.pptx
[2010/05/03 21:55:12 | 000,155,760 | ---- | C] () -- C:\Users\Jill iphone\Documents\Boom Blox.pptx
[2010/05/03 21:55:12 | 000,115,048 | ---- | C] () -- C:\Users\Jill iphone\Documents\Bionicles.pptx
[2010/05/03 21:55:12 | 000,078,669 | ---- | C] () -- C:\Users\Jill iphone\Documents\Boom Blox 2.pptx
[2010/05/03 21:55:12 | 000,049,868 | ---- | C] () -- C:\Users\Jill iphone\Documents\Bruins 2.pptx
[2010/05/03 21:55:12 | 000,047,616 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody - Thank You 7th Bday Party.php
[2010/05/03 21:55:12 | 000,033,280 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 1-12-10.xls
[2010/05/03 21:55:12 | 000,030,720 | ---- | C] () -- C:\Users\Jill iphone\Documents\Brutal Cheat sheet.xls
[2010/05/03 21:55:12 | 000,028,160 | ---- | C] () -- C:\Users\Jill iphone\Documents\Book1.xls
[2010/05/03 21:55:12 | 000,026,112 | ---- | C] () -- C:\Users\Jill iphone\Documents\Check for two foursomes for the AB Hockey Boosters golf tourney.doc
[2010/05/03 21:55:12 | 000,022,528 | ---- | C] () -- C:\Users\Jill iphone\Documents\Car Maintenance Logs.xls
[2010/05/03 21:55:12 | 000,018,414 | ---- | C] () -- C:\Users\Jill iphone\Documents\Christmas 2008.xlsx
[2010/05/03 21:55:12 | 000,014,570 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 1-5-10.xlsx
[2010/05/03 21:55:12 | 000,013,882 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 2-15-10.csv
[2010/05/03 21:55:12 | 000,013,620 | ---- | C] () -- C:\Users\Jill iphone\Documents\budget 2009.xlsx
[2010/05/03 21:55:12 | 000,012,662 | ---- | C] () -- C:\Users\Jill iphone\Documents\Cody & Zack Schedule 2009-2010.xlsx
[2010/05/03 21:55:12 | 000,012,605 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 1-20-10.csv
[2010/05/03 21:55:12 | 000,012,537 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 1-5-10.csv
[2010/05/03 21:55:12 | 000,011,666 | ---- | C] () -- C:\Users\Jill iphone\Documents\Clinton House Blog.docx
[2010/05/03 21:55:12 | 000,010,712 | ---- | C] () -- C:\Users\Jill iphone\Documents\Clinton Info.docx
[2010/05/03 21:55:12 | 000,005,928 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 3-22-10-1.csv
[2010/05/03 21:55:12 | 000,005,866 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 2-25-10.csv
[2010/05/03 21:55:12 | 000,005,865 | ---- | C] () -- C:\Users\Jill iphone\Documents\budget-3-7-10-2.csv
[2010/05/03 21:55:12 | 000,005,845 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 1-27-10.csv
[2010/05/03 21:55:12 | 000,005,814 | ---- | C] () -- C:\Users\Jill iphone\Documents\budget-3-7-10.csv
[2010/05/03 21:55:12 | 000,005,814 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 3-22-10.csv
[2010/05/03 21:55:12 | 000,005,781 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 2-25-10-3.csv
[2010/05/03 21:55:12 | 000,005,697 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 2-25-10-2.csv
[2010/05/03 21:55:12 | 000,005,656 | ---- | C] () -- C:\Users\Jill iphone\Documents\budget-3-7-10-3.csv
[2010/05/03 21:55:12 | 000,004,131 | ---- | C] () -- C:\Users\Jill iphone\Documents\Budget 1-12-10.csv
[2010/05/03 21:55:12 | 000,002,577 | ---- | C] () -- C:\Users\Jill iphone\Documents\budget 2009.csv
[2010/05/03 21:55:12 | 000,001,641 | ---- | C] () -- C:\Users\Jill iphone\Documents\candy cane.jpg
[2010/05/03 21:55:11 | 008,139,973 | ---- | C] () -- C:\Users\Jill iphone\Documents\2009-MA Return.pdf
[2010/05/03 21:55:11 | 000,772,629 | ---- | C] () -- C:\Users\Jill iphone\Documents\Band Names.pptx
[2010/05/03 21:55:11 | 000,643,198 | ---- | C] () -- C:\Users\Jill iphone\Documents\6-29-09.pptx
[2010/05/03 21:55:11 | 000,272,896 | ---- | C] () -- C:\Users\Jill iphone\Documents\2008 Taxes.xls
[2010/05/03 21:55:11 | 000,233,444 | ---- | C] () -- C:\Users\Jill iphone\Documents\bakugan -.pptx
[2010/05/03 21:55:11 | 000,197,104 | ---- | C] () -- C:\Users\Jill iphone\Documents\bakugan.pptx
[2010/05/03 21:55:11 | 000,159,335 | ---- | C] () -- C:\Users\Jill iphone\Documents\animal families.pptx
[2010/05/03 21:55:11 | 000,154,624 | ---- | C] () -- C:\Users\Jill iphone\Documents\Address List.xls
[2010/05/03 21:55:11 | 000,129,096 | ---- | C] () -- C:\Users\Jill iphone\Documents\Bakugan Cards.pptx
[2010/05/03 21:55:11 | 000,109,557 | ---- | C] () -- C:\Users\Jill iphone\Documents\batman lego chess pieces.pptx
[2010/05/03 21:55:11 | 000,106,548 | ---- | C] () -- C:\Users\Jill iphone\Documents\2009 Taxes.xlsx
[2010/05/03 21:55:11 | 000,105,383 | ---- | C] () -- C:\Users\Jill iphone\Documents\2009 Taxes.csv
[2010/05/03 21:55:11 | 000,077,382 | ---- | C] () -- C:\Users\Jill iphone\Documents\bakugan-Zacl.pptx
[2010/05/03 21:55:11 | 000,066,174 | ---- | C] () -- C:\Users\Jill iphone\Documents\2009_Federal_Return[1].pdf
[2010/05/03 21:55:11 | 000,058,880 | ---- | C] () -- C:\Users\Jill iphone\Documents\Baseball Card Inventory.xls
[2010/05/03 21:55:11 | 000,035,153 | ---- | C] () -- C:\Users\Jill iphone\Documents\7-4-09 house costs.csv
[2010/05/03 21:55:11 | 000,027,053 | ---- | C] () -- C:\Users\Jill iphone\Documents\7-7-09-house.csv
[2010/05/03 21:55:11 | 000,013,236 | ---- | C] () -- C:\Users\Jill iphone\Documents\Baseball Card Inventory.xlsx
[2010/05/03 21:55:11 | 000,012,187 | ---- | C] () -- C:\Users\Jill iphone\Documents\Address Change List.xlsx
[2010/05/03 21:55:11 | 000,010,011 | ---- | C] () -- C:\Users\Jill iphone\Documents\Autumn leaves by Cody.docx
[2010/05/03 21:55:11 | 000,005,873 | ---- | C] () -- C:\Users\Jill iphone\Documents\4-16-10-Budget.csv
[2010/05/03 21:55:11 | 000,005,842 | ---- | C] () -- C:\Users\Jill iphone\Documents\4-16-10-Budget-2.csv
[2010/05/03 21:55:10 | 000,105,937 | ---- | C] () -- C:\Users\Jill iphone\Documents\11.pptx
[2010/05/03 21:55:10 | 000,000,659 | ---- | C] () -- C:\Users\Jill iphone\Documents\2008 Taxes.csv
[2010/05/03 21:54:59 | 000,000,706 | -HS- | C] () -- C:\Users\Jill iphone\Desktop\desktop (2).ini
[2010/05/03 21:54:28 | 000,018,740 | ---- | C] () -- C:\Users\Jill iphone\Desktop\To Do List-2009.xlsx
[2010/05/03 21:54:28 | 000,001,967 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Verizon Webmail.lnk
[2010/05/03 21:54:28 | 000,000,915 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Windows Mail.lnk
[2010/05/03 21:54:27 | 000,052,098 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Boxborough Weather Forecast and Conditions Massachusetts (01719).url
[2010/05/03 21:54:27 | 000,007,100 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Cody Blank Writing Paper.pdf
[2010/05/03 21:54:27 | 000,002,585 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/03 21:54:27 | 000,001,614 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Calculator.lnk
[2010/05/03 21:54:27 | 000,001,257 | ---- | C] () -- C:\Users\Jill iphone\Desktop\HP Solution Center.lnk
[2010/05/03 21:54:27 | 000,001,156 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Money Plus.lnk
[2010/05/03 21:54:27 | 000,000,943 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Launch Internet Explorer Browser.lnk
[2010/05/03 21:54:27 | 000,000,427 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Blanchard Memorial School.url
[2010/05/03 21:54:27 | 000,000,405 | ---- | C] () -- C:\Users\Jill iphone\Desktop\Acton-Boxboro Youth Hockey Association - News.url
[2010/05/03 21:54:27 | 000,000,319 | ---- | C] () -- C:\Users\Jill iphone\Desktop\FunBrain Game Finder-2.url
[2010/05/03 21:31:17 | 000,000,943 | ---- | C] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/03 17:25:39 | 000,000,258 | ---- | C] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

 

[jlc]

otl.txt part 9
[2010/05/03 17:25:39 | 000,000,258 | ---- | C] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/05/03 17:25:38 | 000,000,240 | ---- | C] () -- C:\Users\Jill iphone\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/04/16 13:18:56 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1793ED6A-7632-4CA8-91A7-49A6DF4BE32C}.job
[2009/09/18 04:56:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/28 19:16:58 | 000,000,281 | ---- | C] () -- C:\Windows\ka.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/19 20:50:10 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2008/06/17 19:37:27 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/06/09 11:33:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/06/09 11:33:28 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/06/09 11:33:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/06/09 11:33:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/06/09 11:33:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/06/09 11:33:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/08 06:17:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2007/05/08 05:53:18 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/08 05:06:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/04/22 19:24:58 | 000,100,095 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2007/03/29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 02:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 02:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/06/24 18:04:51 | 000,000,000 | ---D | M] -- C:\Users\Jill iphone\AppData\Roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010/06/20 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Jill iphone\AppData\Roaming\Image Zone Express
[2010/06/08 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jill iphone\AppData\Roaming\InterVideo
[2010/06/13 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Jill iphone\AppData\Roaming\NevoSoft Games
[2010/06/20 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Jill iphone\AppData\Roaming\Printer Info Cache
[2010/06/19 10:14:30 | 000,000,000 | ---D | M] -- C:\Users\Jill iphone\AppData\Roaming\SampleView
[2010/07/14 21:26:28 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/07/14 21:23:54 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/14 21:44:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1793ED6A-7632-4CA8-91A7-49A6DF4BE32C}.job
[2010/07/14 21:42:59 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6EA59A76-5CE1-40A1-9254-65A07DAD6639}.job
[2010/07/14 21:43:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EADEBFF-4350-440F-A38D-A3CAAB912AD3}.job
[2010/07/14 21:42:59 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9B79E8A3-964E-49F0-B204-F6F15A4BE0E1}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/07/14 20:48:25 | 000,023,650 | ---- | M] () -- C:\ComboFix.txt
[2008/06/19 15:02:06 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/03/26 15:03:14 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2010/07/14 21:25:16 | 2452,115,456 | -HS- | M] () -- C:\pagefile.sys
[2010/06/27 21:32:09 | 000,000,693 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/22 10:03:09 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:56F368C9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:FACB65E7
< End of report >

 

[Broni]

What do you mean by "hard to tell", regarding your computer behavior?
I'm checking your logs....

 

[jlc]

I really notice it after it has been let unused for awhile. Previously when I would check task mgr it would be almost 100% CPU Usage now it varies. Right now it is about 54%