Author Topic: Virus infection- Please help. (Read 40223 times)

ToniCarman · « **on:** April 09, 2010, 09:00:50 AM »

I have seen many of the posts about this and was hoping you could help me. My computer is infected with a virus that doesn't let me open any applications without getting the application message that the file cannot be opened. And now I can no longer access many sites online (this one included... using my work laptop to contact you).

I already had Malwarebyes' installed on my computer from a few weeks ago when I needed it to get something else. So I have run that scan a few times.

I am in safe mode and unable to download any of the other programs suggested in the "read this first message". I am also unable to update Malwarebytes' as I get an error message. Not accessable in IE or Firefox.

I just ran a malwarebytes' scan and here are the log results. Please let me know how to continue. (I am copying this from my PC to notepad- saving to flash drive- and pasteing here)

Thanks in advance!

Malwarebytes' Anti-Malware 1.44
Database version: 3847
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

4/9/2010 11:01:24 AM
mbam-log-2010-04-09 (11-01-24).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 146021
Time elapsed: 1 hour(s), 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{C8FF12A4-F863-4700-A6E4-B8EE77731948}\RP409\A0061092.dll (Rogue.Agent) -> Quarantined and deleted successfully.

chrissypie · « **Reply #1 on:** April 09, 2010, 09:14:22 AM »

Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster Jay

ToniCarman · « **Reply #2 on:** April 09, 2010, 10:45:57 AM »

I just ran the scan again and rebooted and was able to get on without the issues. Is there anything I can do to make sure it is gone, and to prevent it from coming back?

I have installed already Malwarebytes', CA security Center and Ad-Aware

Thanks in advance for your help and time.

-Toni

Dr Jay · « **Reply #3 on:** April 09, 2010, 10:36:31 PM »

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
At the top, tick on Scan All Users section and Include MD5.
At File Age set it to 90 Days
In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
In the Files Created Within and Files Modified Within section, set it to File Age
At the bottom, tick on all Safe List and Use Company Name WhiteList option
Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - Ext
Reg - IE
Explorer Bar
Reg - NetSvcs
Reg - Safeboot Minimal
Reg - Safeboot Network
File - Lop Check
File - Purity Scan

Do NOT change any other settings.
Then, in the Custom Scans box, place this in:

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\System32\*.sys
%systemroot%\System32\drivers\*.dll
%systemroot%\System32\drivers\*.ini
%systemroot%\System32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

ToniCarman · « **Reply #4 on:** April 12, 2010, 06:36:04 PM »

Running the scan now. Is there something I am suppose to post at the end, or will the completion of this scan fix what needs to be fixed.

Thanks again for taking the time to help me!

-Toni

Dr Jay · « **Reply #5 on:** April 12, 2010, 07:57:59 PM »

Yeah, just post the results of the scan, then I will analyze and send you the script to fix your computer.

ToniCarman · « **Reply #6 on:** April 12, 2010, 09:45:28 PM »

Results in multiple messages.

Code: [Select]

OTS logfile created on: 4/12/2010 8:38:04 PM - Run 1
OTS by OldTimer - Version 3.1.28.1     Folder = C:\Documents and Settings\Toni\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 110.40 Gb Free Space | 47.41% Space Free | Partition Type: NTFS
Drive D: | 227.52 Gb Total Space | 132.67 Gb Free Space | 58.31% Space Free | Partition Type: NTFS
Drive E: | 5.35 Gb Total Space | 3.41 Gb Free Space | 63.74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 270.93 Gb Free Space | 58.17% Space Free | Partition Type: NTFS
 
Computer Name: TONI-423C633C85
Current User Name: Toni
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Toni\Desktop\OTS.exe -> [2010/04/12 20:33:58 | 000,638,464 | ---- | M | MD5 = 5E5C23D37C6AB464133476DA06A2CA96] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 12:18:13 | 001,181,328 | ---- | M | MD5 = 1A383F027D4F282E954C5AE30E5BCE50] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/01/27 06:15:13 | 000,788,880 | ---- | M | MD5 = 17B7EE982055EE0660A3C512D07E5111] (Lavasoft)
vetmsg.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -> [2009/11/29 17:15:27 | 000,255,216 | ---- | M | MD5 = 90DF2465CB9FAA0363DB928C79F3FE66] (CA, Inc.)
cavrid.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe -> [2009/11/29 17:15:27 | 000,230,640 | ---- | M | MD5 = 604F59EF3BF029BC092F8196A7996AD7] (CA, Inc.)
cpmonitor.exe -> C:\Program Files\Roxio 2010\5.0\CPMonitor.exe -> [2009/07/21 12:50:02 | 000,084,464 | ---- | M | MD5 = 5287A55084B154E6D7848E68E4B4834A] ()
cinemanowsvc.exe -> C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2009/06/23 18:40:12 | 000,127,352 | ---- | M | MD5 = 127D4D0E9F78834FFD1EEEA3FCFB47C1] (CinemaNow, Inc.)
roxioburnlauncher.exe -> C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe -> [2009/06/23 02:18:52 | 000,494,064 | ---- | M | MD5 = C09AEE8C0BF3DBE298CBFF97E305DDD8] ()
saibsvc.exe -> C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -> [2009/06/02 20:05:58 | 000,457,200 | ---- | M | MD5 = A15069EEC83EBC54150564B2585CFDBA] ()
ccprovsp.exe -> C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -> [2009/05/21 20:14:48 | 000,214,256 | ---- | M | MD5 = E8BBDF1199FC425C243191960A78755E] (CA, Inc.)
cctray.exe -> C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe -> [2009/05/21 20:14:48 | 000,181,488 | ---- | M | MD5 = 76AC1FBBB28054EDFA6ABB85E24B32EB] (CA, Inc.)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M | MD5 = 271077B91D7AD1B616F8AFDFE8E3F981] (Microsoft Corporation)
vxblockserver.exe -> C:\WINDOWS\system32\VxBlockServer.exe -> [2009/03/24 02:01:00 | 000,113,136 | ---- | M | MD5 = 63C0EA91F82EB781615485DED7C87AA4] (Sonic Solutions)
qoeloader.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe -> [2009/01/28 14:26:18 | 000,014,088 | ---- | M | MD5 = C6FDDD2C135C05CFC34C9A6AD66DC8C7] (CA)
capfsem.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe -> [2009/01/28 14:26:17 | 000,189,680 | ---- | M | MD5 = ACF6BE2F802D1C68AD9BF2D53EA8E107] (CA, Inc.)
capfasem.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe -> [2009/01/28 14:26:17 | 000,173,296 | ---- | M | MD5 = 7A2C8D52EFFC7DCFAFDF6A90AE8B3235] (CA, Inc.)
cappactiveprotection.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe -> [2009/01/28 14:26:14 | 000,238,832 | ---- | M | MD5 = 9F37247E2DDCB2E26E5082DF4CCFD21C] (CA, Inc.)
ppctlpriv.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> [2009/01/28 14:26:14 | 000,185,584 | ---- | M | MD5 = 6C42E8310208032BBB12C8A45E17B535] (CA, Inc.)
itmrtsvc.exe -> C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> [2008/09/29 19:48:58 | 000,283,888 | ---- | M | MD5 = 5E849A81827D643E7E35575E14225E92] (CA, Inc.)
quickcam.exe -> C:\Program Files\Logitech\QuickCam\Quickcam.exe -> [2008/08/14 17:15:46 | 002,407,184 | ---- | M | MD5 = CB619A546FCCBD72A2E9A7F3E0B22907] ()
communications_helper.exe -> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe -> [2008/08/14 17:11:48 | 000,565,008 | ---- | M | MD5 = C68BD48274B8C6E4401CF9F71A0CA4BD] ()
cocimanager.exe -> C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe -> [2008/08/14 17:11:14 | 000,447,248 | ---- | M | MD5 = 0115F266EBA02BA77A3BDA183877F0C4] (Logitech Inc.)
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/07/26 08:25:36 | 000,150,040 | ---- | M | MD5 = 28BD0E4B6C050B591B8CB35B9AD284E6] (Logitech Inc.)
lvcomser.exe -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2008/07/26 08:23:42 | 000,186,904 | ---- | M | MD5 = 38440FE1A65B1FE3D246C5C4CAD22F53] (Logitech Inc.)
umxpol.exe -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -> [2008/06/24 23:10:30 | 000,281,104 | ---- | M | MD5 = A0F149394D27079B75FF3FA59150733F] (CA)
windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/27 02:19:14 | 000,123,904 | ---- | M | MD5 = B5C9F63C01FCFEC3F64EC6A0940A1825] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
isafe.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -> [2008/01/12 01:30:46 | 000,144,696 | ---- | M | MD5 = 58DA9AB565E54A3A7C1FB53CEB075F49] (Computer Associates International, Inc.)
umxagent.exe -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -> [2007/10/18 14:24:46 | 001,010,192 | ---- | M | MD5 = FA51583A4A1D4DFC49E5E7D836BAE0A5] (CA)
umxcfg.exe -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -> [2007/10/18 14:24:46 | 000,801,296 | ---- | M | MD5 = A4C9AAA759014E66057663597A18D825] (CA)
umxfwhlp.exe -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -> [2007/10/18 14:24:44 | 000,145,936 | ---- | M | MD5 = 3FEB512315C479C0CCD4870A2833B4C8] (CA)
calmain.exe -> C:\Program Files\Canon\CAL\CALMAIN.exe -> [2007/01/31 18:55:42 | 000,096,370 | ---- | M | MD5 = 8EF654045E518AC00E52E7A1E2D3AD70] (Canon Inc.)
hpzipm12.exe -> C:\WINDOWS\system32\HPZipm12.exe -> [2004/09/29 13:14:36 | 000,069,632 | ---- | M | MD5 = 9D84376931440F3679BEEF2A414FA493] (HP)
acrotray.exe -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/05/15 05:19:50 | 000,217,193 | ---- | M | MD5 = 78BFE3201ADA2FE02D1E35D2488E5F55] (Adobe Systems Inc.)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Toni\Desktop\OTS.exe -> [2010/04/12 20:33:58 | 000,638,464 | ---- | M | MD5 = 5E5C23D37C6AB464133476DA06A2CA96] (OldTimer Tools)
qoehook.dll -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOEHook.dll -> [2009/01/28 14:26:18 | 000,083,208 | ---- | M | MD5 = FADE3ED33DD933015082B6497845656F] (CA)
lvprcinj01.dll -> C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll -> [2008/07/26 08:25:24 | 000,109,080 | ---- | M | Unable to obtain MD5] (Logitech Inc.)

ToniCarman · « **Reply #7 on:** April 12, 2010, 09:46:02 PM »

[Win32 Services - Safe List]
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 12:18:13 | 001,181,328 | ---- | M | MD5 = 1A383F027D4F282E954C5AE30E5BCE50] (Lavasoft)
(VETMSGNT) VET Message Service [Auto | Running] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -> [2009/11/29 17:15:27 | 000,255,216 | ---- | M | MD5 = 90DF2465CB9FAA0363DB928C79F3FE66] (CA, Inc.)
(RoxWatch12) Roxio Hard Drive Watcher 12 [Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -> [2009/07/24 09:33:34 | 000,219,632 | ---- | M | MD5 = 71B38B8DF1A9B55FC0FB64958CC7B9DD] (Sonic Solutions)
(RoxMediaDB12) RoxMediaDB12 [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -> [2009/07/24 09:33:10 | 001,116,656 | ---- | M | MD5 = FF578453D3B3ADAAB22D7151D7F9E592] (Sonic Solutions)
(CinemaNow Service) CinemaNow Service [Auto | Running] -> C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2009/06/23 18:40:12 | 000,127,352 | ---- | M | MD5 = 127D4D0E9F78834FFD1EEEA3FCFB47C1] (CinemaNow, Inc.)
(9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) Roxio SAIB Service [Auto | Running] -> C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -> [2009/06/02 20:05:58 | 000,457,200 | ---- | M | MD5 = A15069EEC83EBC54150564B2585CFDBA] ()
(CaCCProvSP) CaCCProvSP [On_Demand | Running] -> C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -> [2009/05/21 20:14:48 | 000,214,256 | ---- | M | MD5 = E8BBDF1199FC425C243191960A78755E] (CA, Inc.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M | MD5 = 271077B91D7AD1B616F8AFDFE8E3F981] (Microsoft Corporation)
(PPCtlPriv) PPCtlPriv [On_Demand | Running] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> [2009/01/28 14:26:14 | 000,185,584 | ---- | M | MD5 = 6C42E8310208032BBB12C8A45E17B535] (CA, Inc.)
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Auto | Running] -> C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> [2008/09/29 19:48:58 | 000,283,888 | ---- | M | MD5 = 5E849A81827D643E7E35575E14225E92] (CA, Inc.)
(LVPrcSrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/07/26 08:25:36 | 000,150,040 | ---- | M | MD5 = 28BD0E4B6C050B591B8CB35B9AD284E6] (Logitech Inc.)
(LVCOMSer) LVCOMSer [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2008/07/26 08:23:42 | 000,186,904 | ---- | M | MD5 = 38440FE1A65B1FE3D246C5C4CAD22F53] (Logitech Inc.)
(UmxPol) HIPS Policy Manager [Auto | Running] -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -> [2008/06/24 23:10:30 | 000,281,104 | ---- | M | MD5 = A0F149394D27079B75FF3FA59150733F] (CA)
(CAISafe) CAISafe [Auto | Running] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -> [2008/01/12 01:30:46 | 000,144,696 | ---- | M | MD5 = 58DA9AB565E54A3A7C1FB53CEB075F49] (Computer Associates International, Inc.)
(UmxAgent) HIPS Event Manager [Auto | Running] -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -> [2007/10/18 14:24:46 | 001,010,192 | ---- | M | MD5 = FA51583A4A1D4DFC49E5E7D836BAE0A5] (CA)
(UmxCfg) HIPS Configuration Interpreter [Auto | Running] -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -> [2007/10/18 14:24:46 | 000,801,296 | ---- | M | MD5 = A4C9AAA759014E66057663597A18D825] (CA)
(UmxFwHlp) HIPS Firewall Helper [Auto | Running] -> C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -> [2007/10/18 14:24:44 | 000,145,936 | ---- | M | MD5 = 3FEB512315C479C0CCD4870A2833B4C8] (CA)
(CCALib8) Canon Camera Access Library 8 [Auto | Running] -> C:\Program Files\Canon\CAL\CALMAIN.exe -> [2007/01/31 18:55:42 | 000,096,370 | ---- | M | MD5 = 8EF654045E518AC00E52E7A1E2D3AD70] (Canon Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004/09/29 13:14:36 | 000,069,632 | ---- | M | MD5 = 9D84376931440F3679BEEF2A414FA493] (HP)

[Driver Services - Safe List]
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\vetefile.sys -> [2009/11/09 08:28:36 | 000,739,696 | ---- | M | MD5 = 414F113D3995BA808C24EE071CFDD416] (Computer Associates International, Inc.)
(VETMONNT) VET File Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\vetmonnt.sys -> [2009/11/09 08:28:35 | 000,161,008 | ---- | M | MD5 = F5897FF7EB733670F92E798EF5358B88] (Computer Associates International, Inc.)
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\veteboot.sys -> [2009/11/09 08:28:35 | 000,133,520 | ---- | M | MD5 = E9B579BE79693FC20455EDA61199F3C2] (Computer Associates International, Inc.)
(VET-FILT) VET File System Filter [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\vet-filt.sys -> [2009/11/09 08:28:35 | 000,026,352 | ---- | M | MD5 = E6287F6C77E71ADFC6BADB106CD30E7D] (Computer Associates International, Inc.)
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\vetfddnt.sys -> [2009/11/09 08:28:35 | 000,021,488 | ---- | M | MD5 = 05BDABE6664F48C54A6D3C538C8F2CC1] (Computer Associates International, Inc.)
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\vet-rec.sys -> [2009/11/09 08:28:35 | 000,021,104 | ---- | M | MD5 = CB98D6C1ADE8A891CBBFD9BEB1774F48] (Computer Associates International, Inc.)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2009/09/23 08:55:23 | 000,064,288 | ---- | M | MD5 = 713CD5267ABFB86FE90A72E384E82A38] (Lavasoft AB)
(SaibVd32) Virtual Disk Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\SaibVd32.sys -> [2009/06/02 02:00:00 | 000,025,584 | ---- | M | MD5 = E333C9515822DE586A3FF759A0C9B7BF] (Sonic Solutions)
(SahdIa32) HDD Filter Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\SahdIa32.sys -> [2009/06/02 02:00:00 | 000,021,488 | ---- | M | MD5 = 0B2D5D2341437D7D7E1A6C7BBCE3786A] (Sonic Solutions)
(SaibIa32) Volume Filter Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\SaibIa32.sys -> [2009/06/02 02:00:00 | 000,015,856 | ---- | M | MD5 = 7A5F65B16249AF2BC9D18D815F5D7172] (Sonic Solutions)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2008/09/18 03:55:00 | 006,132,576 | ---- | M | MD5 = 70CB8915895CCB92DDF23CE890C4F5BE] (NVIDIA Corporation)
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvcflt.sys -> [2008/07/26 11:26:54 | 000,023,832 | ---- | M | MD5 = 50104C5F1EE1E295781CAF9521CA2E56] (Logitech Inc.)
(LVUVC) Logitech QuickCam S5500(UVC) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\lvuvc.sys -> [2008/07/26 11:26:42 | 004,658,584 | ---- | M | MD5 = 8BC0D5F6E3898F465A94C6D03AFB5A20] (Logitech Inc.)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVUSBSta.sys -> [2008/07/26 11:26:20 | 000,041,752 | ---- | M | MD5 = 23F8EF78BB9553E465A476F3CEE5CA18] (Logitech Inc.)
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\lvrs.sys -> [2008/07/26 11:25:46 | 000,627,864 | ---- | M | MD5 = B895839B8743E400D7C7DAE156F74E7E] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2008/07/26 08:25:02 | 000,025,624 | ---- | M | MD5 = A6919138F29AE45E90E99FA94737E04C] ()
(KmxStart) KmxStart [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\kmxstart.sys -> [2008/06/24 23:08:58 | 000,093,712 | ---- | M | MD5 = F68A8118C1E26967533CC06206154784] (CA)
(KmxSbx) KmxSbx [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\KmxSbx.sys -> [2008/06/24 23:08:56 | 000,066,576 | ---- | M | MD5 = 2DF089F8594AE18D5C1A1BFBDD967EAB] (CA)
(KmxFw) KmxFw [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\KmxFw.sys -> [2008/06/24 23:08:52 | 000,115,216 | ---- | M | MD5 = 6DB409366CB3325A67A01308CE23AE1A] (CA)
(KmxFile) KmxFile [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\KmxFile.sys -> [2008/06/24 23:08:46 | 000,045,584 | ---- | M | MD5 = 28C7643D33ED066622E93260F818ADFD] (CA)
(KmxCF) KmxCF [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\KmxCF.sys -> [2008/06/24 23:08:42 | 000,134,648 | ---- | M | MD5 = 9CB6AE1A28C0A5B70AFC208F068BC24F] (CA)
(KmxCfg) KmxCfg [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\KmxCfg.sys -> [2008/06/24 23:08:42 | 000,088,816 | ---- | M | MD5 = DF0DE1110162E761A7F60C392AD177DD] (CA)
(KmxAgent) KmxAgent [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\KmxAgent.sys -> [2008/06/24 23:08:36 | 000,063,504 | ---- | M | MD5 = F4FFCA2DE8290DE6118583BF74962243] (CA)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 12:36:05 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 10:45:12 | 000,060,032 | ---- | M | MD5 = E919708DB44ED8543A7C017953148330] (Microsoft Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2007/07/09 21:56:00 | 004,449,280 | R--- | M | MD5 = 1EBDE650D97A8ECCDC1CC4A0804647CD] (Realtek Semiconductor Corp.)
(AmdPPM) AMD HwPState Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdPPM.sys -> [2007/04/17 01:46:00 | 000,033,792 | ---- | M | MD5 = 033448D435E65C4BD72E70521FD05C76] (Advanced Micro Devices)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/11/27 04:33:54 | 000,019,968 | R--- | M | MD5 = 1296B33C223A58485D5EAA779752216A] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/11/27 04:33:50 | 000,058,368 | R--- | M | MD5 = 0AE6258709D58FB53638E8D28F4480D4] (NVIDIA Corporation)

ToniCarman · « **Reply #8 on:** April 12, 2010, 09:46:53 PM »

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: Main\\"Local Page" -> \blank.htm ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: Main\\"Start Page" -> http://www.ask.com/?o=13920&l=dis ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyEnable" -> 1 ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyOverride" -> <local> ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyServer" -> http=127.0.0.1:5555 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Toni\Application Data\Mozilla\FireFox\Profiles\r8se12d9.default\prefs.js ->
browser.search.defaultenginename -> "Ask" ->
browser.search.order.1 -> "Ask" ->
browser.search.selectedEngine -> "Ask" ->
browser.startup.homepage -> "www.google.com" ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:1.0.0.%(version)s ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> [email protected]:1.0.12514 ->
keyword.URL -> "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=" ->
network.proxy.no_proxies_on -> "*.local" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/12 20:30:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/04 12:39:39 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Documents and Settings\Toni\Application Data\Mozilla\Extensions -> [2009/01/29 11:53:42 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions -> [2010/04/12 14:27:47 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/07/05 18:47:02 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
ask.xml -> C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\searchplugins\ask.xml -> [2009/10/09 13:45:36 | 000,000,681 | ---- | M | MD5 = 7742DCC23BE1CEC91CCDB4851D366DAF] ()
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/12 07:37:57 | 000,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2010/04/12 20:32:15 | 000,000,000 | ---D | M]
< HOSTS File > ([2004/08/04 08:00:00 | 000,000,734 | ---- | M | MD5 = DE1CBFE6C3086010AF115A1F00909B01] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 04:47:54 | 000,050,376 | ---- | M | MD5 = 0C0E1B2BCAED8DF401BE94D538BCB412] (Adobe Systems Incorporated)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M | MD5 = F655CDD5506FBB4C40C08C9C6A66F7C8] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2010/01/27 06:15:13 | 000,788,880 | ---- | M | MD5 = 17B7EE982055EE0660A3C512D07E5111] (Lavasoft)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 06:43:00 | 000,069,632 | R--- | M | MD5 = 8B4CBBA1EA526830C7F97E7822E2493A] (Realtek Semiconductor Corp.)
"cafw" -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl] -> [2009/01/28 14:26:17 | 000,771,312 | ---- | M | MD5 = ADEADCD30EF7B161F42E68B5BD648459] (CA, Inc.)
"capfasem" -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe] -> [2009/01/28 14:26:17 | 000,173,296 | ---- | M | MD5 = 7A2C8D52EFFC7DCFAFDF6A90AE8B3235] (CA, Inc.)
"capfupgrade" -> C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe] -> [2009/01/28 14:26:17 | 000,259,312 | ---- | M | MD5 = A437B5E4D65978867CD0B647DCCBBD48] (CA, Inc.)
"CAVRID" -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe ["C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"] -> [2009/11/29 17:15:27 | 000,230,640 | ---- | M | MD5 = 604F59EF3BF029BC092F8196A7996AD7] (CA, Inc.)
"cctray" -> C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe ["C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"] -> [2009/05/21 20:14:48 | 000,181,488 | ---- | M | MD5 = 76AC1FBBB28054EDFA6ABB85E24B32EB] (CA, Inc.)
"CPMonitor" -> C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ["C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"] -> [2009/07/21 12:50:02 | 000,084,464 | ---- | M | MD5 = 5287A55084B154E6D7848E68E4B4834A] ()
"Desktop Disc Tool" -> C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ["C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"] -> [2009/06/23 02:18:52 | 000,494,064 | ---- | M | MD5 = C09AEE8C0BF3DBE298CBFF97E305DDD8] ()
"LogitechCommunicationsManager" -> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [2008/08/14 17:11:48 | 000,565,008 | ---- | M | MD5 = C68BD48274B8C6E4401CF9F71A0CA4BD] ()
"LogitechQuickCamRibbon" -> C:\Program Files\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [2008/08/14 17:15:46 | 002,407,184 | ---- | M | MD5 = CB619A546FCCBD72A2E9A7F3E0B22907] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/09/18 03:55:00 | 013,574,144 | ---- | M | MD5 = 89C7169D6161D98585880E3079D721F3] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/09/18 03:55:00 | 000,086,016 | ---- | M | MD5 = C01F5EFFCF7D51921722D96AE4140727] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2008/09/18 03:55:00 | 001,657,376 | ---- | M | MD5 = 7ADC35508F0C8D21197DD9988BDD42A4] ()
"QOELOADER" -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe ["C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"] -> [2009/01/28 14:26:18 | 000,014,088 | ---- | M | MD5 = C6FDDD2C135C05CFC34C9A6AD66DC8C7] (CA)
"RoxWatchTray" -> C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe ["C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"] -> [2009/07/24 09:33:24 | 000,240,112 | ---- | M | MD5 = 11BA16C682931D089996ECDBC21809BB] (Sonic Solutions)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2007/06/15 04:45:00 | 001,826,816 | R--- | M | MD5 = D373E15EB5E2E463EF01CF7BD8D7A1DF] (Realtek Semiconductor Corp.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/05/15 05:19:50 | 000,217,193 | ---- | M | MD5 = 78BFE3201ADA2FE02D1E35D2488E5F55] (Adobe Systems Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/27 02:19:14 | 000,123,904 | ---- | M | MD5 = B5C9F63C01FCFEC3F64EC6A0940A1825] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Toni Startup Folder > -> C:\Documents and Settings\Toni\Start Menu\Programs\Startup ->
C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 23:16:50 | 000,113,664 | ---- | M | MD5 = C2FF17734176CD15221C10044EF0BA1A] (Adobe Systems, Inc.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" ->

-> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"CDRAutoRun" ->

-> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"CDRAutoRun" ->

-> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M | MD5 = F008B25C34C98E4F207B00852E25E97D] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M | MD5 = F008B25C34C98E4F207B00852E25E97D] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/07/26 21:17:14 | 000,186,192 | ---- | M | MD5 = F008B25C34C98E4F207B00852E25E97D] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
cinemanow.com .[http] -> Trusted sites ->
cinemanow.com .[https] -> Trusted sites ->
qflix.com .[http] -> Trusted sites ->
roxio.com .[http] -> Trusted sites ->
redirect_sonic.com [http] -> Trusted sites ->
redirect2_sonic.com [http] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.15.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{00CD242A-285D-4678-B089-A8855EEF0B2B}\\DhcpNameServer -> 192.168.15.1 (NVIDIA nForce Networking Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
PFW -> C:\WINDOWS\System32\UmxWNP.dll -> [2007/05/18 17:30:00 | 000,079,368 | ---- | M | MD5 = 09ECADCDDE96AB045B34AE8DCDFDDF3B] (CA)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 000,304,128 | ---- | M | MD5 = 994AD0D8550B8B26990A6E3AA0791502] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" -> C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe [C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager] -> [2009/06/23 18:39:56 | 002,088,808 | ---- | M | MD5 = 2A896BC97DC2EFB4B7477030C5B3BFD5] (CinemaNow Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/05/12 09:34:58 | 000,151,635 | ---- | M | MD5 = 933F8525453829650D7959C8F56E28AE] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2005/05/24 03:34:36 | 000,057,344 | ---- | M | MD5 = E81BA0F9D470658FCCCB39F4F4179866] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2005/05/24 03:17:46 | 000,225,280 | ---- | M | MD5 = A6158B78B155041BAEAEEC8C31907189] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2005/05/24 03:18:00 | 000,040,960 | ---- | M | MD5 = 5B2E6895B8E30A9C29DD708060DD537D] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2005/05/24 03:13:32 | 000,081,920 | ---- | M | MD5 = A160625AFF3967321014ECFEC2ED41B6] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2005/05/24 03:42:00 | 000,172,032 | ---- | M | MD5 = 574353FF3FDEE2C5352761C744953CD0] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2005/05/24 03:18:52 | 000,458,752 | ---- | M | MD5 = 3680CD90BCE2B7C731B20E7CA9E8877F] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2005/03/15 16:17:50 | 000,704,512 | ---- | M | MD5 = 35E015E8FF8DDE3AB20177E71EECEF2B] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2005/03/15 16:12:10 | 000,417,792 | ---- | M | MD5 = 559F93648846D522B0AFE9C2A9A7E5C8] ()
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/07/13 14:02:56 | 014,074,656 | ---- | M | MD5 = F5BDBF356BC29A09C12F7BF576A7CD2E] (Apple Inc.)
"C:\Program Files\Roxio 2010\Venue\Venue.exe" -> C:\Program Files\Roxio 2010\Venue\Venue.exe [C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue] -> [2009/06/24 23:49:02 | 000,772,592 | ---- | M | MD5 = BD9D2496CED14E5B78FDA77F29BCCBF1] (Sonic Solutions)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/03/22 13:58:53 | 000,319,792 | ---- | M | MD5 = E5A1E18EC3158460A73D293241369C39] (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/28 09:08:04 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ NTFS ] -> [2006/06/17 05:41:16 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
E:\Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> E:\Autorun.inf [ FAT32 ] -> [2004/09/13 12:15:24 | 000,000,053 | -HS- | M | MD5 = A09D73C07892E2C770B865716C556949] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\E
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
\E\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
\E\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun\command
\{0da970a4-ee9c-11dd-b6fd-0021970ed2b7}\Shell\AutoRun\command\\"" -> K:\LaunchU3.exe [K:\LaunchU3.exe -a] -> File not found
\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell
\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell\AutoRun
\{5f0b48d7-ed54-11dd-b6f8-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

ToniCarman · « **Reply #9 on:** April 12, 2010, 09:48:23 PM »

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 20:12:42 | 000,199,680 | ---- | M | MD5 = 877C90686858D899B042BBA45E9B7F2C] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 20:09:57 | 000,290,816 | ---- | M | MD5 = 452705AC9E4C0DDE91A61F0E02292423] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009/07/26 17:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 20:10:50 | 000,086,016 | ---- | M | MD5 = 0DBB250A89E2E1C9281009AC269F0805] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 08:00:00 | 000,008,192 | ---- | M | MD5 = E8CD0D7E169ECCE2D4FD829DAAB786ED] (DSP GROUP, INC.)
"MSVideo" -> C:\WINDOWS\System32\vfwwdm32.dll [vfwwdm32.dll] -> [2008/04/13 16:12:08 | 000,053,760 | ---- | M | MD5 = E2A57AC21705D3A05BB89BE201FA5C0C] (Microsoft Corporation)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 16:12:08 | 000,053,760 | ---- | M | MD5 = E2A57AC21705D3A05BB89BE201FA5C0C] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 20:11:54 | 000,080,384 | ---- | M | MD5 = 7E86D471EF8DED7B9D15106002120271] (Radius Inc.)
"VIDC.I420" -> C:\WINDOWS\System32\lvcodec2.dll [lvcodec2.dll] -> [2008/07/26 11:23:18 | 000,416,280 | ---- | M | MD5 = 842E14DBE96F4D38E43AD318C4894C84] (Logitech Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 08:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 08:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 20:12:42 | 000,848,384 | ---- | M | MD5 = 948E1498C6438625247F94534AAA82FE] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 20:11:55 | 000,755,200 | ---- | M | MD5 = 5F10DC19D92CCF6B719B494572F4F74B] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/05/26 17:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/05/26 17:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 17:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2009/03/09 05:18:52 | 000,110,592 | ---- | M | MD5 = EB6FE5BED977E26B575CBF8047FF8641] (Sun Microsystems, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> [2009/03/09 05:19:10 | 000,136,600 | ---- | M | MD5 = 20188EB1790C5EB9057DDFE3EA138FC7] (Sun Microsystems, Inc.)
{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Windows Live Upload Tool] -> [2008/10/29 15:46:56 | 000,245,112 | ---- | M | MD5 = DA204A2BAB5780A0DF37EB5BE58FCA57] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\pdf.ocx [Adobe Acrobat Control for ActiveX] -> [2003/05/15 05:04:06 | 000,416,248 | ---- | M | MD5 = 9EBA1306C494862FD6AFF9DB0643BB60] (Adobe Systems Incorporated)
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> [2009/03/09 05:19:10 | 000,136,600 | ---- | M | MD5 = 20188EB1790C5EB9057DDFE3EA138FC7] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> [2009/03/09 05:19:10 | 000,136,600 | ---- | M | MD5 = 20188EB1790C5EB9057DDFE3EA138FC7] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> [2009/03/09 05:19:10 | 000,136,600 | ---- | M | MD5 = 20188EB1790C5EB9057DDFE3EA138FC7] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2009/03/09 05:19:08 | 000,410,984 | ---- | M | MD5 = 5B0CE37BE36679D9D3097B592F7213D9] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2009/05/26 17:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx [Shockwave Flash Object] -> [2009/07/17 23:12:12 | 003,979,680 | R--- | M | MD5 = 43C6ACDFB92A18C3E516E6BD5F1ACD51] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/07/13 14:02:52 | 000,111,912 | ---- | M | MD5 = A64AD94ED646B2CDBED0CEBC9018EC19] (Apple Inc.)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 17:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 17:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{00000000-0000-0000-0000-000000000000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> C:\WINDOWS\system32\OGACheckControl.DLL [Office Genuine Advantage Validation Tool] -> [2008/02/04 22:23:10 | 000,693,792 | ---- | M | MD5 = D1346A4683E98836E2FE003859E5DC0D] ()
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 04:47:54 | 000,050,376 | ---- | M | MD5 = 0C0E1B2BCAED8DF401BE94D538BCB412] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx [Facebook Photo Uploader 5 Control] -> [2008/10/10 19:44:58 | 003,536,384 | ---- | M | MD5 = 3F703EC5DB5638C08008132A78430136] ()
{201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{21FA44EF-376D-4D53-9B0F-8A89D3229068} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 18:27:12 | 000,128,512 | ---- | M | MD5 = AB2618C157C8D7BC89BA3402C6E52638] (Microsoft Corporation)
{3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{32C3FEAE-0877-4767-8C20-62A5829A0945} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/05/26 17:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\AUTHZAX.DLL [Microsoft Office Control] -> [2007/04/19 18:10:18 | 000,045,920 | ---- | M | MD5 = 552AB92DDC16080FD47ECC68C6975DE3] (Microsoft Corporation)
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
{4E430174-1673-4FF3-BF28-A3B37F6573E7} [HKLM] -> C:\Program Files\Windows Desktop Search\wdsShell.dll [Windows Desktop Search Combo Control] -> [2008/05/27 02:19:14 | 000,785,408 | ---- | M | MD5 = 2C2830B08045E2A1C1930EB064A8FAC0] (Microsoft Corporation)
{52A2AAAE-085D-4187-97EA-8C30DB990436} [HKLM] -> C:\WINDOWS\system32\hhctrl.ocx [HHCtrl Object] -> [2008/04/13 20:09:36 | 000,545,280 | ---- | M | MD5 = 22D71D1DB6FC789A1CE8AC6963580259] (Microsoft Corporation)
{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M | MD5 = F655CDD5506FBB4C40C08C9C6A66F7C8] (Microsoft Corporation)
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll [HP Download Manager] -> [2007/10/18 14:04:16 | 000,341,296 | ---- | M | MD5 = CDE357CD3FC047F5C7D8B8345B6A42BF] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8D91090E-B955-11D1-ADC5-006008A5848C} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DEGetBlockFmtNamesParam Class] -> [2009/07/27 18:27:12 | 000,128,512 | ---- | M | MD5 = AB2618C157C8D7BC89BA3402C6E52638] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AE7CD045-E861-484F-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> C:\WINDOWS\opuc.dll [Office Update Installation Engine] -> [2008/12/04 23:54:46 | 000,524,288 | ---- | M | MD5 = 58BB14004585436709170E8C90CE1B6D] (Microsoft Corporation)
{C98FE784-B96E-41e1-8399-1337AE3E539F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\pdf.ocx [Adobe Acrobat Control for ActiveX] -> [2003/05/15 05:04:06 | 000,416,248 | ---- | M | MD5 = 9EBA1306C494862FD6AFF9DB0643BB60] (Adobe Systems Incorporated)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx [Shockwave Flash Object] -> [2009/07/17 23:12:12 | 003,979,680 | R--- | M | MD5 = 43C6ACDFB92A18C3E516E6BD5F1ACD51] (Adobe Systems, Inc.)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 19:17:46 | 001,068,904 | ---- | M | MD5 = 28455424E3C8B81661C5A40E18066BB1] (Microsoft Corporation)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 17:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Classes\<extension>\ ->
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/04/01 13:58:04 | 000,910,296 | ---- | M | MD5 = 49958506B773E40D31832E3EEDA522E7] (Mozilla Corporation)
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 05:03:46 | 000,147,456 | ---- | M | MD5 = 44BCFF08947790E74BD7CC7532D2B793] ()
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2009/01/28 00:49:07 | 000,000,000 | ---D | M]
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 20:11:15 | 000,005,632 | ---- | M | MD5 = 7B0770526801F05D58C51A3DFB87B4BD] (Microsoft Corporation)
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Program Files\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2009/02/04 13:27:34 | 001,942,824 | ---- | M | MD5 = BE8FC3EF67D58F8D711EA94F8C17D8F7] (Skype Technologies)
wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} [HKLM] -> C:\Program Files\Windows Live\Mail\mailcomm.dll[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler] -> [2009/07/26 17:44:48 | 000,789,824 | ---- | M | MD5 = 021E1FA87DAB47ACE09F900B00074774] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
Lavasoft Ad-Aware Service -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 12:18:13 | 001,181,328 | ---- | M | MD5 = 1A383F027D4F282E954C5AE30E5BCE50] (Lavasoft)
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{1a3e09be-1e45-494b-9174-d7385b45bbf5} ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
Lavasoft Ad-Aware Service -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 12:18:13 | 001,181,328 | ---- | M | MD5 = 1A383F027D4F282E954C5AE30E5BCE50] (Lavasoft)
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusOverride" -> [1] -> File not found
\\"FirewallOverride" -> [1] -> File not found
\\"AntiVirusDisableNotify" ->

-> File not found

\\"FirewallDisableNotify" ->

-> File not found

\\"UpdatesDisableNotify" ->

-> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall
\Monitoring\CA Personal Firewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
\Monitoring\ComputerAssociatesAntiVirus\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->

-> File not found

\\"DoNotAllowExceptions" ->

-> File not found

\\"DisableNotifications" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

ToniCarman · « **Reply #10 on:** April 12, 2010, 09:48:55 PM »

\AuthorizedApplications\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> C:\Program Files\Bonjour\mdnsNSP.dll -> [2008/12/12 11:11:44 | 000,147,456 | ---- | M | MD5 = 292F92469EFB2FD402E00742C06D539D] (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\WINDOWS\System32\VetRedir.dll -> [2008/01/12 01:30:50 | 000,083,256 | ---- | M | MD5 = 28BE9482EA3D20FDC0E589F7A65B85B1] (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -> C:\WINDOWS\System32\VetRedir.dll -> [2008/01/12 01:30:50 | 000,083,256 | ---- | M | MD5 = 28BE9482EA3D20FDC0E589F7A65B85B1] (Computer Associates International, Inc.)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{0611BD4E-4FE4-4a62-B0C0-18A4CC463428} -> CP_Package_Variety1
{07287123-B8AC-41CE-8346-3D777245C35B} -> Bonjour
{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3} -> Destinations
{0B33B738-AD79-4E32-90C5-E67BFB10BBFF} -> AiO_Scan
{15EE79F4-4ED1-4267-9B0F-351009325D7D} -> HP Software Update
{178832DE-9DE0-4C87-9F82-9315A9B03985} -> Windows Live Writer
{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A} -> CP_Package_Variety3
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
{2466E904-7E48-4597-9321-722CF02930EB} -> 5600
{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} -> Skype™ 4.0
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 13
{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C} -> Unload
{30C19FF2-7FBA-4d09-B9DE-1659977F64F6} -> TrayApp
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3AF8FCCD-F51A-4014-9002-F195E1CBC876} -> Logitech QuickCam
{3B0F52AC-EF5C-4831-B221-06C782E41280} -> Quicken 2008
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
{46578609-AD6D-4E69-AC8F-28B89C090F3B} -> Roxio Creator 2010 Pro
{49FB31C1-26EC-44c6-AB47-73C66E2BC41E} -> HP PSC & OfficeJet 5.3.B
{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} -> SmartSound Quicktracks Plugin
{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} -> Microsoft Search Enhancement Pack
{5491453D-8C3E-4785-AC5C-E9A4DABF378A} -> Roxio Venue
{54E3707F-808E-4fd4-95C9-15D1AB077E5D} -> NewCopy
{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE} -> WebReg
{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} -> Microsoft Office Live Add-in 1.3
{5A06423A-210C-49FB-950E-CB0EB8C5CEC7} -> Roxio BackOnTrack
{5B622B7A-60FB-4630-B11D-F121D20BCCD6} -> MarketResearch
{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} -> HP PSC & OfficeJet 5.3.B
{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB} -> Roxio File Backup
{6412CECE-8172-4BE5-935B-6CECACD2CA87} -> Windows Live Mail
{65A79175-3C4C-41F4-92AF-BA1DDDBA0626} -> Roxio Burn Manager CDB
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724} -> DocProc
{6C122441-1861-4CD7-B1C5-A163A6984E12} -> CinemaNow Media Manager
{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder
{70C592EC-AE9B-4734-928B-676E824FB41E} -> MFC RunTime files
{733CDF24-0A93-426E-AA89-DF281EB54793} -> Roxio CinePlayer
{74DC8A26-4E05-40B6-AD11-C9428A1AE150} -> Roxio Creator 2010 Pro
{76C24F39-B161-498F-BD8B-C64789812D13}_is1 -> ConvertXtoDVD 3.8.0.193c
{7850A6D2-CBEA-4728-9877-F1BEDEA9F619} -> AiOSoftware
{786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0
{7C515D87-2DCD-422B-B993-3FE8A71B3DDB} -> Noiseware Professional Plug-in
{7C9B95B7-B598-4398-B30F-7F6827192E6C} -> ProductContext
{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} -> Windows Live Essentials
{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1} -> Windows Live Sync
{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29} -> Roxio Video Capture USB
{8777AC6D-89F9-4793-8266-DE406F343E89} -> QFolder
{87A83C6F-F53C-448A-B078-FF00E3EAEB29} -> Roxio Disaster Recovery
{89A15676-78AE-4D51-BF5B-DEE3E0D46C94} -> Roxio Creator 2010 Pro
{8A74E887-8F0F-4017-AF53-CBA42211AAA5} -> Microsoft Sync Framework Runtime Native v1.0 (x86)
{8B611C23-ADB6-4F5E-A04A-959EB0D349F6} -> Winkflash Transporter
{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{906C01EE-B242-4197-AE85-6C506E1B869B} -> Roxio Burn Manager
{909B62B0-8ACA-4061-A83B-09CAEF609619} -> MSXML 6.0 Parser
{91CA0409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Small Business Edition 2003
{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F} -> Readme
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95120000-0122-0409-0000-0000000FF1CE} -> Microsoft Office Outlook Connector
{995F1E2E-F542-4310-8E1D-9926F5A279B3} -> Windows Live Toolbar
{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} -> iTunes
{9A00EC4E-27E1-42C4-98DD-662F32AC8870} -> Roxio CinePlayer Decoder Pack
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A121EEDE-C68F-461D-91AA-D48BA226AF1C} -> Roxio Activation Module
{A195B13E-A5E3-4BAF-A995-7F70F445CD06} -> ScannerCopy
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A33E7B0C-B99C-4EC9-B702-8A328B161AF9} -> Roxio Burn
{A85FD55B-891B-4314-97A5-EA96C0BD80B5} -> Windows Live Messenger
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
{AC76BA86-1033-0000-BA7E-000000000001} -> Adobe Acrobat 6.0 Standard
{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D} -> CA Anti-Spyware
{AF9E97C1-7431-426D-A8D5-ABE40995C0B1} -> DirectX 9 Runtime
{B74D4E10-1033-0000-0000-000000000001} -> Adobe Bridge 1.0
{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA} -> CP_Package_Variety2
{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC} -> BufferChm
{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} -> Canon Camera WIA Driver
{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} -> Microsoft Sync Framework Services Native v1.0 (x86)
{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18} -> 5600Trb
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C506A18C-1469-4678-B094-F4EC9DAE6DB7} -> Scan
{C78EAC6F-7A73-452E-8134-DBB2165C5A68} -> QuickTime
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CC7984C5-020D-4944-85A0-58D09D4A8BFB} -> 5600_Help
{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC} -> Fax
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA} -> Windows Live Photo Gallery
{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039} -> AnswerWorks 5.0 English Runtime
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{E2DFE069-083E-4631-9B6C-43C48E991DE5} -> Junk Mail filter update
{E3F90083-80D4-4b5a-87C7-E97E12F5516D} -> HPProductAssistant
{E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0
{EA103B64-C0E4-4C0E-A506-751590E1653D} -> SolutionCenter
{F05A5232-CE5E-4274-AB27-44EB8105898D} -> CA Pest Patrol Realtime Protection
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4} -> Status
{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
{FE64AE29-0883-4C70-8388-DC026019C900} -> HP Image Zone Express
Ad-Aware -> Ad-Aware
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
BookSmart™ 1.9.9 1.9.9 -> BookSmart™ 1.9.9 1.9.9
CAL -> Canon Camera Access Library
CameraWindowDC -> Canon Utilities CameraWindow DC
CameraWindowDVC5 -> Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
CameraWindowDVC6 -> Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
CameraWindowLauncher -> Canon Utilities CameraWindow
Canon G.726 WMP-Decoder -> Canon G.726 WMP-Decoder
Coupon Printer for Windows4.0 -> Coupon Printer for Windows
CSCLIB -> Canon Camera Support Core Library
DPP -> Canon Utilities Digital Photo Professional 3.4
EOS Utility -> Canon Utilities EOS Utility
eTrust Suite Personal -> CA Internet Security Suite
HaaliMkx -> Haali Media Splitter
HP Imaging Device Functions -> HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools -> HP Solution Center & Imaging Support Tools 5.3
HPExtendedCapabilities -> HP Extended Capabilities 5.3
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} -> SmartSound Quicktracks Plugin
InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} -> Canon EOS 5D WIA Driver
lvdrivers_11.80 -> Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
MovieEditTask -> Canon MovieEdit Task for ZoomBrowser EX
Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MVApplication1 -> Memorex exPressit Label Design Studio
MyCamera -> Canon Utilities MyCamera
MyCameraDC -> Canon Utilities MyCamera DC
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NoAdware 5.0_is1 -> NoAdware v5.0
NVIDIA Drivers -> NVIDIA Drivers
Original Data Security Tools -> Canon Utilities Original Data Security Tools
PhotoStitch -> Canon Utilities PhotoStitch
Picture Style Editor -> Canon Utilities Picture Style Editor
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX
RemoteCaptureDC -> Canon Utilities RemoteCapture DC
RemoteCaptureTask -> Canon Utilities RemoteCapture Task for ZoomBrowser EX
Roxio PhotoShow -> Roxio PhotoShow
uTorrent -> µTorrent
VETWIN32Vp5 -> CA Anti-Virus
WFTK -> Canon Utilities WFT-E1/E2/E3 Utility
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinLiveSuite_Wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX
ZoomBrowser EX Memory Card Utility -> Canon ZoomBrowser EX Memory Card Utility
< Uninstall List [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
ColorInc ROES -> ColorInc ROES
Facebook Plug-In -> Facebook Plug-In
Move Media Player -> Move Media Player
uTorrent -> µTorrent
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/9/2010 9:47:44 AM Computer Name = TONI-423C633C85 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 4/9/2010 9:48:04 AM Computer Name = TONI-423C633C85 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Application [ Error ] 4/9/2010 9:48:04 AM Computer Name = TONI-423C633C85 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 4/9/2010 9:48:05 AM Computer Name = TONI-423C633C85 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 4/9/2010 9:48:05 AM Computer Name = TONI-423C633C85 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 4/9/2010 9:48:05 AM Computer Name = TONI-423C633C85 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 4/9/2010 9:48:09 AM Computer Name = TONI-423C633C85 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 -> Description = EventType clr20r3, P1 roxiocentralfx.exe, P2 5.0.0.0, P3 4a6970c2, P4 windowsbase, P5 3.0.0.0, P6 488f1338, P7 7c3, P8 eb, P9 system.argumentexception, P10 NIL.
Application [ Error ] 4/9/2010 9:53:07 AM Computer Name = TONI-423C633C85 | Source = pctsSvc.exe | ID = 0 -> Description =
Application [ Error ] 4/9/2010 11:37:19 PM Computer Name = TONI-423C633C85 | Source = UmxAgent | ID = 108 -> Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2.
Application [ Error ] 4/10/2010 9:05:54 PM Computer Name = TONI-423C633C85 | Source = Application Hang | ID = 1002 -> Description = Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 4/9/2010 12:42:42 PM Computer Name = TONI-423C633C85 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 4/9/2010 12:45:11 PM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
System [ Error ] 4/9/2010 12:45:23 PM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: KmxFw
System [ Error ] 4/10/2010 9:03:25 AM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
System [ Error ] 4/10/2010 9:03:34 AM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: KmxFw
System [ Error ] 4/11/2010 8:40:18 AM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
System [ Error ] 4/11/2010 8:40:24 AM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: KmxFw
System [ Error ] 4/12/2010 7:22:37 AM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.
System [ Error ] 4/12/2010 7:22:44 AM Computer Name = TONI-423C633C85 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: KmxFw
System [ Error ] 4/12/2010 8:15:47 PM Computer Name = TONI-423C633C85 | Source = Print | ID = 6161 -> Description = The document Microsoft Word - Invoice.Carman10.doc owned by Toni failed to print on printer HP Officejet 5600 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\TONI-423C633C85. Win32 error code returned by the print processor: 259 (0x103).

[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\Toni\Desktop\OTS.exe -> [2010/04/12 20:33:51 | 000,638,464 | ---- | C | MD5 = 5E5C23D37C6AB464133476DA06A2CA96] (OldTimer Tools)
Taxes -> C:\Documents and Settings\Toni\My Documents\Taxes -> [2010/04/10 20:40:49 | 000,000,000 | ---D | C]
7.0.0.538f-sdsetup.exe -> C:\Documents and Settings\Toni\Desktop\7.0.0.538f-sdsetup.exe -> [2010/04/08 22:52:52 | 034,595,048 | ---- | C | MD5 = 639679BD5B799D8379FC956444599A7B] (PC Tools )
Firefox Setup 3.6.3.exe -> C:\Documents and Settings\Toni\Desktop\Firefox Setup 3.6.3.exe -> [2010/04/04 11:28:16 | 008,354,440 | ---- | C | MD5 = 053BAB09D571219C8A3FE335A6A789BD] (Mozilla)
uTorrent -> C:\Program Files\uTorrent -> [2010/03/22 13:58:53 | 000,000,000 | ---D | C]
utorrent.exe -> C:\Documents and Settings\Toni\Desktop\utorrent.exe -> [2010/03/22 13:58:12 | 000,319,792 | ---- | C | MD5 = E5A1E18EC3158460A73D293241369C39] (BitTorrent, Inc.)
Pain CD -> C:\Documents and Settings\Toni\Desktop\Pain CD -> [2010/03/15 15:55:53 | 000,000,000 | ---D | C]
Stress CD -> C:\Documents and Settings\Toni\Desktop\Stress CD -> [2010/03/15 15:35:25 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Toni\Application Data\Malwarebytes -> [2010/03/10 10:05:06 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/10 10:04:58 | 000,038,224 | ---- | C | MD5 = C0D40BEAA6DFC05602FC8F484696F7F5] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/03/10 10:04:55 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/10 10:04:54 | 000,019,160 | ---- | C | MD5 = 654A3F014903DC62CAF5E037F3D316D2] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/03/10 10:04:54 | 000,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\Toni\Desktop\mbam-setup.exe -> [2010/03/10 10:03:26 | 005,115,824 | ---- | C | MD5 = E6111E6D0B99286F99C35B09835DB9BA] (Malwarebytes Corporation )
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/03/10 09:53:10 | 000,000,000 | ---D | C]
moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/09 21:57:30 | 003,558,912 | ---- | C | MD5 = E002A7E05185BD7FC7646CD229311B22] (Microsoft Corporation)
firefox.exe -> C:\Documents and Settings\Toni\Desktop\firefox.exe -> [2010/03/09 17:49:17 | 000,307,672 | ---- | C | MD5 = 06378B35F42F5F98FD53DCF1E08920FC] (Mozilla Corporation)
MicroVision Applications -> C:\Documents and Settings\Toni\Local Settings\Application Data\MicroVision Applications -> [2010/03/01 19:30:34 | 000,000,000 | ---D | C]
SureThing Shared -> C:\Program Files\Common Files\SureThing Shared -> [2010/03/01 19:27:57 | 000,000,000 | ---D | C]
msvcr70.dll -> C:\WINDOWS\System32\msvcr70.dll -> [2010/03/01 19:27:56 | 000,344,064 | ---- | C | MD5 = 9972A6ED4F2388DBFA8E0A96F6F3FDF1] (Microsoft Corporation)
MVUNINST -> C:\WINDOWS\MVUNINST -> [2010/03/01 19:27:56 | 000,000,000 | ---D | C]
Memorex exPressit Label Design Studio -> C:\Program Files\Memorex exPressit Label Design Studio -> [2010/03/01 19:27:56 | 000,000,000 | ---D | C]
Roxio -> C:\Documents and Settings\LocalService\Application Data\Roxio -> [2010/02/26 15:22:42 | 000,000,000 | ---D | M]
Macrovision -> C:\Documents and Settings\Toni\Application Data\Macrovision -> [2010/02/11 09:01:19 | 000,000,000 | ---D | C]
Sonic_Solutions -> C:\Documents and Settings\Toni\Local Settings\Application Data\Sonic_Solutions -> [2010/02/11 09:00:51 | 000,000,000 | ---D | C]
Uninstall -> C:\Documents and Settings\All Users\Application Data\Uninstall -> [2010/02/11 08:45:05 | 000,000,000 | ---D | C]
CinemaNow -> C:\Documents and Settings\All Users\Application Data\CinemaNow -> [2010/02/11 08:41:09 | 000,000,000 | ---D | C]
CinemaNow -> C:\Program Files\CinemaNow -> [2010/02/11 08:41:02 | 000,000,000 | ---D | C]
Simple Star -> C:\Documents and Settings\Toni\Application Data\Simple Star -> [2010/02/11 08:39:41 | 000,000,000 | ---D | C]
My PhotoShows -> C:\Documents and Settings\Toni\My Documents\My PhotoShows -> [2010/02/11 08:39:41 | 000,000,000 | ---D | C]
PhotoShow Shared Assets -> C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets -> [2010/02/11 08:39:33 | 000,000,000 | ---D | C]
Roxio -> C:\Program Files\Roxio -> [2010/02/11 08:39:29 | 000,000,000 | ---D | C]
SmartSound Software Inc -> C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc -> [2010/02/11 08:38:34 | 000,000,000 | ---D | C]
SmartSound Software -> C:\Program Files\SmartSound Software -> [2010/02/11 08:38:33 | 000,000,000 | ---D | C]
Sonic -> C:\Documents and Settings\All Users\Application Data\Sonic -> [2010/02/11 08:34:59 | 000,000,000 | ---D | C]
Roxio -> C:\Documents and Settings\All Users\Application Data\Roxio -> [2010/02/11 08:30:05 | 000,000,000 | ---D | C]
Sonic Shared -> C:\Program Files\Common Files\Sonic Shared -> [2010/02/11 08:29:42 | 000,000,000 | ---D | C]
Roxio 2010 -> C:\Program Files\Roxio 2010 -> [2010/02/11 08:29:41 | 000,000,000 | ---D | C]
Macrovision -> C:\Documents and Settings\All Users\Application Data\Macrovision -> [2010/02/11 08:29:41 | 000,000,000 | ---D | C]
MSXML 6.0 -> C:\Program Files\MSXML 6.0 -> [2010/02/11 08:28:48 | 000,000,000 | ---D | C]
xactengine2_10.dll -> C:\WINDOWS\System32\xactengine2_10.dll -> [2010/02/11 08:28:40 | 000,267,272 | ---- | C | MD5 = 73E055AF78A64F9B2779D44407CA2AB6] (Microsoft Corporation)
d3dx9_36.dll -> C:\WINDOWS\System32\d3dx9_36.dll -> [2010/02/11 08:28:39 | 003,734,536 | ---- | C | MD5 = 44BFEC5C9C82A2EE9871D88FD3B9A0E2] (Microsoft Corporation)
D3DCompiler_36.dll -> C:\WINDOWS\System32\D3DCompiler_36.dll -> [2010/02/11 08:28:39 | 001,374,232 | ---- | C | MD5 = FB4299688A0D3A37687C015AC2B9922D] (Microsoft Corporation)
d3dx10_36.dll -> C:\WINDOWS\System32\d3dx10_36.dll -> [2010/02/11 08:28:39 | 000,444,776 | ---- | C | MD5 = D9158E78A368B08D9133043EB3058C12] (Microsoft Corporation)
D3DCompiler_35.dll -> C:\WINDOWS\System32\D3DCompiler_35.dll -> [2010/02/11 08:28:38 | 001,358,192 | ---- | C | MD5 = 5B441670A4F5F8BCCE76741902B8AF56] (Microsoft Corporation)
d3dx10_35.dll -> C:\WINDOWS\System32\d3dx10_35.dll -> [2010/02/11 08:28:38 | 000,444,776 | ---- | C | MD5 = F3764552E45880DC49B82F38699AA87C] (Microsoft Corporation)
xactengine2_9.dll -> C:\WINDOWS\System32\xactengine2_9.dll -> [2010/02/11 08:28:38 | 000,267,112 | ---- | C | MD5 = 46EE68F04A75A1CCF40235EA6F1CBA05] (Microsoft Corporation)
d3dx9_35.dll -> C:\WINDOWS\System32\d3dx9_35.dll -> [2010/02/11 08:28:37 | 003,727,720 | ---- | C | MD5 = 3EF18B78D17C962F2B71AC1CB7757684] (Microsoft Corporation)
D3DCompiler_34.dll -> C:\WINDOWS\System32\D3DCompiler_34.dll -> [2010/02/11 08:28:35 | 001,124,720 | ---- | C | MD5 = 75F206C195BBACA6EF28565B1C0CD75C] (Microsoft Corporation)
d3dx10_34.dll -> C:\WINDOWS\System32\d3dx10_34.dll -> [2010/02/11 08:28:35 | 000,443,752 | ---- | C | MD5 = 5AA9987F2E62B56D7661B6901901F927] (Microsoft Corporation)
xactengine2_8.dll -> C:\WINDOWS\System32\xactengine2_8.dll -> [2010/02/11 08:28:35 | 000,266,088 | ---- | C | MD5 = 499210C45AFEAADEE8CF4DCF7D5E570B] (Microsoft Corporation)
X3DAudio1_2.dll -> C:\WINDOWS\System32\X3DAudio1_2.dll -> [2010/02/11 08:28:35 | 000,017,928 | ---- | C | MD5 = F6A9FC2AD2F9111372B5AB3BBA3707EC] (Microsoft Corporation)
d3dx9_34.dll -> C:\WINDOWS\System32\d3dx9_34.dll -> [2010/02/11 08:28:34 | 003,497,832 | ---- | C | MD5 = 1CA939918ED1B930059B3A882DE6F648] (Microsoft Corporation)
xinput1_3.dll -> C:\WINDOWS\System32\xinput1_3.dll -> [2010/02/11 08:28:33 | 000,081,768 | ---- | C | MD5 = 77F595DEE5FFACEA72B135B1FCE1312E] (Microsoft Corporation)
xactengine2_7.dll -> C:\WINDOWS\System32\xactengine2_7.dll -> [2010/02/11 08:28:32 | 000,261,480 | ---- | C | MD5 = 7FEBB8CE2233CBAE738B16D42ED29674] (Microsoft Corporation)
D3DCompiler_33.dll -> C:\WINDOWS\System32\D3DCompiler_33.dll -> [2010/02/11 08:28:31 | 001,123,696 | ---- | C | MD5 = FAE7E1D578C42A7C3D9D61A99D178BD5] (Microsoft Corporation)
d3dx10_33.dll -> C:\WINDOWS\System32\d3dx10_33.dll -> [2010/02/11 08:28:31 | 000,443,752 | ---- | C | MD5 = 37A8171ACCF46A9C196054066C28827F] (Microsoft Corporation)
d3dx9_33.dll -> C:\WINDOWS\System32\d3dx9_33.dll -> [2010/02/11 08:28:29 | 003,495,784 | ---- | C | MD5 = CDB1CD22BAFF21F48606B3C1A18B000B] (Microsoft Corporation)
xactengine2_6.dll -> C:\WINDOWS\System32\xactengine2_6.dll -> [2010/02/11 08:28:29 | 000,255,848 | ---- | C | MD5 = 39000E033D39D19CCCE21AEAFCCE2476] (Microsoft Corporation)
xactengine2_5.dll -> C:\WINDOWS\System32\xactengine2_5.dll -> [2010/02/11 08:28:28 | 000,251,672 | ---- | C | MD5 = 86C93789E9006F1AC47ED9DD47D4C8A1] (Microsoft Corporation)
xactengine2_4.dll -> C:\WINDOWS\System32\xactengine2_4.dll -> [2010/02/11 08:28:27 | 000,237,848 | ---- | C | MD5 = 6550E1A0A7BE611592C31222FCB981FB] (Microsoft Corporation)
x3daudio1_1.dll -> C:\WINDOWS\System32\x3daudio1_1.dll -> [2010/02/11 08:28:27 | 000,015,128 | ---- | C | MD5 = 121B131EAA369D8F58DACC5C39A77D80] (Microsoft Corporation)
d3dx9_31.dll -> C:\WINDOWS\System32\d3dx9_31.dll -> [2010/02/11 08:28:26 | 002,414,360 | ---- | C | MD5 = 797E24743937D67D69F28F2CF5052EE8] (Microsoft Corporation)
xactengine2_3.dll -> C:\WINDOWS\System32\xactengine2_3.dll -> [2010/02/11 08:28:26 | 000,236,824 | ---- | C | MD5 = 69D841744B2BAE38FBB2D40A230A549C] (Microsoft Corporation)
xinput1_2.dll -> C:\WINDOWS\System32\xinput1_2.dll -> [2010/02/11 08:28:26 | 000,062,744 | ---- | C | MD5 = 33B62BE226934E1B01F5043870C70427] (Microsoft Corporation)
xactengine2_2.dll -> C:\WINDOWS\System32\xactengine2_2.dll -> [2010/02/11 08:28:25 | 000,230,168 | ---- | C | MD5 = 5C4D3843B491C047B7A619901FBD2EC1] (Microsoft Corporation)
xactengine2_1.dll -> C:\WINDOWS\System32\xactengine2_1.dll -> [2010/02/11 08:28:25 | 000,229,584 | ---- | C | MD5 = 7C9952111F4C743B9F0D8B68B6ED93C9] (Microsoft Corporation)
xinput1_1.dll -> C:\WINDOWS\System32\xinput1_1.dll -> [2010/02/11 08:28:25 | 000,062,672 | ---- | C | MD5 = F1726346E583442541FE73429F8E9C10] (Microsoft Corporation)
d3dx9_30.dll -> C:\WINDOWS\System32\d3dx9_30.dll -> [2010/02/11 08:28:17 | 002,388,176 | ---- | C | MD5 = E415862612E65F10D7D888443ECD7594] (Microsoft Corporation)
d3dx9_29.dll -> C:\WINDOWS\System32\d3dx9_29.dll -> [2010/02/11 08:28:16 | 002,332,368 | ---- | C | MD5 = 99F4FC172A5ACE36CF00AA7038D23F2C] (Microsoft Corporation)
d3dx9_28.dll -> C:\WINDOWS\System32\d3dx9_28.dll -> [2010/02/11 08:28:16 | 002,323,664 | ---- | C | MD5 = BE19B603DFBAA829EE5B7749B3BA97DB] (Microsoft Corporation)
xactengine2_0.dll -> C:\WINDOWS\System32\xactengine2_0.dll -> [2010/02/11 08:28:16 | 000,230,096 | ---- | C | MD5 = 2112FE0C46662D429347A7D7B49E3ECE] (Microsoft Corporation)
x3daudio1_0.dll -> C:\WINDOWS\System32\x3daudio1_0.dll -> [2010/02/11 08:28:16 | 000,014,032 | ---- | C | MD5 = 4E961525CC7FF0E5D7DA19E170B7C14C] (Microsoft Corporation)
d3dx9_27.dll -> C:\WINDOWS\System32\d3dx9_27.dll -> [2010/02/11 08:28:15 | 002,319,568 | ---- | C | MD5 = 852EDC778A7A50077694F84D8E601234] (Microsoft Corporation)
d3dx9_26.dll -> C:\WINDOWS\System32\d3dx9_26.dll -> [2010/02/11 08:28:15 | 002,297,552 | ---- | C | MD5 = 523AB607EEF81CC4D909E7FEBD8A788E] (Microsoft Corporation)
xinput9_1_0.dll -> C:\WINDOWS\System32\xinput9_1_0.dll -> [2010/02/11 08:28:15 | 000,061,136 | ---- | C | MD5 = ADFB6D7B61E301761C700652B6FE7CCD] (Microsoft Corporation)
d3dx9_25.dll -> C:\WINDOWS\System32\d3dx9_25.dll -> [2010/02/11 08:28:14 | 002,337,488 | ---- | C | MD5 = 5B48FE9D6686F0D54B26A005ACE24D1D] (Microsoft Corporation)
d3dx9_24.dll -> C:\WINDOWS\System32\d3dx9_24.dll -> [2010/02/11 08:28:11 | 002,222,800 | ---- | C | MD5 = BC831661963763AC4D504C5CABB1FDD9] (Microsoft Corporation)
Roxio Log Files -> C:\Documents and Settings\Toni\Application Data\Roxio Log Files -> [2010/02/11 08:26:19 | 000,000,000 | ---D | C]
Facebook -> C:\Documents and Settings\Toni\Application Data\Facebook -> [2010/01/31 21:44:47 | 000,000,000 | ---D | C]
Install_Facebook_Plug-In_1.0.1.exe -> C:\Program Files\Install_Facebook_Plug-In_1.0.1.exe -> [2010/01/31 21:43:22 | 002,107,456 | ---- | C | MD5 = 074A23C14A8C6C6AC86D880EB9BBF634] (Facebook, Inc.)
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/07/30 07:23:50 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/07/30 07:23:18 | 000,000,000 | --SD | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/02/13 19:46:02 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/01/28 09:10:04 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/01/28 09:08:02 | 000,000,000 | --SD | M]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
2 C:\Documents and Settings\Toni\Desktop\*.tmp files -> C:\Documents and Settings\Toni\Desktop\*.tmp ->
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

ToniCarman · « **Reply #11 on:** April 12, 2010, 09:49:23 PM »

[Files/Folders - Modified Within 90 Days]
OTS.exe -> C:\Documents and Settings\Toni\Desktop\OTS.exe -> [2010/04/12 20:33:58 | 000,638,464 | ---- | M | MD5 = 5E5C23D37C6AB464133476DA06A2CA96] (OldTimer Tools)
Ad-Aware Update (Daily 2).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job -> [2010/04/12 17:15:13 | 000,000,472 | ---- | M | MD5 = 34A3E89613AEECFFC749729B5E2D96F1] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/04/12 11:24:17 | 000,000,472 | ---- | M | MD5 = 32D68C4E9577EA5489E05CC98203F96F] ()
Ad-Aware Update (Daily 4).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job -> [2010/04/12 11:24:16 | 000,000,472 | ---- | M | MD5 = 535B25043253F54EAB0D974A05CDBA58] ()
Ad-Aware Update (Daily 3).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job -> [2010/04/12 11:24:15 | 000,000,472 | ---- | M | MD5 = E18F7542CA247075E2D69D4CE09717FB] ()
Ad-Aware Update (Daily 1).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job -> [2010/04/12 11:24:14 | 000,000,472 | ---- | M | MD5 = 6B26A110B574E8F20120C837B1E3E6F9] ()
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/04/12 07:36:11 | 000,191,655 | ---- | M | MD5 = 346D7328DD1C6A1129E24C02FD2351A7] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/12 07:21:41 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/12 07:21:35 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
lvuvc.hs -> C:\WINDOWS\System32\drivers\lvuvc.hs -> [2010/04/12 07:21:31 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
logiflt.iad -> C:\WINDOWS\System32\drivers\logiflt.iad -> [2010/04/12 07:21:28 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
kmxcfg.u2k0 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k0 -> [2010/04/11 23:14:30 | 000,227,220 | ---- | M | MD5 = F56E8FFC001F7DFEC8F88E45D41D6DCC] ()
kmxcfg.u2k7 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k7 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
kmxcfg.u2k6 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k6 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
kmxcfg.u2k5 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k5 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
kmxcfg.u2k4 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k4 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
kmxcfg.u2k3 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k3 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
kmxcfg.u2k2 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k2 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
kmxcfg.u2k1 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k1 -> [2010/04/11 23:14:30 | 000,000,064 | ---- | M | MD5 = 21314FCC4A773717853778CD0E4EABE8] ()
NTUSER.DAT -> C:\Documents and Settings\Toni\NTUSER.DAT -> [2010/04/11 23:14:02 | 007,602,176 | -H-- | M | Unable to obtain MD5] ()
ntuser.ini -> C:\Documents and Settings\Toni\ntuser.ini -> [2010/04/11 23:14:02 | 000,000,278 | -HS- | M | MD5 = 13CFB479E23F335EB4F1F4A80602757A] ()
OQ Notes.doc -> C:\Documents and Settings\Toni\Desktop\OQ Notes.doc -> [2010/04/11 23:12:21 | 000,024,064 | ---- | M | MD5 = 7B8E16BAC2FE5118FC961DD1E5ED0B3D] ()
before and after.jpg -> C:\Documents and Settings\Toni\Desktop\before and after.jpg -> [2010/04/11 18:23:31 | 000,173,467 | ---- | M | MD5 = A3DF2FBBF2988E4FA994AA26A8FB431E] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/09 18:46:06 | 000,000,284 | ---- | M | MD5 = 3E5064E696883C5018C1DDA2EA1A284A] ()
IconCache.db -> C:\Documents and Settings\Toni\Local Settings\Application Data\IconCache.db -> [2010/04/09 11:02:11 | 004,208,744 | -H-- | M | MD5 = 8D89A8FD351455E7DBC0288CA087A3C5] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/04/09 10:27:53 | 000,000,664 | ---- | M | MD5 = 47D18174E57A84545936E56FCE3E5EF8] ()
7.0.0.538f-sdsetup.exe -> C:\Documents and Settings\Toni\Desktop\7.0.0.538f-sdsetup.exe -> [2010/04/08 22:54:36 | 034,595,048 | ---- | M | MD5 = 639679BD5B799D8379FC956444599A7B] (PC Tools )
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/08 22:33:24 | 000,013,646 | ---- | M | MD5 = 071ABA0828D465CC34962E738176ACD2] ()
vso_ts_preview.xml -> C:\Documents and Settings\Toni\Application Data\vso_ts_preview.xml -> [2010/04/07 17:23:07 | 000,001,044 | ---- | M | MD5 = 7F2CDD43EFE2DB95586C2A845DF57B35] ()
TO DO LIST.doc -> C:\Documents and Settings\Toni\Desktop\TO DO LIST.doc -> [2010/04/06 13:00:37 | 000,029,696 | ---- | M | MD5 = 1BE9AC7E34A9154F7BEDB8E5FFF97AC7] ()
~$ DO LIST.doc -> C:\Documents and Settings\Toni\Desktop\~$ DO LIST.doc -> [2010/04/06 12:54:32 | 000,000,162 | -H-- | M | MD5 = B12143A2585D8977B04193DB18395613] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/04 12:36:18 | 000,001,602 | ---- | M | MD5 = 6E987F15F55017C9EB214B4A6E2DA5E5] ()
Firefox Setup 3.6.3.exe -> C:\Documents and Settings\Toni\Desktop\Firefox Setup 3.6.3.exe -> [2010/04/04 11:28:24 | 008,354,440 | ---- | M | MD5 = 053BAB09D571219C8A3FE335A6A789BD] (Mozilla)
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/24 15:30:26 | 000,096,256 | ---- | M | MD5 = F9906CA85DFD79A568C58C7BE592E4FA] ()
screen02- status report.jpg -> C:\Documents and Settings\Toni\Desktop\screen02- status report.jpg -> [2010/03/22 20:25:02 | 000,183,567 | ---- | M | MD5 = 738AD1B8C5EA3AF5E1BA2D1CAC9C6EAD] ()
screen01.jpg -> C:\Documents and Settings\Toni\Desktop\screen01.jpg -> [2010/03/22 20:23:50 | 000,218,946 | ---- | M | MD5 = FFA78C31DA3D646727DF32E8CDCF3DAF] ()
export bloglines.opml -> C:\Documents and Settings\Toni\Desktop\export bloglines.opml -> [2010/03/22 20:15:12 | 000,016,745 | ---- | M | MD5 = 8EABDCF272007AB71A71E10156101DDC] ()
µTorrent.lnk -> C:\Documents and Settings\All Users\Desktop\µTorrent.lnk -> [2010/03/22 13:58:53 | 000,000,630 | ---- | M | MD5 = BE0802EA61B365E47C5D00051F1D11F2] ()
utorrent.exe -> C:\Documents and Settings\Toni\Desktop\utorrent.exe -> [2010/03/22 13:58:13 | 000,319,792 | ---- | M | MD5 = E5A1E18EC3158460A73D293241369C39] (BitTorrent, Inc.)
cpnprt2.cid -> C:\WINDOWS\System32\cpnprt2.cid -> [2010/03/18 21:02:47 | 000,230,808 | R--- | M | MD5 = 7E9505EB61D20F2AA8D8F12F840FF564] (Coupons, Inc.)
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/14 08:53:35 | 000,465,072 | ---- | M | MD5 = 4A4FDC1D74B9AF6C321794696458A3D2] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/14 08:53:35 | 000,078,958 | ---- | M | MD5 = 0C48CE9E21876EECAA8314A1CB3ADE37] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/14 08:53:34 | 000,555,168 | ---- | M | MD5 = F24FE24C3121CFD6F46D5E1C5949EF9C] ()
urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/03/11 08:38:54 | 001,168,384 | ---- | M | MD5 = 5CC4CA802CC6EE0EB3DB05133645FB59] (Microsoft Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/03/11 08:38:54 | 000,832,512 | ---- | M | MD5 = B6AB2EB1DA4BB29079B84AC842520670] (Microsoft Corporation)
webcheck.dll -> C:\WINDOWS\System32\dllcache\webcheck.dll -> [2010/03/11 08:38:54 | 000,233,472 | ---- | M | MD5 = FDCD38384253953BFD423414560FF635] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/03/11 08:38:53 | 003,599,872 | ---- | M | MD5 = 94359CD5BB6AC1CC08088F4A4091FF1E] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\mstime.dll -> [2010/03/11 08:38:53 | 000,671,232 | ---- | M | MD5 = D3528F91F7B1C6296549674A971CC664] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\dllcache\mstime.dll -> [2010/03/11 08:38:53 | 000,671,232 | ---- | M | MD5 = D3528F91F7B1C6296549674A971CC664] (Microsoft Corporation)
mshtmled.dll -> C:\WINDOWS\System32\dllcache\mshtmled.dll -> [2010/03/11 08:38:53 | 000,477,696 | ---- | M | MD5 = 8CC083FC1A0876EFE7318FA33586AA11] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2010/03/11 08:38:53 | 000,459,264 | ---- | M | MD5 = F04BD05DD504C98FE4A9F7CC97DC608A] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2010/03/11 08:38:53 | 000,459,264 | ---- | M | MD5 = F04BD05DD504C98FE4A9F7CC97DC608A] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\msrating.dll -> [2010/03/11 08:38:53 | 000,193,024 | ---- | M | MD5 = 5AA2B189813A3FDC45D66E8F85930FBD] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\dllcache\msrating.dll -> [2010/03/11 08:38:53 | 000,193,024 | ---- | M | MD5 = 5AA2B189813A3FDC45D66E8F85930FBD] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\url.dll -> [2010/03/11 08:38:53 | 000,105,984 | ---- | M | MD5 = CD5413D6F3040C89565F96B98D4DB830] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\dllcache\url.dll -> [2010/03/11 08:38:53 | 000,105,984 | ---- | M | MD5 = CD5413D6F3040C89565F96B98D4DB830] (Microsoft Corporation)
occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2010/03/11 08:38:53 | 000,102,912 | ---- | M | MD5 = E6FD7C2B305DB7421512B48210493491] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2010/03/11 08:38:53 | 000,052,224 | ---- | M | MD5 = 0E44F38D2373738FEFE37D3DC68C79ED] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2010/03/11 08:38:53 | 000,052,224 | ---- | M | MD5 = 0E44F38D2373738FEFE37D3DC68C79ED] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\pngfilt.dll -> [2010/03/11 08:38:53 | 000,044,544 | ---- | M | MD5 = 753B0AF785F696F96F76864DC6BDFFC1] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\dllcache\pngfilt.dll -> [2010/03/11 08:38:53 | 000,044,544 | ---- | M | MD5 = 753B0AF785F696F96F76864DC6BDFFC1] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2010/03/11 08:38:52 | 006,067,200 | ---- | M | MD5 = A963827DF78D69BC9E9CACA7427C6EDB] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2010/03/11 08:38:52 | 001,830,912 | ---- | M | MD5 = B6D7940BA71A7D3C6CCC256B79B88274] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2010/03/11 08:38:52 | 001,830,912 | ---- | M | MD5 = B6D7940BA71A7D3C6CCC256B79B88274] (Microsoft Corporation)
iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2010/03/11 08:38:52 | 000,268,288 | ---- | M | MD5 = 5C3715E234D70F38C52A689F95DC51F1] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/03/11 08:38:52 | 000,192,512 | ---- | M | MD5 = 83F585E33DD5D0FF3E25B2EE6B049F49] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/03/11 08:38:52 | 000,192,512 | ---- | M | MD5 = 83F585E33DD5D0FF3E25B2EE6B049F49] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/03/11 08:38:52 | 000,078,336 | ---- | M | MD5 = 95E4DB9C68BA89C8A0C5184685F19EDA] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/03/11 08:38:52 | 000,078,336 | ---- | M | MD5 = 95E4DB9C68BA89C8A0C5184685F19EDA] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\iernonce.dll -> [2010/03/11 08:38:52 | 000,044,544 | ---- | M | MD5 = D0D45AF74473533AED0AF562D271C088] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\dllcache\iernonce.dll -> [2010/03/11 08:38:52 | 000,044,544 | ---- | M | MD5 = D0D45AF74473533AED0AF562D271C088] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2010/03/11 08:38:52 | 000,027,648 | ---- | M | MD5 = 3B821D03BECF4C1C1506B406218B4724] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2010/03/11 08:38:52 | 000,027,648 | ---- | M | MD5 = 3B821D03BECF4C1C1506B406218B4724] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2010/03/11 08:38:51 | 000,385,024 | ---- | M | MD5 = 859C318A2B62428B90DE218957DBBBE7] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2010/03/11 08:38:51 | 000,385,024 | ---- | M | MD5 = 859C318A2B62428B90DE218957DBBBE7] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\ieapfltr.dll -> [2010/03/11 08:38:51 | 000,380,928 | ---- | M | MD5 = 36DC94549D7219B31931BA5DB70CB499] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\dllcache\ieapfltr.dll -> [2010/03/11 08:38:51 | 000,380,928 | ---- | M | MD5 = 36DC94549D7219B31931BA5DB70CB499] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dxtmsft.dll -> [2010/03/11 08:38:51 | 000,347,136 | ---- | M | MD5 = 482C080A5ACCB1730760D7A2F6B93767] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dllcache\dxtmsft.dll -> [2010/03/11 08:38:51 | 000,347,136 | ---- | M | MD5 = 482C080A5ACCB1730760D7A2F6B93767] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\ieaksie.dll -> [2010/03/11 08:38:51 | 000,230,400 | ---- | M | MD5 = 6DBA8BAAC12102FBD3BF850D98F006E0] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\dllcache\ieaksie.dll -> [2010/03/11 08:38:51 | 000,230,400 | ---- | M | MD5 = 6DBA8BAAC12102FBD3BF850D98F006E0] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dxtrans.dll -> [2010/03/11 08:38:51 | 000,214,528 | ---- | M | MD5 = 8D73E84523E719B44F24E6D47905E92C] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dllcache\dxtrans.dll -> [2010/03/11 08:38:51 | 000,214,528 | ---- | M | MD5 = 8D73E84523E719B44F24E6D47905E92C] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\ieakeng.dll -> [2010/03/11 08:38:51 | 000,153,088 | ---- | M | MD5 = 8BF2359A10B83035107BBCB4BFE2D007] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\dllcache\ieakeng.dll -> [2010/03/11 08:38:51 | 000,153,088 | ---- | M | MD5 = 8BF2359A10B83035107BBCB4BFE2D007] (Microsoft Corporation)
extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2010/03/11 08:38:51 | 000,133,120 | ---- | M | MD5 = 4EC329631D477530A77C4908F97F77C2] (Microsoft Corporation)
advpack.dll -> C:\WINDOWS\System32\dllcache\advpack.dll -> [2010/03/11 08:38:51 | 000,124,928 | ---- | M | MD5 = F2F11B8CE695F367551D84E796BA150D] (Microsoft Corporation)
icardie.dll -> C:\WINDOWS\System32\dllcache\icardie.dll -> [2010/03/11 08:38:51 | 000,063,488 | ---- | M | MD5 = 4F1594B490C85A152B1931A98D2AEBEA] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\dllcache\corpol.dll -> [2010/03/11 08:38:51 | 000,017,408 | ---- | M | MD5 = 884C8D2591E5CC3C3CAC2B35029D7E7D] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\corpol.dll -> [2010/03/11 08:38:51 | 000,017,408 | ---- | M | MD5 = 884C8D2591E5CC3C3CAC2B35029D7E7D] (Microsoft Corporation)
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/10 10:05:01 | 000,000,696 | ---- | M | MD5 = 9004751FD9C181C0D993108D8CA30352] ()
mbam-setup.exe -> C:\Documents and Settings\Toni\Desktop\mbam-setup.exe -> [2010/03/10 10:03:30 | 005,115,824 | ---- | M | MD5 = E6111E6D0B99286F99C35B09835DB9BA] (Malwarebytes Corporation )
fix.reg -> C:\Documents and Settings\Toni\Desktop\fix.reg -> [2010/03/10 09:38:07 | 000,000,354 | ---- | M | MD5 = 716DF3B9F150C50DFCEEA5F2B23CBAC4] ()
html.iec -> C:\WINDOWS\System32\html.iec -> [2010/03/10 09:18:46 | 000,389,120 | ---- | M | MD5 = B0590137D784B9DFD97D7911F751E74D] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\ieudinit.exe -> [2010/03/10 09:18:21 | 000,013,824 | ---- | M | MD5 = C9CE37D0C3F0CC0F303522D31433B6B7] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2010/03/10 09:18:21 | 000,013,824 | ---- | M | MD5 = C9CE37D0C3F0CC0F303522D31433B6B7] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2010/03/10 09:18:20 | 000,070,656 | ---- | M | MD5 = 9BA130F8643F47F4C22FE2E366400ED7] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2010/03/10 09:18:20 | 000,070,656 | ---- | M | MD5 = 9BA130F8643F47F4C22FE2E366400ED7] (Microsoft Corporation)
win.ini -> C:\WINDOWS\win.ini -> [2010/03/09 23:06:05 | 000,000,658 | ---- | M | MD5 = B2F8C517E4DBF1416F9A27398057E0F2] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/03/09 23:04:56 | 000,001,355 | ---- | M | MD5 = 17C099471D2E0FD80FF6CEDBA84A2F90] ()
firefox.exe -> C:\Documents and Settings\Toni\Desktop\firefox.exe -> [2010/03/09 17:49:03 | 000,307,672 | ---- | M | MD5 = 06378B35F42F5F98FD53DCF1E08920FC] (Mozilla Corporation)
ruYS -> C:\Documents and Settings\Toni\Local Settings\Application Data\ruYS -> [2010/03/09 12:21:54 | 000,013,086 | -HS- | M | MD5 = 3BE05D8161FBC46986A979CB68E5EC96] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/03/02 08:13:55 | 002,101,944 | ---- | M | MD5 = 110353769471AB1FA383D935EBE7F3BA] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/03/01 19:41:57 | 000,343,928 | ---- | M | MD5 = 3E7C6557FFA424FA78471BFD4209D1B3] ()
Memorex exPressit.lnk -> C:\Documents and Settings\All Users\Desktop\Memorex exPressit.lnk -> [2010/03/01 19:28:11 | 000,000,818 | ---- | M | MD5 = 90C4DF15A2E8C2306EEBF2099355C8F9] ()
exPressit.zip -> C:\Documents and Settings\Toni\Desktop\exPressit.zip -> [2010/03/01 19:27:17 | 018,131,206 | ---- | M | MD5 = 82B1EDB7CAC1AE608718C9AA24B1461A] ()
cd_label.pdf -> C:\Documents and Settings\Toni\Desktop\cd_label.pdf -> [2010/03/01 16:07:44 | 000,053,107 | ---- | M | MD5 = 49498724B1FC0C41C6E185BC073F4B82] ()
Boys Schedule.doc -> C:\Documents and Settings\Toni\My Documents\Boys Schedule.doc -> [2010/02/23 21:19:13 | 000,026,624 | ---- | M | MD5 = 8382AE3ECA7C8E2D5376E2A1B67180AF] ()
call report step 106 att 16 for print.pdf -> C:\Documents and Settings\Toni\Desktop\call report step 106 att 16 for print.pdf -> [2010/02/23 17:20:34 | 000,002,902 | ---- | M | MD5 = 5C774C795465FFB7ABE371D0478CDA76] ()
call report step 98 att 14 for print.pdf -> C:\Documents and Settings\Toni\Desktop\call report step 98 att 14 for print.pdf -> [2010/02/23 16:47:41 | 000,002,897 | ---- | M | MD5 = DFCBDA378E74A3FF40EB1D2122CEFFFC] ()
CAAntiSpywareScan_Daily as Toni at 10 24 AM.job -> C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job -> [2010/02/23 12:41:37 | 000,000,512 | ---- | M | MD5 = 298B9C593FB3D4C5186EC1D42ED492FD] ()
iexplore.exe -> C:\WINDOWS\System32\dllcache\iexplore.exe -> [2010/02/23 01:20:02 | 000,634,648 | ---- | M | MD5 = B5116340B84824DDD0A641E36B126194] (Microsoft Corporation)
ieakui.dll -> C:\WINDOWS\System32\ieakui.dll -> [2010/02/23 01:18:28 | 000,161,792 | ---- | M | MD5 = BC0E485A15A1F71771933059ABBCD835] (Microsoft Corporation)
ieakui.dll -> C:\WINDOWS\System32\dllcache\ieakui.dll -> [2010/02/23 01:18:28 | 000,161,792 | ---- | M | MD5 = BC0E485A15A1F71771933059ABBCD835] (Microsoft Corporation)
ColorInc ROES.lnk -> C:\Documents and Settings\Toni\Desktop\ColorInc ROES.lnk -> [2010/02/19 16:37:41 | 000,001,832 | ---- | M | MD5 = 780BF00CD8B414A6E0128BCE81B0CA91] ()
flightviewcgi.exe.gif -> C:\Documents and Settings\Toni\Desktop\flightviewcgi.exe.gif -> [2010/02/16 13:32:58 | 000,010,311 | ---- | M | MD5 = 8F087B79C5D546D3E5E49886DABB8C46] ()
rx_image32.Cache -> C:\Documents and Settings\Toni\Local Settings\Application Data\rx_image32.Cache -> [2010/02/15 10:59:29 | 000,258,348 | ---- | M | MD5 = 633904C024081256CD800239A3460BBF] ()
CinemaNow.lnk -> C:\Documents and Settings\Toni\My Documents\CinemaNow.lnk -> [2010/02/11 08:41:08 | 000,001,474 | ---- | M | MD5 = 4A8006A3DE574579D369E91761DEF318] ()
Roxio Creator 2010 Pro.lnk -> C:\Documents and Settings\All Users\Desktop\Roxio Creator 2010 Pro.lnk -> [2010/02/11 08:39:07 | 000,001,830 | ---- | M | MD5 = 666361A8DE95C0829C0F2A7C6F20C5B3] ()
Untitled Brushes.abr -> C:\Documents and Settings\Toni\My Documents\Untitled Brushes.abr -> [2010/02/08 08:39:44 | 064,660,538 | ---- | M | MD5 = DBC7D633665283270594C1E2AD9A9CA3] ()
MoveMediaPlayerWin_071505000011.exe -> C:\Program Files\MoveMediaPlayerWin_071505000011.exe -> [2010/02/02 13:02:36 | 001,438,976 | ---- | M | MD5 = 3F74877B35F4A6AC7DFE115D3D336F31] ()
Install_Facebook_Plug-In_1.0.1.exe -> C:\Program Files\Install_Facebook_Plug-In_1.0.1.exe -> [2010/01/31 21:43:37 | 002,107,456 | ---- | M | MD5 = 074A23C14A8C6C6AC86D880EB9BBF634] (Facebook, Inc.)
gburner27.exe -> C:\Program Files\gburner27.exe -> [2010/01/31 08:26:57 | 001,533,702 | ---- | M | MD5 = B6E4B0432A5432AE88B3ECCDA079C59F] ()
lsdelete.exe -> C:\WINDOWS\System32\lsdelete.exe -> [2010/01/27 06:15:23 | 000,015,880 | ---- | M | MD5 = 1DA93C4B323B34E38F5E7F43D9C65788] ()
Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/01/25 19:41:24 | 000,002,265 | ---- | M | MD5 = 821F226102D3726A731D795E155A7FA2] ()
Untitled-5.psd -> C:\Documents and Settings\Toni\Desktop\Untitled-5.psd -> [2010/01/25 19:33:45 | 001,086,540 | ---- | M | MD5 = E86D013F6B8DBB34624A4FB345FDEB10] ()
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
4728 C:\Documents and Settings\Toni\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Toni\Local Settings\Temp\*.tmp ->
4728 C:\Documents and Settings\Toni\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Toni\Local Settings\Temp\*.tmp ->
4728 C:\Documents and Settings\Toni\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Toni\Local Settings\Temp\*.tmp ->
2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
2 C:\Documents and Settings\Toni\Desktop\*.tmp files -> C:\Documents and Settings\Toni\Desktop\*.tmp ->
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
OQ Notes.doc -> C:\Documents and Settings\Toni\Desktop\OQ Notes.doc -> [2010/04/11 23:12:21 | 000,024,064 | ---- | C | MD5 = 7B8E16BAC2FE5118FC961DD1E5ED0B3D] ()
before and after.jpg -> C:\Documents and Settings\Toni\Desktop\before and after.jpg -> [2010/04/11 18:23:29 | 000,173,467 | ---- | C | MD5 = A3DF2FBBF2988E4FA994AA26A8FB431E] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/04/09 09:47:19 | 000,000,664 | ---- | C | MD5 = 47D18174E57A84545936E56FCE3E5EF8] ()
~$ DO LIST.doc -> C:\Documents and Settings\Toni\Desktop\~$ DO LIST.doc -> [2010/04/06 12:54:32 | 000,000,162 | -H-- | C | MD5 = B12143A2585D8977B04193DB18395613] ()
Pain Relief_Amy Arvary, C.ht 01.cda -> C:\Documents and Settings\Toni\Desktop\Pain Relief_Amy Arvary, C.ht 01.cda -> [2010/03/24 17:10:25 | 000,000,044 | ---- | C | MD5 = 7E906E32D08E5D2B7F05C4BF241857A0] ()
screen02- status report.jpg -> C:\Documents and Settings\Toni\Desktop\screen02- status report.jpg -> [2010/03/22 20:25:01 | 000,183,567 | ---- | C | MD5 = 738AD1B8C5EA3AF5E1BA2D1CAC9C6EAD] ()
screen01.jpg -> C:\Documents and Settings\Toni\Desktop\screen01.jpg -> [2010/03/22 20:23:46 | 000,218,946 | ---- | C | MD5 = FFA78C31DA3D646727DF32E8CDCF3DAF] ()
export bloglines.opml -> C:\Documents and Settings\Toni\Desktop\export bloglines.opml -> [2010/03/22 20:15:12 | 000,016,745 | ---- | C | MD5 = 8EABDCF272007AB71A71E10156101DDC] ()
µTorrent.lnk -> C:\Documents and Settings\All Users\Desktop\µTorrent.lnk -> [2010/03/22 13:58:53 | 000,000,630 | ---- | C | MD5 = BE0802EA61B365E47C5D00051F1D11F2] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/10 10:05:01 | 000,000,696 | ---- | C | MD5 = 9004751FD9C181C0D993108D8CA30352] ()
fix.reg -> C:\Documents and Settings\Toni\Desktop\fix.reg -> [2010/03/10 09:38:07 | 000,000,354 | ---- | C | MD5 = 716DF3B9F150C50DFCEEA5F2B23CBAC4] ()
ruYS -> C:\Documents and Settings\Toni\Local Settings\Application Data\ruYS -> [2010/03/09 12:19:47 | 000,013,086 | -HS- | C | MD5 = 3BE05D8161FBC46986A979CB68E5EC96] ()
Memorex exPressit.lnk -> C:\Documents and Settings\All Users\Desktop\Memorex exPressit.lnk -> [2010/03/01 19:28:11 | 000,000,818 | ---- | C | MD5 = 90C4DF15A2E8C2306EEBF2099355C8F9] ()
exPressit.zip -> C:\Documents and Settings\Toni\Desktop\exPressit.zip -> [2010/03/01 19:26:48 | 018,131,206 | ---- | C | MD5 = 82B1EDB7CAC1AE608718C9AA24B1461A] ()
cd_label.pdf -> C:\Documents and Settings\Toni\Desktop\cd_label.pdf -> [2010/03/01 16:07:44 | 000,053,107 | ---- | C | MD5 = 49498724B1FC0C41C6E185BC073F4B82] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/02/28 10:53:40 | 000,002,512 | ---- | C | MD5 = F2DCB69ABB7507B6C7EC8513B37A1D46] ()
Boys Schedule.doc -> C:\Documents and Settings\Toni\My Documents\Boys Schedule.doc -> [2010/02/23 21:19:13 | 000,026,624 | ---- | C | MD5 = 8382AE3ECA7C8E2D5376E2A1B67180AF] ()
call report step 106 att 16 for print.pdf -> C:\Documents and Settings\Toni\Desktop\call report step 106 att 16 for print.pdf -> [2010/02/23 17:20:34 | 000,002,902 | ---- | C | MD5 = 5C774C795465FFB7ABE371D0478CDA76] ()
call report step 98 att 14 for print.pdf -> C:\Documents and Settings\Toni\Desktop\call report step 98 att 14 for print.pdf -> [2010/02/23 16:47:41 | 000,002,897 | ---- | C | MD5 = DFCBDA378E74A3FF40EB1D2122CEFFFC] ()
ColorInc ROES.lnk -> C:\Documents and Settings\Toni\Desktop\ColorInc ROES.lnk -> [2010/02/19 16:37:41 | 000,001,832 | ---- | C | MD5 = 780BF00CD8B414A6E0128BCE81B0CA91] ()
flightviewcgi.exe.gif -> C:\Documents and Settings\Toni\Desktop\flightviewcgi.exe.gif -> [2010/02/16 13:32:56 | 000,010,311 | ---- | C | MD5 = 8F087B79C5D546D3E5E49886DABB8C46] ()
rx_image32.Cache -> C:\Documents and Settings\Toni\Local Settings\Application Data\rx_image32.Cache -> [2010/02/15 10:58:59 | 000,258,348 | ---- | C | MD5 = 633904C024081256CD800239A3460BBF] ()
CinemaNow.lnk -> C:\Documents and Settings\Toni\My Documents\CinemaNow.lnk -> [2010/02/11 08:41:08 | 000,001,474 | ---- | C | MD5 = 4A8006A3DE574579D369E91761DEF318] ()
Roxio Creator 2010 Pro.lnk -> C:\Documents and Settings\All Users\Desktop\Roxio Creator 2010 Pro.lnk -> [2010/02/11 08:39:07 | 000,001,830 | ---- | C | MD5 = 666361A8DE95C0829C0F2A7C6F20C5B3] ()
Untitled Brushes.abr -> C:\Documents and Settings\Toni\My Documents\Untitled Brushes.abr -> [2010/02/08 08:34:04 | 064,660,538 | ---- | C | MD5 = DBC7D633665283270594C1E2AD9A9CA3] ()
MoveMediaPlayerWin_071505000011.exe -> C:\Program Files\MoveMediaPlayerWin_071505000011.exe -> [2010/02/02 13:02:34 | 001,438,976 | ---- | C | MD5 = 3F74877B35F4A6AC7DFE115D3D336F31] ()
gburner27.exe -> C:\Program Files\gburner27.exe -> [2010/01/31 08:26:56 | 001,533,702 | ---- | C | MD5 = B6E4B0432A5432AE88B3ECCDA079C59F] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/01/30 13:30:30 | 000,000,472 | ---- | C | MD5 = 32D68C4E9577EA5489E05CC98203F96F] ()
Ad-Aware Update (Daily 4).job -> C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job -> [2010/01/30 13:30:26 | 000,000,472 | ---- | C | MD5 = 535B25043253F54EAB0D974A05CDBA58] ()
Untitled-5.psd -> C:\Documents and Settings\Toni\Desktop\Untitled-5.psd -> [2010/01/25 19:33:43 | 001,086,540 | ---- | C | MD5 = E86D013F6B8DBB34624A4FB345FDEB10] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2009/06/04 09:35:32 | 000,000,165 | ---- | C | MD5 = 60025ECB0DD66B00CE1B04939F3C3F85] ()
lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2009/02/17 15:39:44 | 000,066,482 | ---- | C | MD5 = 2D5DD5F7CB2E798BCBDCD13876AAE1B0] ()
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2009/01/30 01:46:56 | 000,010,752 | ---- | C | MD5 = 7BAC2C6F66524CFC55AE91DDF3ECE2DD] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009/01/28 14:22:33 | 000,000,376 | ---- | C | MD5 = EC940475561F651E8CCA80C9144191D0] ()
LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2008/07/26 08:25:02 | 000,025,624 | ---- | C | MD5 = A6919138F29AE45E90E99FA94737E04C] ()
OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2008/02/04 22:23:10 | 000,693,792 | ---- | C | MD5 = D1346A4683E98836E2FE003859E5DC0D] ()
idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 14:51:02 | 000,020,698 | ---- | C | MD5 = 266B46818EBC36E23797E2C3C3118308] ()
gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 14:48:48 | 000,030,628 | ---- | C | MD5 = 75E434ABE214E96C58F4B5617C152DD4] ()
gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 14:48:28 | 000,031,698 | ---- | C | MD5 = 04C05F57312D4B5F62780F21C0DE7A31] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/10/31 02:35:00 | 001,724,416 | ---- | C | MD5 = 68CCF2E836C14AAFED91FEEFE12119B2] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/10/31 02:35:00 | 001,503,232 | ---- | C | MD5 = C30BF40A37175618485FDDF85036EDA8] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/10/31 02:35:00 | 001,101,824 | ---- | C | MD5 = 157F9E6EB2385D9F682F11CD4B62C358] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/10/31 02:35:00 | 000,581,632 | ---- | C | MD5 = D5E3DC3E58638AB7B794C17C6E34CD5D] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/10/31 02:35:00 | 000,466,944 | ---- | C | MD5 = AAE353663BB47F80064AFE81482B6920] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/10/31 02:35:00 | 000,286,720 | ---- | C | MD5 = 0FCE0E125B4806DC9C6715B2501CFB01] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 18:58:52 | 000,030,808 | ---- | C | MD5 = A6AFBC3436A20A7834D45CDE9D69926C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 18:53:56 | 000,026,489 | ---- | C | MD5 = D6B2075824BA9FAA4B37D98B13447F32] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 19:39:28 | 000,029,779 | ---- | C | MD5 = B77AB4697B17FBBB25E41A15CC31D94E] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 19:39:28 | 000,026,040 | ---- | C | MD5 = B7F882C45E520600053327AA42FA3A4F] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 19:05:08 | 000,002,695 | ---- | C | MD5 = 509A7197AE66401D1DA76F4BAC1DD0A8] ()
hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2001/07/06 16:30:00 | 000,003,399 | ---- | C | MD5 = 360E8B755E33641CBC6ABF3C732A194D] ()

ToniCarman · « **Reply #12 on:** April 12, 2010, 09:49:37 PM »

Code: [Select]

[File - Lop Check]
 CA -> C:\Documents and Settings\All Users\Application Data\CA -> [2009/01/28 14:58:46 | 000,000,000 | ---D | M]
 CinemaNow -> C:\Documents and Settings\All Users\Application Data\CinemaNow -> [2010/02/11 08:41:09 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2009/06/12 18:16:50 | 000,000,000 | ---D | M]
 PhotoShow Shared Assets -> C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets -> [2010/02/11 08:39:41 | 000,000,000 | ---D | M]
 SmartSound Software Inc -> C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc -> [2010/02/11 08:44:07 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/09 09:53:20 | 000,000,000 | ---D | M]
 Uninstall -> C:\Documents and Settings\All Users\Application Data\Uninstall -> [2010/02/11 08:45:05 | 000,000,000 | ---D | M]
 VideoConverter -> C:\Documents and Settings\All Users\Application Data\VideoConverter -> [2009/06/12 18:34:44 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/06/10 16:11:10 | 000,000,000 | ---D | M]
 {CFBD8779-FAAB-4357-84F2-1EC8619FADA6} -> C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} -> [2009/12/10 12:09:45 | 000,000,000 | -H-D | M]
 Canneverbe_Limited -> C:\Documents and Settings\Toni\Application Data\Canneverbe_Limited -> [2009/03/30 14:00:09 | 000,000,000 | ---D | M]
 Canon -> C:\Documents and Settings\Toni\Application Data\Canon -> [2009/04/08 17:15:42 | 000,000,000 | ---D | M]
 Facebook -> C:\Documents and Settings\Toni\Application Data\Facebook -> [2010/03/27 20:54:04 | 000,000,000 | ---D | M]
 Image Zone Express -> C:\Documents and Settings\Toni\Application Data\Image Zone Express -> [2010/02/22 16:10:07 | 000,000,000 | ---D | M]
 Imagenomic -> C:\Documents and Settings\Toni\Application Data\Imagenomic -> [2009/01/30 01:51:41 | 000,000,000 | ---D | M]
 Leadertech -> C:\Documents and Settings\Toni\Application Data\Leadertech -> [2009/03/18 19:15:49 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\Toni\Application Data\NCH Swift Sound -> [2009/06/12 18:16:36 | 000,000,000 | ---D | M]
 OfficeUpdate12 -> C:\Documents and Settings\Toni\Application Data\OfficeUpdate12 -> [2009/01/28 15:30:05 | 000,000,000 | ---D | M]
 Opera -> C:\Documents and Settings\Toni\Application Data\Opera -> [2009/02/05 00:53:40 | 000,000,000 | ---D | M]
 Simple Star -> C:\Documents and Settings\Toni\Application Data\Simple Star -> [2010/02/11 08:39:41 | 000,000,000 | ---D | M]
 Snapfish -> C:\Documents and Settings\Toni\Application Data\Snapfish -> [2009/06/16 17:41:57 | 000,000,000 | ---D | M]
 Vso -> C:\Documents and Settings\Toni\Application Data\Vso -> [2010/04/07 17:23:08 | 000,000,000 | ---D | M]
 Windows Desktop Search -> C:\Documents and Settings\Toni\Application Data\Windows Desktop Search -> [2009/01/28 11:30:13 | 000,000,000 | ---D | M]
 Windows Search -> C:\Documents and Settings\Toni\Application Data\Windows Search -> [2009/01/28 14:19:32 | 000,000,000 | ---D | M]
 Ad-Aware Update (Daily 1).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job -> [2010/04/12 11:24:14 | 000,000,472 | ---- | M | MD5 = 6B26A110B574E8F20120C837B1E3E6F9] ()
 Ad-Aware Update (Daily 2).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job -> [2010/04/12 17:15:13 | 000,000,472 | ---- | M | MD5 = 34A3E89613AEECFFC749729B5E2D96F1] ()
 Ad-Aware Update (Daily 3).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job -> [2010/04/12 11:24:15 | 000,000,472 | ---- | M | MD5 = E18F7542CA247075E2D69D4CE09717FB] ()
 Ad-Aware Update (Daily 4).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job -> [2010/04/12 11:24:16 | 000,000,472 | ---- | M | MD5 = 535B25043253F54EAB0D974A05CDBA58] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/04/12 11:24:17 | 000,000,472 | ---- | M | MD5 = 32D68C4E9577EA5489E05CC98203F96F] ()
 CAAntiSpywareScan_Daily as Toni at 10 24 AM.job -> C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job -> [2010/02/23 12:41:37 | 000,000,512 | ---- | M | MD5 = 298B9C593FB3D4C5186EC1D42ED492FD] ()
 
[File - Purity Scan]
 
[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
 1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< %systemroot%\system32\*.exe /lockedfiles >
 1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> 
< %systemroot%\System32\config\*.sav >
 default.sav -> C:\WINDOWS\system32\config\default.sav -> [2009/01/28 00:52:35 | 000,094,208 | ---- | M | MD5 = D3AD8EF22AED561F27A5F1B05F1EA746] ()
 software.sav -> C:\WINDOWS\system32\config\software.sav -> [2009/01/28 00:52:35 | 000,634,880 | ---- | M | MD5 = C48233D143DBFFB521161A62A9E003E6] ()
 system.sav -> C:\WINDOWS\system32\config\system.sav -> [2009/01/28 00:52:35 | 000,901,120 | ---- | M | MD5 = AA0D675CBC38B4EB655DF61422ED3A8B] ()
< %systemroot%\System32\*.sys >
 ansi.sys -> C:\WINDOWS\system32\ansi.sys -> [2004/08/04 08:00:00 | 000,009,029 | ---- | M | MD5 = 8AAD333C876590293F72B315E162BCC7] ()
 country.sys -> C:\WINDOWS\system32\country.sys -> [2004/08/04 08:00:00 | 000,027,097 | ---- | M | MD5 = 0FE9F16075C9ACB941C957B7C649176E] ()
 himem.sys -> C:\WINDOWS\system32\himem.sys -> [2004/08/04 08:00:00 | 000,004,768 | ---- | M | MD5 = E6BC0F98FECEF245A0010D350C1A0B9B] ()
 key01.sys -> C:\WINDOWS\system32\key01.sys -> [2004/08/04 08:00:00 | 000,042,809 | ---- | M | MD5 = 582BCDD47CF4B68B5CB528F18E3CB808] ()
 keyboard.sys -> C:\WINDOWS\system32\keyboard.sys -> [2004/08/04 08:00:00 | 000,042,537 | ---- | M | MD5 = FBBCFEC1379C5C02D88A361993EDF1B8] ()
 ntdos.sys -> C:\WINDOWS\system32\ntdos.sys -> [2004/08/04 08:00:00 | 000,027,866 | ---- | M | MD5 = FFFF296A08DBF2AC0126C62E3778AC0D] ()
 ntdos404.sys -> C:\WINDOWS\system32\ntdos404.sys -> [2004/08/04 08:00:00 | 000,029,146 | ---- | M | MD5 = CF9ED169FF86D935E47999E82359E898] ()
 ntdos411.sys -> C:\WINDOWS\system32\ntdos411.sys -> [2004/08/04 08:00:00 | 000,029,370 | ---- | M | MD5 = 03B945AC0481CD8BB161C3569D8ED1C3] ()
 ntdos412.sys -> C:\WINDOWS\system32\ntdos412.sys -> [2004/08/04 08:00:00 | 000,029,274 | ---- | M | MD5 = BBC957DC18C17CC027EB80B7C77F2AEA] ()
 ntdos804.sys -> C:\WINDOWS\system32\ntdos804.sys -> [2004/08/04 08:00:00 | 000,029,146 | ---- | M | MD5 = 3CFFAEFFF23B0D208214A6D3061A5B1B] ()
 ntio.sys -> C:\WINDOWS\system32\ntio.sys -> [2004/08/04 08:00:00 | 000,033,840 | ---- | M | MD5 = 4FE09F868CE65B334B42862C372C69CC] ()
 ntio404.sys -> C:\WINDOWS\system32\ntio404.sys -> [2004/08/04 08:00:00 | 000,034,560 | ---- | M | MD5 = 6F73F50162DEF60C84B725C18CD9140F] ()
 ntio411.sys -> C:\WINDOWS\system32\ntio411.sys -> [2004/08/04 08:00:00 | 000,035,648 | ---- | M | MD5 = 0FDD5E69C1FF3B58043D44F2CC743D45] ()
 ntio412.sys -> C:\WINDOWS\system32\ntio412.sys -> [2004/08/04 08:00:00 | 000,035,424 | ---- | M | MD5 = 8842837C4D8311BF8E72BEE8CCC42217] ()
 ntio804.sys -> C:\WINDOWS\system32\ntio804.sys -> [2004/08/04 08:00:00 | 000,034,560 | ---- | M | MD5 = 6B56CEB3C6F9D5CD7293DBD9FE23B311] ()
 watchdog.sys -> C:\WINDOWS\system32\watchdog.sys -> [2008/04/13 14:44:59 | 000,017,664 | ---- | M | MD5 = 9A10AACBFDC4922715375FB4065EC930] (Microsoft Corporation)
 win32k.sys -> C:\WINDOWS\system32\win32k.sys -> [2009/08/14 09:21:25 | 001,850,624 | ---- | M | MD5 = 716ED09D8D9A9E1E4A03549B32B68186] (Microsoft Corporation)
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
< %systemroot%\System32\drivers\*.dll >
 adv01nt5.dll -> C:\WINDOWS\system32\drivers\adv01nt5.dll -> [2008/04/13 20:11:48 | 000,004,255 | ---- | M | MD5 = 1A7DDD37DEB481A9C25BBE705D63966B] (Intel(R) Corporation)
 adv02nt5.dll -> C:\WINDOWS\system32\drivers\adv02nt5.dll -> [2008/04/13 20:11:48 | 000,003,967 | ---- | M | MD5 = 9A193E5B5416E800B1FEDD7A4C5425C9] (Intel(R) Corporation)
 adv05nt5.dll -> C:\WINDOWS\system32\drivers\adv05nt5.dll -> [2008/04/13 20:11:48 | 000,003,615 | ---- | M | MD5 = E2FB83E16D003E973C0A6F25CA39A281] (Intel(R) Corporation)
 adv07nt5.dll -> C:\WINDOWS\system32\drivers\adv07nt5.dll -> [2008/04/13 20:11:48 | 000,003,647 | ---- | M | MD5 = 23C8D06EBE70CA5D8364818AD6342BDA] (Intel(R) Corporation)
 adv08nt5.dll -> C:\WINDOWS\system32\drivers\adv08nt5.dll -> [2008/04/13 20:11:48 | 000,003,135 | ---- | M | MD5 = 9FD9797D7E74AEA57915C726D82697F4] (Intel(R) Corporation)
 adv09nt5.dll -> C:\WINDOWS\system32\drivers\adv09nt5.dll -> [2008/04/13 20:11:48 | 000,003,711 | ---- | M | MD5 = 76DEC026845C0C7679C194BF3FAD81F0] (Intel(R) Corporation)
 adv11nt5.dll -> C:\WINDOWS\system32\drivers\adv11nt5.dll -> [2008/04/13 20:11:48 | 000,003,775 | ---- | M | MD5 = DB6D4CBF4DEBFA810A83035952EEC707] (Intel(R) Corporation)
 atv01nt5.dll -> C:\WINDOWS\system32\drivers\atv01nt5.dll -> [2008/04/13 20:11:50 | 000,021,183 | ---- | M | MD5 = 1532382086A0B61982E69FEFFBA77469] (Intel(R) Corporation)
 atv02nt5.dll -> C:\WINDOWS\system32\drivers\atv02nt5.dll -> [2008/04/13 20:11:50 | 000,011,359 | ---- | M | MD5 = 99265584139E0361156AF8AAFB9F05FD] (Intel(R) Corporation)
 atv04nt5.dll -> C:\WINDOWS\system32\drivers\atv04nt5.dll -> [2008/04/13 20:11:50 | 000,025,471 | ---- | M | MD5 = 379F31C68379519C15A2B7BF66F8A80E] (Intel(R) Corporation)
 atv06nt5.dll -> C:\WINDOWS\system32\drivers\atv06nt5.dll -> [2008/04/13 20:11:50 | 000,014,143 | ---- | M | MD5 = 4CCDEF76BC20B56037C24D39E5C0E4EA] (Intel(R) Corporation)
 atv10nt5.dll -> C:\WINDOWS\system32\drivers\atv10nt5.dll -> [2008/04/13 20:11:50 | 000,017,279 | ---- | M | MD5 = AA4F39968C3C48F44AC93C19C74531AC] (Intel(R) Corporation)
 ch7xxnt5.dll -> C:\WINDOWS\system32\drivers\ch7xxnt5.dll -> [2008/04/13 20:11:50 | 000,015,423 | ---- | M | MD5 = 61ED91FDC8BDC432C9E51DDCB3D66FEE] (Intel(R) Corporation)
 siint5.dll -> C:\WINDOWS\system32\drivers\siint5.dll -> [2008/04/13 20:12:05 | 000,003,901 | ---- | M | MD5 = 6B910A4F9FD45CAE6579564DA22D69AE] (Intel(R) Corporation)
 vchnt5.dll -> C:\WINDOWS\system32\drivers\vchnt5.dll -> [2008/04/13 20:12:08 | 000,011,325 | ---- | M | MD5 = 5E9313B8BFB6025E7C38E9A0BF185303] (Intel(R) Corporation)
 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> 
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
 aaw7boot.log -> C:\aaw7boot.log -> [2010/04/12 07:21:29 | 000,065,666 | ---- | M | MD5 = 528918820EC989E7965A5D57B416D27F] ()
 AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2009/01/28 09:08:04 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 boot.ini -> C:\boot.ini -> [2009/01/28 09:04:05 | 000,000,211 | -HS- | M | MD5 = 17D7055859D99A0D606CFAF17AE38638] ()
 caavsetupLog.txt -> C:\caavsetupLog.txt -> [2009/01/28 14:24:17 | 000,036,412 | ---- | M | MD5 = D3E370BF10F7E790EB4432FC08EA81A5] ()
 caisslog.txt -> C:\caisslog.txt -> [2009/11/30 09:19:56 | 000,470,952 | ---- | M | MD5 = 1D1641D252AEAC50325347DCD73A0295] ()
 CONFIG.SYS -> C:\CONFIG.SYS -> [2009/01/28 09:08:04 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 debug.log -> C:\debug.log -> [2009/08/13 19:07:44 | 000,024,152 | ---- | M | MD5 = A522DF6A3A0D42C58BDFCA6DC02CBF8C] ()
 IO.SYS -> C:\IO.SYS -> [2009/01/28 09:08:04 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 MSDOS.SYS -> C:\MSDOS.SYS -> [2009/01/28 09:08:04 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 NTDETECT.COM -> C:\NTDETECT.COM -> [2004/08/04 08:00:00 | 000,047,564 | RHS- | M | MD5 = B2DE3452DE03674C6CEC68B8C8CE7C78] ()
 ntldr -> C:\ntldr -> [2009/01/28 11:00:33 | 000,250,048 | RHS- | M | MD5 = C1B29B4E6EEA9510610DB2EC4D6DB160] ()
 pagefile.sys -> C:\pagefile.sys -> [2010/04/12 07:21:30 | 2011,607,040 | -HS- | M | Unable to obtain MD5] ()
 testlog.log -> C:\testlog.log -> [2009/12/17 23:22:46 | 000,000,015 | --S- | M | MD5 = BE566C8BFBB996CAC675FA17C5FF56B4] ()
< %PROGRAMFILES%\*. >
 Adobe -> C:\Program Files\Adobe -> [2010/02/22 12:22:49 | 000,000,000 | ---D | M]
 Apple Software Update -> C:\Program Files\Apple Software Update -> [2009/01/30 12:45:00 | 000,000,000 | ---D | M]
 Bonjour -> C:\Program Files\Bonjour -> [2009/06/10 15:58:56 | 000,000,000 | ---D | M]
 BookSmart -> C:\Program Files\BookSmart -> [2009/03/15 21:11:14 | 000,000,000 | ---D | M]
 CA -> C:\Program Files\CA -> [2009/01/28 14:24:22 | 000,000,000 | ---D | M]
 Canon -> C:\Program Files\Canon -> [2009/04/08 17:09:01 | 000,000,000 | ---D | M]
 CinemaNow -> C:\Program Files\CinemaNow -> [2010/02/11 08:41:02 | 000,000,000 | ---D | M]
 Common Files -> C:\Program Files\Common Files -> [2010/04/09 11:03:09 | 000,000,000 | ---D | M]
 ComPlus Applications -> C:\Program Files\ComPlus Applications -> [2009/01/28 09:05:58 | 000,000,000 | ---D | M]
 Coupons -> C:\Program Files\Coupons -> [2009/03/11 09:02:38 | 000,000,000 | ---D | M]
 DivX -> C:\Program Files\DivX -> [2009/08/14 08:05:18 | 000,000,000 | ---D | M]
 Free Video Converter -> C:\Program Files\Free Video Converter -> [2009/11/17 20:32:04 | 000,000,000 | ---D | M]
 Haali -> C:\Program Files\Haali -> [2009/06/12 18:36:42 | 000,000,000 | ---D | M]
 Hewlett-Packard -> C:\Program Files\Hewlett-Packard -> [2009/02/24 10:44:46 | 000,000,000 | ---D | M]
 HP -> C:\Program Files\HP -> [2009/02/24 10:46:51 | 000,000,000 | ---D | M]
 Imagenomic -> C:\Program Files\Imagenomic -> [2009/01/30 01:47:35 | 000,000,000 | ---D | M]
 InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2010/02/11 08:44:49 | 000,000,000 | -H-D | M]
 Internet Explorer -> C:\Program Files\Internet Explorer -> [2010/03/30 22:18:47 | 000,000,000 | ---D | M]
 iPod -> C:\Program Files\iPod -> [2009/08/11 14:09:22 | 000,000,000 | ---D | M]
 iTunes -> C:\Program Files\iTunes -> [2009/08/11 14:09:40 | 000,000,000 | ---D | M]
 Java -> C:\Program Files\Java -> [2009/06/05 19:28:36 | 000,000,000 | ---D | M]
 Lavasoft -> C:\Program Files\Lavasoft -> [2009/02/13 18:39:01 | 000,000,000 | ---D | M]
 Logitech -> C:\Program Files\Logitech -> [2009/02/17 15:37:38 | 000,000,000 | ---D | M]
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/03/10 10:05:03 | 000,000,000 | ---D | M]
 Memorex exPressit Label Design Studio -> C:\Program Files\Memorex exPressit Label Design Studio -> [2010/03/01 19:28:08 | 000,000,000 | ---D | M]
 Messenger -> C:\Program Files\Messenger -> [2009/01/29 11:56:51 | 000,000,000 | ---D | M]
 Microsoft -> C:\Program Files\Microsoft -> [2009/02/21 12:52:59 | 000,000,000 | ---D | M]
 Microsoft ActiveSync -> C:\Program Files\Microsoft ActiveSync -> [2009/01/28 14:21:45 | 000,000,000 | ---D | M]
 Microsoft CAPICOM 2.1.0.2 -> C:\Program Files\Microsoft CAPICOM 2.1.0.2 -> [2009/02/18 21:19:25 | 000,000,000 | ---D | M]
 microsoft frontpage -> C:\Program Files\microsoft frontpage -> [2009/01/28 09:08:15 | 000,000,000 | ---D | M]
 Microsoft Office -> C:\Program Files\Microsoft Office -> [2009/08/03 21:22:12 | 000,000,000 | ---D | M]
 Microsoft Office Outlook Connector -> C:\Program Files\Microsoft Office Outlook Connector -> [2009/11/11 11:25:04 | 000,000,000 | ---D | M]
 Microsoft SQL Server Compact Edition -> C:\Program Files\Microsoft SQL Server Compact Edition -> [2009/11/11 11:23:59 | 000,000,000 | ---D | M]
 Microsoft Sync Framework -> C:\Program Files\Microsoft Sync Framework -> [2009/02/21 12:52:39 | 000,000,000 | ---D | M]
 Microsoft Visual Studio -> C:\Program Files\Microsoft Visual Studio -> [2009/01/28 14:21:06 | 000,000,000 | ---D | M]
 Microsoft Works -> C:\Program Files\Microsoft Works -> [2009/01/28 15:13:03 | 000,000,000 | ---D | M]
 Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2009/01/28 14:19:30 | 000,000,000 | ---D | M]
 Movie Maker -> C:\Program Files\Movie Maker -> [2010/03/09 23:04:51 | 000,000,000 | ---D | M]
 Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2010/04/04 12:39:39 | 000,000,000 | ---D | M]
 MSBuild -> C:\Program Files\MSBuild -> [2009/01/28 11:35:51 | 000,000,000 | ---D | M]
 MSECache -> C:\Program Files\MSECache -> [2009/08/03 21:21:44 | 000,000,000 | ---D | M]
 MSN -> C:\Program Files\MSN -> [2009/01/28 09:05:01 | 000,000,000 | ---D | M]
 MSN Gaming Zone -> C:\Program Files\MSN Gaming Zone -> [2009/01/28 09:05:26 | 000,000,000 | ---D | M]
 MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2009/01/30 07:01:01 | 000,000,000 | ---D | M]
 MSXML 6.0 -> C:\Program Files\MSXML 6.0 -> [2010/02/11 08:28:48 | 000,000,000 | ---D | M]
 NCH Software -> C:\Program Files\NCH Software -> [2009/06/12 18:16:39 | 000,000,000 | ---D | M]
 NetMeeting -> C:\Program Files\NetMeeting -> [2009/01/28 11:01:47 | 000,000,000 | ---D | M]
 NoAdware5.0 -> C:\Program Files\NoAdware5.0 -> [2009/01/28 14:21:39 | 000,000,000 | ---D | M]
 Online Services -> C:\Program Files\Online Services -> [2009/01/28 09:05:32 | 000,000,000 | ---D | M]
 Outlook Express -> C:\Program Files\Outlook Express -> [2009/08/12 20:29:38 | 000,000,000 | ---D | M]
 Quicken -> C:\Program Files\Quicken -> [2009/08/03 15:09:44 | 000,000,000 | ---D | M]
 QuickTime -> C:\Program Files\QuickTime -> [2009/06/10 16:07:12 | 000,000,000 | ---D | M]
 Realtek -> C:\Program Files\Realtek -> [2009/01/28 10:38:59 | 000,000,000 | ---D | M]
 Reference Assemblies -> C:\Program Files\Reference Assemblies -> [2009/01/28 11:35:45 | 000,000,000 | ---D | M]
 Roxio -> C:\Program Files\Roxio -> [2010/02/11 08:41:30 | 000,000,000 | ---D | M]
 Roxio 2010 -> C:\Program Files\Roxio 2010 -> [2010/02/11 08:42:45 | 000,000,000 | ---D | M]
 Skype -> C:\Program Files\Skype -> [2009/02/12 15:05:49 | 000,000,000 | R--D | M]
 SmartSound Software -> C:\Program Files\SmartSound Software -> [2010/02/11 08:38:33 | 000,000,000 | ---D | M]
 Uninstall Information -> C:\Program Files\Uninstall Information -> [2009/01/28 09:13:57 | 000,000,000 | -H-D | M]
 uTorrent -> C:\Program Files\uTorrent -> [2010/03/22 13:58:53 | 000,000,000 | ---D | M]
 VSO -> C:\Program Files\VSO -> [2009/08/13 19:13:46 | 000,000,000 | ---D | M]
 Windows Desktop Search -> C:\Program Files\Windows Desktop Search -> [2009/06/10 22:17:27 | 000,000,000 | ---D | M]
 Windows Live -> C:\Program Files\Windows Live -> [2009/11/11 11:24:43 | 000,000,000 | ---D | M]
 Windows Live SkyDrive -> C:\Program Files\Windows Live SkyDrive -> [2009/01/30 12:30:09 | 000,000,000 | ---D | M]
 Windows Media Connect 2 -> C:\Program Files\Windows Media Connect 2 -> [2009/01/29 11:56:52 | 000,000,000 | ---D | M]
 Windows Media Player -> C:\Program Files\Windows Media Player -> [2009/01/28 11:26:17 | 000,000,000 | ---D | M]
 Windows NT -> C:\Program Files\Windows NT -> [2009/01/28 11:01:45 | 000,000,000 | ---D | M]
 WindowsUpdate -> C:\Program Files\WindowsUpdate -> [2009/01/28 09:07:09 | 000,000,000 | -H-D | M]
 Winkflash -> C:\Program Files\Winkflash -> [2009/02/05 17:43:46 | 000,000,000 | ---D | M]
 WinRAR -> C:\Program Files\WinRAR -> [2009/01/31 16:24:46 | 000,000,000 | ---D | M]
 xerox -> C:\Program Files\xerox -> [2009/01/28 09:08:15 | 000,000,000 | ---D | M]
< %appdata%\*.* >
 desktop.ini -> C:\Documents and Settings\Toni\Application Data\desktop.ini -> [2009/01/28 00:54:02 | 000,000,062 | -HS- | M | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] ()
 inst.exe -> C:\Documents and Settings\Toni\Application Data\inst.exe -> [2009/08/13 19:13:57 | 000,087,608 | ---- | M | MD5 = 254FBCA565E049648B0CCE2CEADF05D2] ()
 pcouffin.cat -> C:\Documents and Settings\Toni\Application Data\pcouffin.cat -> [2009/08/13 19:13:57 | 000,007,887 | ---- | M | MD5 = 92D731932167FFF6C4D682310EFE4FD3] ()
 pcouffin.inf -> C:\Documents and Settings\Toni\Application Data\pcouffin.inf -> [2009/08/13 19:13:56 | 000,001,144 | ---- | M | MD5 = 8E688E3230764E28D765FD8688B16E9D] ()
 pcouffin.log -> C:\Documents and Settings\Toni\Application Data\pcouffin.log -> [2009/08/13 19:14:15 | 000,000,034 | ---- | M | MD5 = 17C10454353AD0FA88FCBB249538A885] ()
 pcouffin.sys -> C:\Documents and Settings\Toni\Application Data\pcouffin.sys -> [2009/08/13 19:13:57 | 000,047,360 | ---- | M | MD5 = 5B6C11DE7E839C05248CED8825470FEF] (VSO Software)
 vso_ts_preview.xml -> C:\Documents and Settings\Toni\Application Data\vso_ts_preview.xml -> [2010/04/07 17:23:07 | 000,001,044 | ---- | M | MD5 = 7F2CDD43EFE2DB95586C2A845DF57B35] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Dr Jay · « **Reply #13 on:** April 12, 2010, 10:10:11 PM »

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says [color="#FF0000"]"Paste fix here"[/color] and then click the Run Fix button.

Quote

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\] > ->
YN -> HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\: "ProxyServer" -> http=127.0.0.1:5555
[Registry - Additional Scans - Safe List]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YN -> {00000000-0000-0000-0000-000000000000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 90 Days]
NY -> 7.0.0.538f-sdsetup.exe -> C:\Documents and Settings\Toni\Desktop\7.0.0.538f-sdsetup.exe
[Alternate Data Streams]
NY -> @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
NY -> @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

ToniCarman · « **Reply #14 on:** April 12, 2010, 10:29:02 PM »

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-796845957-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\\ProxyServer not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
[Files/Folders - Created Within 90 Days]
C:\Documents and Settings\Toni\Desktop\7.0.0.538f-sdsetup.exe moved successfully.
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1949943 bytes

User: Toni
->Temp folder emptied: 28673950126 bytes
->Temporary Internet Files folder emptied: 15675563 bytes
->Java cache emptied: 86668347 bytes
->FireFox cache emptied: 89534733 bytes
->Flash cache emptied: 187332 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17102059 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5101790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10934236 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3162867885 bytes

Total Files Cleaned = 30,579.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Toni
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (64424509440)
< End of fix log >
OTS by OldTimer - Version 3.1.28.1 fix logfile created on 04132010_002130

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Dr Jay · « **Reply #15 on:** April 12, 2010, 10:30:40 PM »

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

Now click on the Connections tab and then the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

==================

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

ToniCarman · « **Reply #16 on:** April 13, 2010, 05:05:35 AM »

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=aef952102e80e24ca3c1b4fa800419eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-13 08:32:36
# local_time=2010-04-13 04:32:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=4864 16777179 100 0 37048807 37048807 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317340
# found=1
# cleaned=1
# scan_time=13693
C:\Program Files\NoAdware5.0\NoAdware5.exe probably a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Dr Jay · « **Reply #17 on:** April 13, 2010, 11:40:12 PM »

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

ToniCarman · « **Reply #18 on:** April 14, 2010, 05:30:50 PM »

Hello,

I just got home from work and was going to do what you had posted and I saw that my computer was infected with the same virus again. I don't know if someone (my brother) did something while I was gone or what, but it looks like the same thing.

I was unable to do anything in normal mode, so I restared in Safe mode and ran Malwarebytes'

Here is the log file from the Quick Scan. I am not sure if I should follow the prompts that you had me start with last week or do something else

Malwarebytes' Anti-Malware 1.44
Database version: 3847
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

4/14/2010 7:27:42 PM
mbam-log-2010-04-14 (19-27-42).txt

Scan type: Quick Scan
Objects scanned: 120683
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #19 on:** April 14, 2010, 10:46:30 PM »

That's not good.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ToniCarman · « **Reply #20 on:** April 15, 2010, 06:03:46 AM »

I cannot access the internet from my desktop as the virus is not allowing me to. I was able to save it on a flash drive from my laptop and install it on my desktop. There was one prompt asking me to download a program- microsoft something- but I was unable to because of the inability to access the internet. So it continued checking for malware without it. Here is the log file. Again, Thanks so much for your help on this!

ComboFix 10-04-14.01 - Toni 04/15/2010 7:54.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1539 [GMT -4:00]
Running from: K:\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Toni\Application Data\inst.exe
c:\windows\eSellerateEngine.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-14 23:16 . 2010-04-14 23:19   --------   d-----w-   c:\documents and settings\Toni\Application Data\uTorrent
2010-04-14 23:14 . 2010-04-14 23:14   --------   d-----w-   c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx
2010-04-13 04:41 . 2010-04-13 04:41   --------   d-----w-   c:\program files\ESET
2010-04-13 04:21 . 2010-04-13 04:21   --------   d-----w-   C:\_OTS
2010-04-09 13:47 . 2010-04-09 14:27   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-28 00:53 . 2010-03-28 00:53   2114184   ----a-w-   c:\temp\Install_Facebook_Plug-In_1.0.3.exe
2010-03-22 17:58 . 2010-03-22 17:58   --------   d-----w-   c:\program files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 00:33 . 2009-02-17 19:38   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k7
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k6
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k5
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k4
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k3
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k2
2010-04-15 00:32 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k1
2010-04-15 00:32 . 2009-01-28 19:20   478944   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k0
2010-04-15 00:29 . 2009-02-17 19:40   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-04-13 05:28 . 2009-01-28 18:21   --------   d-----w-   c:\program files\NoAdware5.0
2010-04-11 18:37 . 2009-02-03 02:26   --------   d-----w-   c:\documents and settings\Toni\Application Data\AdobeUM
2010-04-09 16:45 . 2010-02-11 12:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sonic
2010-04-09 14:05 . 2009-08-04 03:08   --------   d-----w-   c:\documents and settings\Toni\Application Data\U3
2010-04-09 13:53 . 2010-03-10 13:53   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 21:23 . 2009-08-13 23:13   --------   d-----w-   c:\documents and settings\Toni\Application Data\Vso
2010-03-28 00:54 . 2010-02-01 01:44   50354   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\uninstall.exe
2010-03-28 00:54 . 2010-02-01 01:44   --------   d-----w-   c:\documents and settings\Toni\Application Data\Facebook
2010-03-19 23:38 . 2009-02-04 05:06   --------   d-----w-   c:\documents and settings\Toni\Application Data\ZoomBrowser EX
2010-03-19 21:20 . 2009-01-31 18:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-03-18 22:58 . 2009-11-18 23:13   79488   ----a-w-   c:\documents and settings\Toni\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2004-08-04 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-10 14:05 . 2010-03-10 14:05   --------   d-----w-   c:\documents and settings\Toni\Application Data\Malwarebytes
2010-03-10 14:05 . 2010-03-10 14:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-10 14:04 . 2010-03-10 14:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-09 11:09 . 2004-08-04 12:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30   5582848   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-01 23:41 . 2009-01-30 16:19   343928   ----a-w-   c:\documents and settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 23:28 . 2010-03-01 23:27   --------   d-----w-   c:\program files\Memorex exPressit Label Design Studio
2010-03-01 23:27 . 2010-03-01 23:27   --------   d-----w-   c:\program files\Common Files\SureThing Shared
2010-03-01 10:15 . 2009-09-21 22:19   3803208   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-24 13:11 . 2004-08-04 12:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 20:10 . 2009-03-12 13:30   --------   d-----w-   c:\documents and settings\Toni\Application Data\Image Zone Express
2010-02-16 14:08 . 2004-08-04 12:00   2146304   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59   2024448   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 12:28 . 2010-02-11 12:28   10134   ----a-r-   c:\documents and settings\Toni\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-02-11 12:02 . 2004-08-04 12:00   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2010-02-04 22:15 . 2009-06-19 22:19   389784   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 16:18 . 2009-06-19 22:19   823928   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 16:18 . 2009-06-19 22:19   1181328   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 17:02 . 2010-02-02 17:02   144160   ----a-w-   c:\documents and settings\Toni\Application Data\Move Networks\uninstall.exe
2010-02-02 17:02 . 2009-12-10 19:26   4187512   ----a-w-   c:\documents and settings\Toni\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-02 17:02 . 2010-02-02 17:02   1438976   ----a-w-   c:\program files\MoveMediaPlayerWin_071505000011.exe
2010-02-01 01:43 . 2010-02-01 01:43   2107456   ----a-w-   c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-31 12:26 . 2010-01-31 12:26   1533702   ----a-w-   c:\program files\gburner27.exe
2010-01-27 03:21 . 2010-01-27 03:21   847040   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20   5578752   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
2009-08-13 23:06 . 2009-08-13 23:05   7741336   ----a-w-   c:\program files\DivX521XP2K_1.exe
2009-08-13 22:54 . 2009-08-13 22:53   4526458   ----a-w-   c:\program files\WinAVI_Video_Converter.exe
2009-06-16 21:38 . 2009-06-16 21:38   2144584   ----a-w-   c:\program files\InstallFirefoxPluginV3.exe
2009-06-12 22:34 . 2009-06-12 22:30   24527365   ----a-w-   c:\program files\FreeVideoConverter.exe
2009-03-05 21:24 . 2009-03-05 21:24   4909440   ----a-w-   c:\program files\Silverlight.2.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"mghxramd"="c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx\ixoukxrtssd.exe" [2010-04-14 271616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-22 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-29 230640]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-01-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-01-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-01-28 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-01-28 14088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"mghxramd"="c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx\ixoukxrtssd.exe" [2010-04-14 271616]

c:\documents and settings\Toni\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 21:30   79368   ----a-w-   c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/13/2009 7:20 PM 64288]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/11/2010 8:42 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/11/2010 8:42 AM 15856]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 11:08 PM 93712]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 11:08 PM 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 11:08 PM 45584]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 11:08 PM 115216]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/11/2010 8:42 AM 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 6:40 PM 127352]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 11:08 PM 134648]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 11:08 PM 66576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 2:24 PM 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 2:24 PM 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 11:10 PM 281104]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 11:08 PM 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/28/2009 2:24 PM 185584]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-23 c:\windows\Tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-01-28 18:26]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
FF - ProfilePath - c:\documents and settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 07:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\windows\system32\UmxWnp.Dll
.
Completion time: 2010-04-15 07:59:22
ComboFix-quarantined-files.txt 2010-04-15 11:59

Pre-Run: 153,380,311,040 bytes free
Post-Run: 153,585,123,328 bytes free

- - End Of File - - 4C12E09D23AD041DB8194224625574FE

Dr Jay · « **Reply #21 on:** April 15, 2010, 05:28:09 PM »

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

Now click on the Connections tab and then the Lan Settings button
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

=============================

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the box below into it:
Quote
killall::

Folder::
c:\program files\NoAdware5.0
c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mghxramd"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mghxramd"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2

Rootkit::

Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

ToniCarman · « **Reply #22 on:** April 16, 2010, 05:53:42 AM »

I was unable to access the internet using this method this time. There is nothing selected in the connections window. Is this accurate?

I wasn't sure if I should still proceed as I can't download the Microsoft Windows Recovery console.

ToniCarman · « **Reply #23 on:** April 16, 2010, 06:42:46 AM »

I am still unable to get online but I was able to save the Microsoft Windows Recovery console download from microsoft via my laptop and transfer it to my PC (infected computer) and pulled it to Combofix. (also for some reason I can't disable the CA anti virus- even though I unchecked all scans on the system).

Once the scan was complete and I pulled the CFScript.txt file into Combofix.

Results of the 2nd scan(Combo Fix with CFscript.txt):

ComboFix 10-04-14.01 - Toni 04/16/2010 8:18.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1543 [GMT -4:00]
Running from: c:\documents and settings\Toni\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Toni\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx
c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx\ixoukxrtssd.exe
c:\program files\NoAdware5.0
c:\program files\NoAdware5.0\noadware4_012709.na
c:\program files\NoAdware5.0\unins000.dat
c:\program files\NoAdware5.0\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 11:50 . 2010-04-16 11:50   --------   d-----w-   c:\windows\LastGood
2010-04-14 23:16 . 2010-04-14 23:19   --------   d-----w-   c:\documents and settings\Toni\Application Data\uTorrent
2010-04-13 04:41 . 2010-04-13 04:41   --------   d-----w-   c:\program files\ESET
2010-04-13 04:21 . 2010-04-13 04:21   --------   d-----w-   C:\_OTS
2010-04-09 13:47 . 2010-04-15 21:54   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-28 00:53 . 2010-03-28 00:53   2114184   ----a-w-   c:\temp\Install_Facebook_Plug-In_1.0.3.exe
2010-03-22 17:58 . 2010-03-22 17:58   --------   d-----w-   c:\program files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 12:21 . 2009-02-17 19:38   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k7
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k6
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k5
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k4
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k3
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k2
2010-04-16 11:37 . 2009-01-28 19:20   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k1
2010-04-16 11:37 . 2009-01-28 19:20   227220   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k0
2010-04-16 11:36 . 2009-02-17 19:40   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-04-11 18:37 . 2009-02-03 02:26   --------   d-----w-   c:\documents and settings\Toni\Application Data\AdobeUM
2010-04-09 16:45 . 2010-02-11 12:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sonic
2010-04-09 14:05 . 2009-08-04 03:08   --------   d-----w-   c:\documents and settings\Toni\Application Data\U3
2010-04-09 13:53 . 2010-03-10 13:53   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 21:23 . 2009-08-13 23:13   --------   d-----w-   c:\documents and settings\Toni\Application Data\Vso
2010-03-28 00:54 . 2010-02-01 01:44   50354   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\uninstall.exe
2010-03-28 00:54 . 2010-02-01 01:44   --------   d-----w-   c:\documents and settings\Toni\Application Data\Facebook
2010-03-19 23:38 . 2009-02-04 05:06   --------   d-----w-   c:\documents and settings\Toni\Application Data\ZoomBrowser EX
2010-03-19 21:20 . 2009-01-31 18:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-03-18 22:58 . 2009-11-18 23:13   79488   ----a-w-   c:\documents and settings\Toni\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2004-08-04 12:00   832512   ------w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-10 14:05 . 2010-03-10 14:05   --------   d-----w-   c:\documents and settings\Toni\Application Data\Malwarebytes
2010-03-10 14:05 . 2010-03-10 14:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-10 14:04 . 2010-03-10 14:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-09 11:09 . 2004-08-04 12:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30   5582848   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-01 23:41 . 2009-01-30 16:19   343928   ----a-w-   c:\documents and settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 23:28 . 2010-03-01 23:27   --------   d-----w-   c:\program files\Memorex exPressit Label Design Studio
2010-03-01 23:27 . 2010-03-01 23:27   --------   d-----w-   c:\program files\Common Files\SureThing Shared
2010-03-01 10:15 . 2009-09-21 22:19   3803208   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-24 13:11 . 2004-08-04 12:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 20:10 . 2009-03-12 13:30   --------   d-----w-   c:\documents and settings\Toni\Application Data\Image Zone Express
2010-02-16 14:08 . 2004-08-04 12:00   2146304   ------w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59   2024448   ------w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 12:28 . 2010-02-11 12:28   10134   ----a-r-   c:\documents and settings\Toni\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-02-11 12:02 . 2004-08-04 12:00   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2010-02-04 22:15 . 2009-06-19 22:19   389784   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 16:18 . 2009-06-19 22:19   823928   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 16:18 . 2009-06-19 22:19   1181328   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 17:02 . 2010-02-02 17:02   144160   ----a-w-   c:\documents and settings\Toni\Application Data\Move Networks\uninstall.exe
2010-02-02 17:02 . 2009-12-10 19:26   4187512   ----a-w-   c:\documents and settings\Toni\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-02 17:02 . 2010-02-02 17:02   1438976   ----a-w-   c:\program files\MoveMediaPlayerWin_071505000011.exe
2010-02-01 01:43 . 2010-02-01 01:43   2107456   ----a-w-   c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-31 12:26 . 2010-01-31 12:26   1533702   ----a-w-   c:\program files\gburner27.exe
2010-01-27 03:21 . 2010-01-27 03:21   847040   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20   5578752   ----a-w-   c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
2009-08-13 23:06 . 2009-08-13 23:05   7741336   ----a-w-   c:\program files\DivX521XP2K_1.exe
2009-08-13 22:54 . 2009-08-13 22:53   4526458   ----a-w-   c:\program files\WinAVI_Video_Converter.exe
2009-06-16 21:38 . 2009-06-16 21:38   2144584   ----a-w-   c:\program files\InstallFirefoxPluginV3.exe
2009-06-12 22:34 . 2009-06-12 22:30   24527365   ----a-w-   c:\program files\FreeVideoConverter.exe
2009-03-05 21:24 . 2009-03-05 21:24   4909440   ----a-w-   c:\program files\Silverlight.2.0.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-15_11.57.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-16 11:41 . 2010-04-16 11:41   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-28 13:12 . 2010-04-16 11:41   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-28 13:12 . 2009-03-24 23:16   32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-16 11:50 . 2008-09-24 01:46   245408 c:\windows\LastGood\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-22 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-29 230640]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-01-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-01-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-01-28 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-01-28 14088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]

c:\documents and settings\Toni\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 21:30   79368   ----a-w-   c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/13/2009 7:20 PM 64288]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/11/2010 8:42 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/11/2010 8:42 AM 15856]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 11:08 PM 93712]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 11:08 PM 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 11:08 PM 45584]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 11:08 PM 115216]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/11/2010 8:42 AM 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 6:40 PM 127352]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 11:08 PM 134648]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 11:08 PM 66576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 2:24 PM 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 2:24 PM 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 11:10 PM 281104]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 11:08 PM 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/28/2009 2:24 PM 185584]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-23 c:\windows\Tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-01-28 18:26]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NoAdware 5.0_is1 - c:\program files\NoAdware5.0\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 08:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\UmxWnp.Dll

- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-04-16 08:27:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-16 12:27
ComboFix2.txt 2010-04-16 12:16
ComboFix3.txt 2010-04-15 11:59

Pre-Run: 153,526,624,256 bytes free
Post-Run: 153,495,445,504 bytes free

- - End Of File - - 97396B6F30EF88540E44E9AEFD5695E3

Dr Jay · « **Reply #24 on:** April 16, 2010, 06:53:38 AM »

Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:

netsh winsock reset catalog

Then, exit out.
==

Do you have Internet after performing the above process?

ToniCarman · « **Reply #25 on:** April 16, 2010, 07:01:44 AM »

I am still in safe mode. Is that okay?

Still not able to get in.

Did what you said, prompted for restart, restarted and still unable to access IE or Firefox.

Dr Jay · « **Reply #26 on:** April 16, 2010, 09:29:18 AM »

Odd.

Please download RegQueryby Noviciate from here and save it to your Desktop.

Double click RegQuery.exe to run it.
Please copy the following registry keypath:

Code: [Select]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Paste the text in the open field where it says "Enter Key Name:".
Now, Click the Query button.
A log shall open in Notepad. Please copy and paste the contents of it in your next reply.

Note: The file from RegQuery is not saved on the computer, so please save it or post it in a new reply before closing it.

ToniCarman · « **Reply #27 on:** April 16, 2010, 10:53:40 AM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="TONI-423C633C85"
"DefaultUserName"="Toni"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\
00,00,00
"LogonType"=dword:00000001
"Background"="0 0 0"
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="Toni"
"AltDefaultDomainName"="TONI-423C633C85"
"ChangePasswordUseKerberos"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@="Windows Search Group Policy Extension"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,72,00,63,00,68,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,64,00,6c,00,6c,00,\
00,00
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,31,00,34,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
"Asynchronous"=dword:00000001
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
"DllName"="UmxWnp.Dll"
"Logoff"="WLEventLogoff"
"Logon"="WLEventLogon"
"Shutdown"="WLEventShutdown"
"Startup"="WLEventStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEven t"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

Dr Jay · « **Reply #28 on:** April 16, 2010, 11:05:48 AM »

When did it happen that you were not able to get in to Normal Mode?

ToniCarman · « **Reply #29 on:** April 16, 2010, 02:23:49 PM »

I can get into normal mode, but I am unable do do anything and when I try to select anything I get an application message not allowing me to access anything. I haven't tried to get in since our last few scans. Should I try again?

I couldn't access the internet in either mode since the virus came back.

ToniCarman · « **Reply #30 on:** April 16, 2010, 02:41:51 PM »

Well, after your last message I went into normal mode, and its fine. Was even able to get online.

Not sure what changed.

Next steps?

Thanks again! You have no idea how greatful I am!!!

Dr Jay · « **Reply #31 on:** April 16, 2010, 08:35:14 PM »

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

ToniCarman · « **Reply #32 on:** April 17, 2010, 05:32:52 AM »

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/17/2010 7:32:33 AM
mbam-log-2010-04-17 (07-32-33).txt

Scan type: Quick scan
Objects scanned: 102703
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #33 on:** April 17, 2010, 06:37:12 AM »

Do a quick reboot test for Normal Mode.

Click Start > Shutdown > Reboot

two times so the machine reboots two times in total.

Let me know how fast it starts, and if it starts successfully.

ToniCarman · « **Reply #34 on:** April 17, 2010, 07:08:36 AM »

Im assuming by Reboot you mean Restart?

I will do that now.

ToniCarman · « **Reply #35 on:** April 17, 2010, 07:18:52 AM »

ok, restarted twice, into normal mode successfully. Its not bad speed wise, could probably be faster, but that might have to do with some of my applications/memory capacity.

What's next? Do we want to continue and do the restore point and clear the things I downloaded?

Dr Jay · « **Reply #36 on:** April 17, 2010, 11:46:07 AM »

Sure.

Computer Hope Forum

News:

Author Topic: Virus infection- Please help. (Read 40223 times)

ToniCarman

chrissypie

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

ToniCarman

ToniCarman

ToniCarman

ToniCarman

ToniCarman

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

ToniCarman

Dr Jay

ToniCarman

Dr Jay

ToniCarman

ToniCarman

Dr Jay