Inactive Slow Computer after opening bad email

Status
Not open for further replies.
I opened an email from a friend and got a weird feeling right away. Sure enough, my computer starting running very slow. I have followed your 8 steps. Please provide some advice. Thank you.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5131

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/19/2010 10:58:46 PM
mbam-log-2010-11-19 (22-58-46).txt

Scan type: Quick scan
Objects scanned: 154333
Time elapsed: 40 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\Documents and Settings\Violet\My Documents\downloads\Guffins.exe (PUP.FunWebProducts) -> No action taken.
E:\RECYCLER\S-1-5-21-1844237615-329068152-682003330-1007\De38.exe (Adware.MyWebSearch) -> No action taken.
-------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 23:15:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3320620A rev.3.AAE
Running: ytv0w8ij.exe; Driver: E:\DOCUME~1\BRETTN~1\LOCALS~1\Temp\fxeyyfob.sys


---- System - GMER 1.0.15 ----

Code 86633180 ZwCreateSection
Code 866389A0 ZwDuplicateObject
Code 8655FA08 ZwSetInformationFile
Code 8632F590 ZwSetSystemInformation
Code 862C2620 ZwWriteFile
Code 8663317F NtCreateSection
Code 8663899F NtDuplicateObject
Code 8655FA07 NtSetInformationFile
Code 862C261F NtWriteFile

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device 86629B00

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----
------------------------------------------
DDS (Ver_10-11-10.01) - NTFSx86
Run by Brett Norton at 23:16:07.43 on Fri 11/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.153 [GMT -8:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\DELLMMKB.EXE
E:\WINDOWS\BCMSMMSG.exe
E:\Program Files\Netropa\OSD.exe
E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\Brett Norton\My Documents\Downloads\ytv0w8ij.exe
E:\Documents and Settings\Brett Norton\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [YSearchProtection] e:\program files\yahoo!\search protection\YspService.exe
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DellTouch] e:\windows\DELLMMKB.EXE
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SMSystemAnalyzer] "e:\program files\iolo\system mechanic 7\SMSystemAnalyzer.exe"
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - e:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192073469310
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\brettn~1\applic~1\mozilla\firefox\profiles\w7hbpfyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - plugin: e:\documents and settings\brett norton\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: e:\documents and settings\brett norton\application data\mozilla\firefox\profiles\w7hbpfyg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-11-16 64288]
R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-11-19 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-11-19 135336]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-11-19 267944]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2010-11-19 60936]
R2 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
R2 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;e:\windows\system32\drivers\ousbehci.sys [2007-10-11 39040]
R2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264]
R3 Msikbd2k;DellTouch;e:\windows\system32\drivers\Msikbd2k.sys [2007-10-8 6942]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;e:\windows\system32\drivers\ousb2hub.sys [2007-10-11 54016]
S0 is3srv;is3srv;e:\windows\system32\drivers\is3srv.sys --> e:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;e:\windows\system32\drivers\szkg.sys --> e:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;e:\windows\system32\drivers\szkgfs.sys --> e:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-6-1 135664]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\e:\windows\system32\drivers\nsdriver.sys --> e:\windows\system32\drivers\NSDriver.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2010-11-16 38224]
S3 Radialpoint Security Services;Radialpoint Security Services;e:\windows\system32\dllhost.exe [2002-6-25 5120]
S4 Nhksrv;Netropa NHK Server;e:\windows\Nhksrv.exe [2007-10-8 28672]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-11-20 06:03:47 60936 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2010-11-20 06:03:47 -------- d-----w- e:\program files\Avira
2010-11-20 06:03:47 -------- d-----w- e:\docume~1\alluse~1\applic~1\Avira
2010-11-20 05:53:33 388096 ----a-r- e:\docume~1\brettn~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-20 05:50:58 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-11-20 05:50:58 -------- d-----w- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-19 10:25:39 6273872 ----a-w- e:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b31c5cf0-5979-45b3-ad03-b8650d8abee9}\mpengine.dll
2010-11-17 12:37:57 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-11-17 04:53:12 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-11-17 04:53:04 98392 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-11-17 04:50:26 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Sunbelt Software
2010-11-17 04:49:36 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-17 04:18:05 -------- d-----w- e:\docume~1\brettn~1\applic~1\Malwarebytes
2010-11-17 04:17:57 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 04:17:56 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-11-17 04:17:56 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-17 04:17:55 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-11-17 04:09:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\MFAData
2010-11-17 03:48:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-16 04:52:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\STOPzilla!
2010-11-06 19:37:34 103864 ----a-w- e:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- e:\program files\internet explorer\plugins\nppdf32.dll
2010-11-06 04:36:47 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Yahoo
2010-11-06 04:32:58 -------- d-----w- e:\docume~1\brettn~1\applic~1\PriceGong
2010-11-06 04:31:42 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\FLVService
2010-11-06 04:31:35 -------- d-----w- e:\windows\Freecorder

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- e:\windows\system32\MpSigStub.exe
2010-09-08 18:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts

============= FINISH: 23:17:10.95 ===============
 

Attachments

  • Attach.zip
    5 KB · Views: 0
Hi and welcome to TechSpot forums :).

====

No attached files please. Just paste them all into your post.

Did you remove the items that MBA-M found? Log says you didn't.

==

All tools should be run from the desktop please (other than MBA-M).

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL report

OTL logfile created on: 11/20/2010 2:28:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Brett Norton\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive E: | 127.99 Gb Total Space | 87.89 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 4.76 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

Computer Name: SPA-3BRGWZJ6EVG | User Name: Brett Norton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/20 14:27:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Brett Norton\My Documents\Downloads\OTL.exe
PRC - [2010/11/16 20:52:52 | 000,928,496 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/16 20:52:51 | 001,375,992 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/05 20:35:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/06 16:36:10 | 000,764,776 | ---- | M] () -- E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
PRC - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2007/04/20 07:03:02 | 000,411,168 | ---- | M] (Acronis) -- E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) -- E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2007/03/20 08:18:34 | 000,910,896 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/20 08:18:10 | 000,149,040 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe
PRC - [2001/09/23 06:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- E:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 13:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- E:\Program Files\Netropa\OSD.exe


========== Modules (SafeList) ==========

MOD - [2010/11/20 14:27:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Brett Norton\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- E:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/16 20:52:51 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/03 10:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- E:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () [Auto | Running] -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2008/05/02 12:31:16 | 000,566,120 | ---- | M] () [Auto | Running] -- E:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/03/17 18:59:36 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- E:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
SRV - [2007/04/20 07:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/04/04 17:41:28 | 000,177,672 | R--- | M] (Authentium, Inc.) [Auto | Running] -- E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 10:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- E:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- E:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\DRIVERS\MRVW245.sys -- (MRVW245)
DRV - File not found [Kernel | Boot | Stopped] -- E:\WINDOWS\System32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/11/16 20:53:00 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/10/11 19:43:40 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/10/11 19:43:40 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/10/11 19:43:33 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/10/08 21:25:40 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/04/04 17:15:02 | 000,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/12/24 12:52:40 | 000,054,016 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2002/12/24 12:52:40 | 000,039,040 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2002/08/30 08:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/05/03 10:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/22 23:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 14:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1060933&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/11/07 10:14:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/11/19 23:11:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010/09/26 06:59:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010/11/19 23:11:49 | 000,000,000 | ---D | M]

[2010/08/27 16:42:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Extensions
[2010/08/27 16:42:25 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/19 23:48:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions
[2010/11/05 20:35:19 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2008/01/27 09:47:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/05 20:36:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/21 16:38:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/05 20:35:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\extensions\engine@conduit.com
[2010/10/20 13:40:12 | 000,000,923 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Mozilla\Firefox\Profiles\w7hbpfyg.default\searchplugins\conduit.xml
[2010/11/19 23:48:18 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2008/01/27 00:24:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- E:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/27 05:21:20 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/27 05:20:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/20 00:47:00 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avast5] E:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellTouch] E:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSystemAnalyzer] E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = E:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192073469310 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf E:\Documents and Settings\Brett Norton\Application Data\iolo\) - File not found
O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - E:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 08:28:56 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2010/11/20 00:35:40 | 000,000,000 | RHSD | C] -- E:\cmdcons
[2010/11/20 00:32:48 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2010/11/20 00:32:48 | 000,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2010/11/20 00:32:48 | 000,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2010/11/20 00:32:48 | 000,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2010/11/20 00:32:40 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2010/11/20 00:32:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Application Data\Avira
[2010/11/20 00:31:03 | 000,000,000 | ---D | C] -- E:\Qoobox
[2010/11/20 00:27:47 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
[2010/11/19 23:32:28 | 000,038,848 | ---- | C] (AVAST Software) -- E:\WINDOWS\avastSS.scr
[2010/11/19 23:28:55 | 000,165,584 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/19 23:28:55 | 000,017,744 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/19 23:28:54 | 000,023,376 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/19 23:28:53 | 000,046,672 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/19 23:28:52 | 000,100,176 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/19 23:28:52 | 000,094,544 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/19 23:28:52 | 000,028,880 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/19 23:28:21 | 000,167,592 | ---- | C] (AVAST Software) -- E:\WINDOWS\System32\aswBoot.exe
[2010/11/19 22:03:49 | 000,028,520 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/11/19 22:03:47 | 000,126,856 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/19 22:03:47 | 000,060,936 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/19 22:03:47 | 000,045,416 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntdd.sys
[2010/11/19 22:03:47 | 000,022,360 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/11/19 22:03:47 | 000,000,000 | ---D | C] -- E:\Program Files\Avira
[2010/11/19 22:03:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Avira
[2010/11/19 21:50:58 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2010/11/19 21:50:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/16 20:53:12 | 000,064,288 | ---- | C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/16 20:53:04 | 000,098,392 | ---- | C] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/16 20:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Sunbelt Software
[2010/11/16 20:49:36 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/16 20:18:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Application Data\Malwarebytes
[2010/11/16 20:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/16 20:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010/11/16 20:17:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/16 20:17:55 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010/11/16 20:09:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/16 19:48:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/15 20:52:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/05 20:36:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\Yahoo
[2010/11/05 20:35:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/11/05 20:31:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\My Documents\Freecorder 4
[2010/11/05 20:31:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\FLVService
[2010/11/05 20:31:35 | 000,000,000 | ---D | C] -- E:\WINDOWS\Freecorder
[2007/10/08 20:12:32 | 000,065,536 | ---- | C] ( ) -- E:\WINDOWS\System32\A3d.dll
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/20 14:24:53 | 000,000,269 | ---- | M] () -- E:\WINDOWS\MSIOSD.INI
[2010/11/20 14:08:00 | 000,000,898 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/20 07:51:20 | 000,000,894 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/20 07:06:26 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/20 07:04:21 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/20 07:03:08 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/11/20 00:47:00 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2010/11/20 00:35:49 | 000,000,327 | RHS- | M] () -- E:\boot.ini
[2010/11/19 23:52:56 | 000,002,626 | ---- | M] () -- E:\WINDOWS\System32\CONFIG.NT
[2010/11/19 23:28:55 | 000,001,700 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/19 23:23:30 | 000,005,084 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Attach.zip
[2010/11/19 23:11:53 | 000,001,729 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/19 22:04:01 | 000,001,707 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/19 21:56:47 | 000,002,461 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\HiJackThis.lnk
[2010/11/19 21:51:05 | 000,000,951 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/19 21:51:05 | 000,000,933 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Spybot - Search & Destroy.lnk
[2010/11/19 21:40:38 | 000,002,329 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2010/11/16 20:53:03 | 000,098,392 | ---- | M] (Sunbelt Software) -- E:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/16 20:49:35 | 000,000,885 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/16 20:49:35 | 000,000,867 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/16 20:18:00 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 20:04:27 | 000,000,672 | ---- | M] () -- E:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/14 16:13:59 | 000,000,312 | ---- | M] () -- E:\WINDOWS\MMKEYBD.INI
[2010/11/13 18:53:02 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- E:\WINDOWS\MBR.exe
[2010/11/07 20:47:46 | 000,014,139 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Spa Garbage.xlsx
[2010/11/07 10:51:59 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/11/07 10:22:07 | 000,401,064 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/11/07 10:22:07 | 000,062,344 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/10/31 08:20:39 | 000,041,832 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\2010 Award Letter.pdf
[2010/10/30 12:15:17 | 000,031,744 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Oct. 30 2010 Bailey UW Finances.xls
[2010/10/28 19:20:31 | 000,078,848 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Cash Flow Personal - 2010.xls
[2010/10/26 19:12:55 | 000,176,727 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\GoalSettingwithSMARTGoals.pdf
[2010/10/26 19:10:20 | 000,954,927 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Doc_Rivers_Transcript.pdf
[2010/10/26 19:09:42 | 001,307,527 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Doug_Wilson_Transcript.pdf
[2010/10/26 19:08:36 | 001,220,864 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Julie_Foudy_Transcript.pdf
[2010/10/26 19:08:05 | 001,101,533 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Joy_Fawcett_Transcript.pdf
[2010/10/26 19:05:59 | 001,160,951 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\Alexi_Lalas_Transcript.pdf
[2010/10/26 19:02:01 | 000,098,132 | ---- | M] () -- E:\Documents and Settings\Brett Norton\Desktop\US Soccer Goal Setting.pdf
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 00:35:49 | 000,000,210 | ---- | C] () -- E:\Boot.bak
[2010/11/20 00:35:45 | 000,260,272 | RHS- | C] () -- E:\cmldr
[2010/11/20 00:32:48 | 000,256,512 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2010/11/20 00:32:48 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2010/11/20 00:32:48 | 000,089,088 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2010/11/20 00:32:48 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2010/11/20 00:32:48 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2010/11/19 23:28:55 | 000,001,700 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/19 23:23:30 | 000,005,084 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Attach.zip
[2010/11/19 23:11:52 | 000,001,729 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/19 22:04:01 | 000,001,707 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/19 21:53:32 | 000,002,461 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\HiJackThis.lnk
[2010/11/19 21:51:05 | 000,000,951 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/19 21:51:05 | 000,000,933 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Spybot - Search & Destroy.lnk
[2010/11/17 04:37:57 | 000,015,880 | ---- | C] () -- E:\WINDOWS\System32\lsdelete.exe
[2010/11/16 20:53:35 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/16 20:49:35 | 000,000,885 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/16 20:49:35 | 000,000,867 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/16 20:18:00 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 20:03:48 | 000,000,672 | ---- | C] () -- E:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/07 08:51:01 | 000,014,139 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Spa Garbage.xlsx
[2010/10/31 08:20:39 | 000,041,832 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\2010 Award Letter.pdf
[2010/10/30 12:15:17 | 000,031,744 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Oct. 30 2010 Bailey UW Finances.xls
[2010/10/26 19:12:55 | 000,176,727 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\GoalSettingwithSMARTGoals.pdf
[2010/10/26 19:10:19 | 000,954,927 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Doc_Rivers_Transcript.pdf
[2010/10/26 19:09:42 | 001,307,527 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Doug_Wilson_Transcript.pdf
[2010/10/26 19:08:36 | 001,220,864 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Julie_Foudy_Transcript.pdf
[2010/10/26 19:08:05 | 001,101,533 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Joy_Fawcett_Transcript.pdf
[2010/10/26 19:05:59 | 001,160,951 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\Alexi_Lalas_Transcript.pdf
[2010/10/26 19:02:01 | 000,098,132 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Desktop\US Soccer Goal Setting.pdf
[2009/08/01 05:58:51 | 000,225,280 | ---- | C] () -- E:\WINDOWS\System32\nvwrsda.dll
[2009/04/05 15:21:31 | 000,000,089 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\FASTWiz.log
[2009/03/15 10:12:12 | 000,000,632 | ---- | C] () -- E:\WINDOWS\CoD.INI
[2009/03/15 10:10:54 | 000,000,632 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
[2008/07/17 08:40:28 | 000,069,632 | R--- | C] () -- E:\WINDOWS\System32\xmltok.dll
[2008/07/17 08:40:27 | 000,036,864 | R--- | C] () -- E:\WINDOWS\System32\xmlparse.dll
[2008/06/13 16:52:53 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\GTW32N50.dll
[2008/04/10 15:48:14 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\rx_image.Cache
[2007/10/13 08:44:50 | 000,004,413 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/13 07:41:48 | 000,000,135 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\fusioncache.dat
[2007/10/12 03:54:42 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2007/10/11 19:25:12 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2007/10/10 19:08:52 | 000,428,904 | ---- | C] () -- E:\WINDOWS\System32\Incinerator.dll
[2007/10/10 19:07:51 | 000,074,703 | ---- | C] () -- E:\WINDOWS\System32\mfc45.dll
[2007/10/08 20:52:35 | 000,000,312 | ---- | C] () -- E:\WINDOWS\MMKEYBD.INI
[2007/10/08 20:52:35 | 000,000,269 | ---- | C] () -- E:\WINDOWS\MSIOSD.INI
[2007/10/08 20:52:33 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\msiosd32.dll
[2007/10/08 20:52:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2007/10/08 20:19:28 | 000,015,360 | ---- | C] () -- E:\Documents and Settings\Brett Norton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/08 20:13:05 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
[2007/10/08 20:13:05 | 000,000,000 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
[2007/10/08 20:12:33 | 000,002,092 | ---- | C] () -- E:\WINDOWS\System32\P16X.ini
[2007/10/08 20:12:32 | 000,039,936 | ---- | C] () -- E:\WINDOWS\System32\P16X.dll
[2007/10/08 20:12:30 | 000,006,175 | ---- | C] () -- E:\WINDOWS\MIXDEF.INI
[2007/10/08 20:12:30 | 000,005,917 | ---- | C] () -- E:\WINDOWS\SBMIXDEF.INI
[2007/10/08 20:12:28 | 000,000,064 | ---- | C] () -- E:\WINDOWS\P16x.ini
[2007/10/08 12:34:54 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2005/02/24 06:32:00 | 000,540,672 | ---- | C] () -- E:\WINDOWS\System32\nvhwvid.dll
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- E:\WINDOWS\System32\nvcod.dll
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\NMSInst.dll
[2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\PROInst.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- E:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/11/03 19:44:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/11/16 19:48:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/20 08:55:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Applications
[2007/10/28 18:10:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Avg7
[2009/01/19 18:12:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/03 19:07:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/09/30 18:57:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Firefly Studios
[2007/10/28 18:04:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/26 08:16:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\iolo
[2007/12/02 21:53:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/10/11 20:06:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Maxtor
[2010/11/16 20:09:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/29 20:02:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/16 20:06:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/06/20 18:52:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/16 20:49:41 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/06/25 19:39:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Facebook
[2009/03/15 11:13:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\InterTrust
[2009/05/25 09:31:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\iolo
[2007/10/11 16:27:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Opera
[2010/09/06 18:26:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Research In Motion
[2007/10/13 11:51:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Smith Micro
[2009/07/29 20:19:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\SystemRequirementsLab
[2010/08/27 16:42:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Thunderbird
[2007/10/21 22:09:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\Uniblue
[2009/11/25 18:24:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Brett Norton\Application Data\WinPatrol
[2010/11/20 07:04:21 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/20 07:06:26 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/10/13 11:04:24 | 022,245,337 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/12/05 08:49:00 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/06/25 13:36:22 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- E:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\system32\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/10/08 12:32:55 | 000,090,112 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
[2007/10/08 12:32:55 | 000,606,208 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
[2007/10/08 12:32:55 | 000,409,600 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav

< End of report >
 
OTL Extras logfile created on: 11/20/2010 2:28:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Brett Norton\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive E: | 127.99 Gb Total Space | 87.89 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 4.76 Gb Free Space | 6.39% Space Free | Partition Type: NTFS

Computer Name: SPA-3BRGWZJ6EVG | User Name: Brett Norton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "E:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = E:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"E:\WINDOWS\system32\usmt\migwiz.exe" = E:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{1196A3B6-9B62-4999-BF6C-1CCE1F581033}" = Nero 7 Essentials
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{15AD427B-9243-46C6-8A14-CA6BA264162B}" = MySoftware Fonts
"{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}" = Opera 9.24
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor*MaxBlast
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Non Driver CIO Components" = Non Driver CIO Components
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
"RP Scan and Clean {F092D1A4-ED8C-47ED-AE72-45B80D7C0543}" = Verizon PC Security Checkup
"System Mechanic 7_is1" = iolo technologies' System Mechanic 7
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2010 3:20:53 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2010 3:21:00 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
Description = Fault bucket -2137877539.

Error - 11/20/2010 3:34:47 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2010 3:34:57 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
Description = Fault bucket -2137877539.

Error - 11/20/2010 3:38:09 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2010 3:38:18 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
Description = Fault bucket -2137877539.

Error - 11/20/2010 4:24:55 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2010 4:25:02 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0000100b.

Error - 11/20/2010 4:25:05 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Error | ID = 1001
Description = Fault bucket -2135977307.

Error - 11/20/2010 4:25:05 AM | Computer Name = SPA-3BRGWZJ6EVG | Source = Application Hang | ID = 1001
Description = Fault bucket -2137877539.

[ OSession Events ]
Error - 7/15/2009 7:42:07 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 95 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/20/2010 6:30:58 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/20/2010 6:30:58 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/20/2010 6:30:59 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/20/2010 6:31:00 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/20/2010 6:31:01 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/20/2010 6:31:01 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/20/2010 6:31:03 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/20/2010 6:31:03 PM | Computer Name = SPA-3BRGWZJ6EVG | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5


< End of report >
 
==

All tools should be run from the desktop please (other than MBA-M).

Ok, just in case you missed the above. All tools should be run from the desktop please.
OTL is running from the Downloads folder.

============

You seem to be running more than one anti-virus program. You need to uninstall ALL but one of them or you are going to have problems.

============

When did you last run Combofix? Post it's log please.

============

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Status
Not open for further replies.
Back