Reply
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003
Accepted Solution

Computer starting and running very very slow.

hello

i've had a few issues in the recent pass which made me upload Norton software...

adaware....i reuploaded cause the updates weren't working or taking such a long time i took a nap

 

anyway.......

i could justify returning to low/no cost dial up connection as it appears as if my comcast cable connect is no faster than that

 

i've done disk optimation, taken out most of the icons on startups....blah blah blah

 

diskmanager doesnt show ANY applications running

and.......

there are over 70 processes running...

some suspicous ones would be

unsecapp,exe (all of these are execute commands)

iexplore

khalmnpr

kem

wlidsvcm

wimprvse   (what is this the wimpy perverse program dot exe.  lol)

wuaclt

tskmgr (5 different entries)

dpupcheck

and many more...is this possibly the cause?

 

 

someone please help

 

Security Expert
USAF_E-8_RET
Posts: 5,135
Registered: ‎10-28-2003

Re: Computer starting and running very very slow.

I've requested LPP to have a look at this as he worked with your last month on other problems.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
Posts: 19
Registered: ‎09-29-2007

Re: Computer starting and running very very slow.

most of those are windows files.

 

first what operating system are you running?

how much ram

what processor or if its a dell or hp what is the model number

what modem did comcast give you

 

If you think it's a virus or your pc has been compromised, loading on an AV afterwards does little good. I would suggest trying Mbam from Malwarebytes.  It can be downloaded from Cnet's downloads section. Just make sure to allow it to update to the latest definitions.  Oh and it's not some massive download like Norton, since its more of a cleaner than a protector in its freeware version.  Its been tested as clean of spyware/bloatware etc.  It's often suggested by tech's helping people clean up after an infection. 

 

If mbam won't install, you have an infection.  There is a way to get around this. 

Rename the exe file.

Turn off system restore(viruses may imbed themselves and restore themselves on reboot after a cleaning)

Reboot into Safemode with networking if possible.  If not possible you'll have to install mbam before rebooting and allow it to update it's definitions.

While in safe mode, run the Anti-malwarebytes comprehensive or full scan.  This will take awhile depending on your system.  It takes me about half an hour for a comprehensive scan with a i7-920 processor and 12G ram.  You may want to shut off any hibernation or sleep mode functions to the pc while it runs, you can leave the monitor sleep mode, but sleep mode tends to mess with scanning.  If you get a positive hit during the scan, you'll want to run it again after it quarantines. 

 

If mbam comes back clean, then you will need to address something either hardware or a corruption in the OS.  Do you regularly clean your pc.  Open it up and use canned air to clear out the dust that accumulates. 

 

My guess is at start up you have stuff like yahoo, adobe, jusched, among other programs that want to usurp bandwidth, weatherbug is one I just hate.  Most of these are annoying in the fact they don't like to be told they can't run automatically.  Just removing them from the startup folder isn't going to shut them off.  Basically there should only be two things that need to be allowed to run automatically, thats your AV/Firewall software and your windows update.  Although I won't suggest doing anything major, a simple Run Command for msconfig will bring up the startup configuration.  You should post what is listed there.

 

You can try opening a cmd prompt, elevated run as admin if you are using vista or 7. and running at the

C:\windows\system32>sfc /scannow

This is a system file checker that will verify windows operating files are working properly.

 

You could be running processes you don't need. 

What type of set up are you running.  Does your modem's cable go to a router and provide wireless network to your house?

Have you updated your computers drivers, for your Network Interface Card?

Have you made sure all the connections are tight?

Are you in an apartment or a house?

If you are using a router such as a Linksys, what is the model, and have you checked the mfr's website to make sure you have the latest firmware?

 

Have you tried typing in 192.168.100.1 in your browser window.  This will give you a snapshot of the modem normally.  If you have a router, there will be a similar ip address for it that you can find out from the mfr.

 

Ok I've given you a lot of different ideas, I can't be more specific without information on your OS, computer specs, and I can't really troubleshoot your modem.  If none of this helps, you might try the Live Chat from comcast, their support people can take a look at your modem remotely, and see if there is an issue with the modem.

 

good luck

 

Security Expert
USAF_E-8_RET
Posts: 5,135
Registered: ‎10-28-2003

Re: Computer starting and running very very slow.

sporati, I appreciate your suggestions, however if you look back thru bsrk's past posts you'll find this one in which LPP spent a lot of time with the OP.   I would like to suggest we let him handle it.

 

I will PM you - click on the yellow envelope at the topof the forum (just inc ase you are not familiar with a Lithium Powered forum.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Run OTL and post the log in this threas. Use more than one post if needed.

 

You'll find instructions for OTL here:

http://www.dslreports.com/faq/13616

 

It's Step 3. No need to do anything else at this point.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

hello again LPP....

heres my OTL log....

it only gave me one

also there is one message that pops up everyonce in awhile about me not having specific dll file

i wrote it down and will try to find it although its been doing that awhile and seemingly not affecting my speed like it does now

also.....seems strange to me but its only on start up is this the most common problem with speed

once i'm in it seems ok

operating system i have is Windows xp

how much ram?  i'm not sure how to check other than going into my computer and the c drive has 3.11 left

i have a dell with 4 hard drives and was phyically put together in early 2000

i have a webstar modem and a vonage router

i know that you specifically didnt ask but there is that info

heres the log

 

OTL logfile created on: 8/9/2010 8:19:52 PM - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Suzanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.48 Gb Total Space | 3.12 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
Drive D: | 92.65 Gb Total Space | 78.56 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 74.11 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive F: | 114.48 Gb Total Space | 20.43 Gb Free Space | 17.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SUZANNEPC
Current User Name: Suzanne
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/08/09 20:14:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
PRC - [2010/06/09 20:55:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/02/12 11:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/01 14:43:46 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/06/01 14:43:46 | 000,448,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 13:16:08 | 001,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/20 19:06:24 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/08 22:07:33 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2005/11/08 03:31:48 | 000,278,528 | ---- | M] (InterVideo Inc.) -- D:\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2005/10/25 23:48:30 | 000,988,565 | ---- | M] (Acronis) -- D:\trueimage\TrueImageMonitor.exe
PRC - [2005/10/25 23:48:30 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/10/25 23:48:30 | 000,118,784 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2005/10/21 17:13:40 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/10/21 17:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/10/21 17:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/21 16:54:54 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/10/20 22:47:58 | 001,687,552 | ---- | M] (Sonic Solutions) -- D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
PRC - [2005/03/02 17:12:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Topro\tppoll.exe
PRC - [2004/12/22 09:21:48 | 000,823,296 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2004/10/28 10:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/10/21 14:28:40 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/04 11:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2002/12/19 02:59:00 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2001/03/26 00:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/08/09 20:14:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/10/28 10:27:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/01/14 21:48:53 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2001/07/30 22:01:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\MouseDll.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/10/25 23:48:30 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/10/21 17:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 17:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaD:smileycool:
SRV - [2005/10/21 17:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 14:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 14:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WPN111.sys -- (WPN111)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\SVKP.sys -- (SVKP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\mhmtqtix.jtq -- (MHMTQTIX)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\athwpn.sys -- (ATHFMWDL)
DRV - [2010/08/03 17:52:53 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/03 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100809.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/03 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100809.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/22 07:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/19 19:28:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft A:smileycool: [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/16 21:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100805.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/07/24 17:11:18 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/10/21 07:56:17 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2006/03/28 15:03:22 | 000,198,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TP6800.sys -- (DCamUSBIntel)
DRV - [2006/01/08 21:54:19 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006/01/08 21:54:19 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006/01/08 21:54:16 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005/12/15 21:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005/10/21 15:34:30 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/20 09:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/20 09:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/20 09:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/20 09:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/08/25 21:37:08 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/08/03 23:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/11 08:00:00 | 000,236,928 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2005/01/27 04:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/01/05 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/21 14:32:12 | 000,013,107 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/10/21 14:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 14:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 14:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 14:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/10/07 11:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/03 21:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 21:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2003/10/10 05:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2003/01/27 13:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/01/16 16:03:08 | 000,129,084 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aox402vc.sys -- (Aox402Camera) Concord Eye-Q Mini (Video)
DRV - [2001/11/20 14:58:14 | 000,067,332 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aox402sc.sys -- (SE402RefCameraStill) Concord Eye-Q Mini (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/02 12:43:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/04 15:27:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/03 17:54:59 | 000,000,000 | ---D | M]
 
[2008/06/26 15:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Extensions
[2008/06/27 06:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions
[2006/05/02 04:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{1BF7AC8B-3EE4-46be-AD8B-7F1FA1F3E15D}
[2008/06/26 15:44:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/01/15 19:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2006/01/15 19:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2006/01/15 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\temp
[2008/06/26 15:45:05 | 000,001,229 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\a9.xml
[2008/06/26 15:45:05 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\ask.xml
[2008/06/26 15:45:06 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\expediadotcom.xml
[2008/06/26 15:45:06 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\flickr-tags.xml
[2008/06/26 15:45:06 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\hollywood.xml
[2008/06/26 15:45:07 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\IMDB.xml
[2008/06/26 15:45:07 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\lonelyplanet.xml
[2008/06/26 15:45:07 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\webster.xml
[2008/06/26 15:45:07 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\wikipedia.xml
[2008/06/27 06:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2005/07/21 20:40:44 | 001,384,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
 
O1 HOSTS File: ([2010/07/14 20:40:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [\DELLXPS\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R300 Series on DELLXPS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [CloneCDTray] D:\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\1.1.0.10\FileHelper.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [OESYFplugin]  File not found
O4 - HKLM..\Run: [RoxioDragToDisc] D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe ()
O4 - HKLM..\Run: [TransferAgent]  File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\trueimage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: X-Casino - {5B477265-656E-4869-6C6C-5D4945657874} - F:\X-Casino\XCasino.exe File not found
O9 - Extra 'Tools' menuitem : X-Casino - {5B477265-656E-4869-6C6C-5D4945657874} - F:\X-Casino\XCasino.exe File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {08BF311F-789B-4413-B7B9-05355A612410} Reg Error: Key error. (JadeScanGui)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.... (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v57/bjattack/bja.cab (BJA Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?11907665354... (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?120164216... (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} Reg Error: Key error. (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} Reg Error: Key error. (Driver Agent ActiveX Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5506/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab (H2hPool Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/25 21:25:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (SsiEfr.e) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/08/09 20:14:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
[2010/08/07 02:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\My Music
[2010/08/06 01:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\PAINT PROGS
[2010/08/06 01:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\COMCAST SLOWNESS PROB
[2010/08/05 22:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\My Pictures
[2010/08/05 18:10:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/05 18:10:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/05 18:10:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/05 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\UTILITIES
[2010/08/05 16:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\McDs + other burger joints
[2010/08/05 16:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\TAXES
[2010/08/05 16:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\GOOGLE SEARCHES
[2010/08/04 18:31:41 | 000,064,288 | ---- | C] (Lavasoft A:smileycool: -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/04 18:21:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/04 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/03 21:44:10 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/08/03 21:44:10 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/08/03 21:44:10 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/08/03 21:44:09 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/08/03 21:44:09 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/08/03 21:44:09 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/08/03 21:44:09 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/08/03 21:44:08 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/08/03 21:43:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/08/03 17:53:20 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/03 17:52:55 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/03 17:52:55 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/03 17:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/08/03 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/08/03 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\Symantec
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/03 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/08/03 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/02 12:28:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/25 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\PARDON EXPUNGEMENT
[2010/07/24 22:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\QUICK CASH KIT
[2010/07/22 21:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\WEB DESIGN
[2010/07/22 21:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\UTILITES
[2010/07/22 15:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/22 15:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Sunbelt Software
[2010/07/22 15:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Temp
[2010/07/22 07:37:29 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/07/17 15:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\jims
[2010/07/15 22:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\EBAY
[2010/07/15 22:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\MEDICATION ASSIST
[2010/07/15 21:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\COMPASS
[2010/07/15 21:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\LOGS FROM AV SEC FIX
[2010/07/14 21:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Application Data\QuickScan
[2010/07/14 20:40:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/12 23:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\QUINN
[2010/07/12 22:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\MOM IN WOLDOW COLUMN
[2010/07/12 22:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\BETH KATZ
[2010/07/12 22:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\AIR CONDITIONER
[2010/07/12 22:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\TRANSPORTATION
[2010/07/11 20:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/11 20:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2005/08/25 23:00:18 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/08/09 20:17:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
[2010/08/09 20:14:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
[2010/08/09 20:05:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/09 19:16:08 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\About bsrk - Comcast Help and Support Forums.url
[2010/08/09 19:09:34 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Private Messages - Comcast Help and Support Forums.url
[2010/08/09 19:06:20 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Troubleshooting Suggestions for Connection-Related... - Comcast Help and Support Forums.url
[2010/08/09 19:02:28 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\How can Comcast advertise 15 mbps - Comcast Help and Support Forums.url
[2010/08/09 18:39:47 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Joy Bauer's Your Inner Skinny Diet - Diet and Nutrition Center - Everyday Health (2).url
[2010/08/09 18:39:14 | 000,399,703 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\poretta and orr.pdf
[2010/08/09 18:17:53 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\ Welcome to Poretta & Orr, Inc. .url
[2010/08/09 18:00:18 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/08/09 17:56:43 | 000,113,210 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\mcdonalds nutrion.pdf
[2010/08/09 17:56:06 | 000,113,210 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\mcds food counts
[2010/08/09 17:55:30 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Calorie Counter - Mcdonalds Calorie Count.url
[2010/08/09 17:54:40 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Joy Bauer's Your Inner Skinny Diet - Diet and Nutrition Center - Everyday Health.url
[2010/08/09 17:49:14 | 000,000,327 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\How Life Works  Overcapacity Means You Can Nab a Cruise at Up To 75% Off.url
[2010/08/09 15:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/09 14:29:57 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Questions You Should Ask in Your Job Interview.url
[2010/08/09 14:03:39 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\WikiAnswers - What to do in an interview.url
[2010/08/09 13:50:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/09 13:43:39 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10071102}.CDF
[2010/08/09 13:43:33 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 13:42:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 13:42:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 18:03:33 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/08 18:03:33 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/08 18:03:33 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/08 18:03:33 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/08 18:03:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/08/08 18:03:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/08/08 18:03:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
[2010/08/08 18:03:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
[2010/08/08 18:03:09 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Suzanne\ntuser.dat
[2010/08/08 18:03:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Suzanne\ntuser.ini
[2010/08/06 22:47:41 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\NiteFlirt Community Forums.url
[2010/08/06 11:29:38 | 002,122,688 | -H-- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\IconCache.db
[2010/08/06 03:19:07 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/08/06 01:02:36 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\clotrimazole + betamethasone dipropionate - Google Search.url
[2010/08/05 23:05:22 | 000,022,393 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\bridal.jpg
[2010/08/05 17:24:11 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Target Job Application System.url
[2010/08/05 16:51:18 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyDVD.lnk
[2010/08/04 18:21:45 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/04 17:10:24 | 000,000,367 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Target  Careers  Careers.url
[2010/08/04 15:13:16 | 000,685,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/03 17:52:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/03 17:52:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/03 17:52:53 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/03 17:52:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/02 12:44:09 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 12:33:37 | 000,545,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/02 12:33:37 | 000,471,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/02 12:33:37 | 000,083,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 23:30:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/25 19:23:09 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Site Map.url
[2010/07/25 19:22:42 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Goodwill Industries International, Inc..url
[2010/07/25 19:12:25 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance (3).url
[2010/07/25 19:10:14 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Department of Corrections.url
[2010/07/25 19:01:17 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\CWDS - Public Home Page.url
[2010/07/25 18:59:52 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\STATE PORTAL.url
[2010/07/25 18:50:04 | 000,000,244 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Reentry FROM CORRECTIONS.url
[2010/07/25 18:41:18 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance (2).url
[2010/07/25 18:38:10 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance.url
[2010/07/25 00:52:29 | 000,000,085 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/22 22:19:28 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to adaware scan 072210.lnk
[2010/07/22 22:19:28 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to pa uc filed 070410.lnk
[2010/07/22 22:19:28 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to wellbutrin.lnk
[2010/07/22 22:19:28 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to f1040ez.lnk
[2010/07/22 22:19:28 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to BCT.lnk
[2010/07/22 22:19:28 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Energy powder designed to look like COCAINE could be sold in Britain  Mail Online.url
[2010/07/22 22:19:28 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\It's easy to find the Office Supplies, Copy Paper, Furniture, Ink, Toner, Cleaning Products, Electronics and Technology you need  Staples®.url
[2010/07/22 22:19:28 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Psychological Testing  Psychological Assessment.url
[2010/07/22 22:19:28 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Local Office Search.url
[2010/07/22 22:19:28 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Reading Terminal Market › Home.url
[2010/07/22 22:19:28 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Site Map for the APCO International Web Site.url
[2010/07/22 22:19:28 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\WinSCP  Free SFTP and FTP client for Windows (2).url
[2010/07/22 22:19:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Patient Assistance Program for Medicare Part D enrollees.url
[2010/07/22 22:19:28 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\COMMONWEALTH OF PA BUREAU OF STATE EMPLOYMENT.url
[2010/07/22 22:19:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut (2) to Microsoft Outlook.lnk
[2010/07/22 22:19:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to Microsoft Outlook.lnk
[2010/07/22 15:32:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/22 07:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/07/21 23:19:31 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\iGoogle.url
[2010/07/21 23:00:16 | 000,002,993 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Discovery News Videos.url
[2010/07/21 22:52:41 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works (2).url
[2010/07/21 22:52:01 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works.url
[2010/07/21 12:30:26 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Suzanne R. Kondracki's Resume.url
[2010/07/19 22:00:32 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Marriott International Employment Application  Apply Online.url
[2010/07/19 21:45:29 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Sheraton Careers Homepage Find and apply for hotel jobs and travel careers www.sheraton.jobs.url
[2010/07/19 18:11:33 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\PeopleAnswers.url
[2010/07/19 17:45:53 | 000,000,043 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/07/19 16:00:02 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Social Security Online - Benefit Eligibility Screening Tool (BEST).url
[2010/07/19 12:59:33 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\The Pennsylvania House of Representatives.url
[2010/07/18 22:03:08 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Kohl’s Careers.url
[2010/07/17 19:44:12 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/17 02:42:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/15 23:19:23 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Pagers Batteries - Motorola PAGEWRITER 2000X replacement battery.url
[2010/07/15 23:19:03 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\battery for motorola pagewriter 2000x - Google Search.url
[2010/07/15 23:16:12 | 000,000,445 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\motorola pagewriter 2000x - Google Search.url
[2010/07/15 22:01:12 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\GovBenefits.gov - Your Benefits Connection (2).url
[2010/07/15 17:48:44 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Careers - Financial Services Careers.url
[2010/07/15 12:44:56 | 000,135,795 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\BCT.pdf
[2010/07/14 20:40:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/14 13:17:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/13 21:50:31 | 000,004,347 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\VIPdesk Recruiting Portal Account Creation.eml
[2010/07/13 20:26:19 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Job Search Progress 07132010.xls
[2010/07/13 17:05:40 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Feedbackblog ON TWIT AND T W a T.url   (had to space because it is a bad word)
[2010/07/13 11:39:20 | 000,495,044 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\medicaid Enrollment_fs_10.pdf
[2010/07/12 18:32:40 | 000,123,890 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\f1040ez.pdf
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft A:smileycool: -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/11 22:10:50 | 000,227,188 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\r5.pdf
[2010/07/11 20:37:07 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Doylestown Hospital Candidate Self-Service.url
[2010/07/11 19:56:46 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Find Jobs on CareerBuilder.com.url
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/09 19:16:08 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\About bsrk - Comcast Help and Support Forums.url
[2010/08/09 19:09:34 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Private Messages - Comcast Help and Support Forums.url
[2010/08/09 19:06:20 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Troubleshooting Suggestions for Connection-Related... - Comcast Help and Support Forums.url
[2010/08/09 19:02:28 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\How can Comcast advertise 15 mbps - Comcast Help and Support Forums.url
[2010/08/09 18:39:47 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Joy Bauer's Your Inner Skinny Diet - Diet and Nutrition Center - Everyday Health (2).url
[2010/08/09 18:39:14 | 000,399,703 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\poretta and orr.pdf
[2010/08/09 18:17:53 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\ Welcome to Poretta & Orr, Inc. .url
[2010/08/09 17:56:43 | 000,113,210 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\mcdonalds nutrion.pdf
[2010/08/09 17:56:06 | 000,113,210 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\mcds food counts
[2010/08/09 17:55:30 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Calorie Counter - Mcdonalds Calorie Count.url
[2010/08/09 17:54:40 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Joy Bauer's Your Inner Skinny Diet - Diet and Nutrition Center - Everyday Health.url
[2010/08/09 17:49:14 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\How Life Works  Overcapacity Means You Can Nab a Cruise at Up To 75% Off.url
[2010/08/09 14:29:57 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Questions You Should Ask in Your Job Interview.url
[2010/08/09 14:03:38 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\WikiAnswers - What to do in an interview.url
[2010/08/06 22:47:41 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\NiteFlirt Community Forums.url
[2010/08/06 01:02:32 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\clotrimazole + betamethasone dipropionate - Google Search.url
[2010/08/05 23:05:17 | 000,022,393 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\bridal.jpg
[2010/08/05 17:24:11 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Target Job Application System.url
[2010/08/05 16:51:18 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyDVD.lnk
[2010/08/05 02:20:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/04 18:21:45 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/04 17:10:23 | 000,000,367 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Target  Careers  Careers.url
[2010/08/04 15:12:47 | 000,685,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/03 21:44:10 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/08/03 21:44:10 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/08/03 21:44:10 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/08/03 21:44:10 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/08/03 21:44:09 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/08/03 21:44:09 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/08/03 21:44:09 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/08/03 21:44:09 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/08/03 21:44:09 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/08/03 21:44:09 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/08/03 21:44:09 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/08/03 21:44:09 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/08/03 21:44:09 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/08/03 21:44:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/08/03 21:44:08 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/08/03 21:44:08 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/08/03 21:43:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/08/03 17:52:55 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/03 17:52:55 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/25 19:23:09 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Site Map.url
[2010/07/25 19:22:42 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Goodwill Industries International, Inc..url
[2010/07/25 19:12:25 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance (3).url
[2010/07/25 19:10:14 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Department of Corrections.url
[2010/07/25 19:01:17 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\CWDS - Public Home Page.url
[2010/07/25 18:59:52 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\STATE PORTAL.url
[2010/07/25 18:50:04 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Reentry FROM CORRECTIONS.url
[2010/07/25 18:41:18 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance (2).url
[2010/07/25 18:38:10 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance.url
[2010/07/22 22:19:28 | 000,002,993 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Discovery News Videos.url
[2010/07/22 22:19:28 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to adaware scan 072210.lnk
[2010/07/22 22:19:28 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to pa uc filed 070410.lnk
[2010/07/22 22:19:28 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to wellbutrin.lnk
[2010/07/22 22:19:28 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to f1040ez.lnk
[2010/07/22 22:19:28 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to BCT.lnk
[2010/07/22 22:19:28 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Energy powder designed to look like COCAINE could be sold in Britain  Mail Online.url
[2010/07/22 22:19:28 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\It's easy to find the Office Supplies, Copy Paper, Furniture, Ink, Toner, Cleaning Products, Electronics and Technology you need  Staples®.url
[2010/07/22 22:19:28 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\PeopleAnswers.url
[2010/07/22 22:19:28 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\GSK Access Eligibility Criteria.url
[2010/07/22 22:19:28 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Psychological Testing  Psychological Assessment.url
[2010/07/22 22:19:28 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Local Office Search.url
[2010/07/22 22:19:28 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Reading Terminal Market › Home.url
[2010/07/22 22:19:28 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Statement for Recipients of PA UC.url
[2010/07/22 22:19:28 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Site Map for the APCO International Web Site.url
[2010/07/22 22:19:28 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\WinSCP  Free SFTP and FTP client for Windows (2).url
[2010/07/22 22:19:28 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Patient Assistance Program for Medicare Part D enrollees.url
[2010/07/22 22:19:28 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\COMMONWEALTH OF PA BUREAU OF STATE EMPLOYMENT.url
[2010/07/22 22:19:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut (2) to Microsoft Outlook.lnk
[2010/07/22 22:19:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to Microsoft Outlook.lnk
[2010/07/22 21:49:00 | 000,001,523 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\peace.gif
[2010/07/22 15:00:11 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/22 15:00:10 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/21 22:52:41 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works (2).url
[2010/07/21 22:52:01 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works.url
[2010/07/19 22:00:32 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Marriott International Employment Application  Apply Online.url
[2010/07/19 21:45:28 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Sheraton Careers Homepage Find and apply for hotel jobs and travel careers www.sheraton.jobs.url
[2010/07/19 16:00:02 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Social Security Online - Benefit Eligibility Screening Tool (BEST).url
[2010/07/19 12:59:33 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\The Pennsylvania House of Representatives.url
[2010/07/18 22:03:08 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Kohl’s Careers.url
[2010/07/15 23:19:23 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Pagers Batteries - Motorola PAGEWRITER 2000X replacement battery.url
[2010/07/15 23:19:03 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\battery for motorola pagewriter 2000x - Google Search.url
[2010/07/15 23:16:12 | 000,000,445 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\motorola pagewriter 2000x - Google Search.url
[2010/07/15 17:48:44 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Careers - Financial Services Careers.url
[2010/07/15 12:44:56 | 000,135,795 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\BCT.pdf
[2010/07/13 21:50:31 | 000,004,347 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\VIPdesk Recruiting Portal Account Creation.eml
[2010/07/13 20:19:03 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Job Search Progress 07132010.xls
[2010/07/13 17:05:40 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Feedbackblog ON TWIT AND T W AT.url   (again, wouldnt let me use this word whole.
[2010/07/13 11:39:20 | 000,495,044 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\medicaid Enrollment_fs_10.pdf
[2010/07/12 22:29:01 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\My eBay Selling (2).url
[2010/07/12 22:29:01 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\CATV-Analog Product Line Manager job in Horsham, PA Marketing and Technology careers - Yahoo HotJobs.url
[2010/07/12 22:29:01 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Metropolis - Philadelphia News & Journalism In-Depth, Investigative Commentary & Analysis.url
[2010/07/12 22:28:58 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Amazon.com 3 doors down the better life.url
[2010/07/12 22:28:58 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\swf - Google Search.url
[2010/07/12 22:28:58 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Pennsylvania Lottery - Benefits Older Pennsylvanians. Every Day..url
[2010/07/12 22:28:58 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\WinSCP  Free SFTP and FTP client for Windows.url
[2010/07/12 22:28:58 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\GlaxoSmithKline Bridges to Access Obtain Applications.url
[2010/07/12 18:32:40 | 000,123,890 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\f1040ez.pdf
[2010/07/11 22:10:50 | 000,227,188 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\r5.pdf
[2010/07/11 20:37:07 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Doylestown Hospital Candidate Self-Service.url
[2010/07/11 19:56:45 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Find Jobs on CareerBuilder.com.url
[2010/03/20 19:13:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolumeAP.dll
[2009/09/13 20:21:11 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SiteSpiderforms.ini
[2008/07/06 15:17:45 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2007/10/10 00:00:20 | 001,523,712 | ---- | C] () -- C:\WINDOWS\System32\ToproVC.dll
[2007/10/10 00:00:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\camlib.dll
[2007/07/20 03:50:05 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2007/07/20 03:50:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2007/07/20 03:50:04 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2007/06/17 05:04:37 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/20 08:50:53 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2006/11/20 07:12:29 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ippsrw7.dll
[2006/11/20 07:12:29 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ippsrpx.dll
[2006/11/20 07:12:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ippsra6.dll
[2006/11/20 07:12:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ippsrm6.dll
[2006/11/20 07:12:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ippsr.dll
[2006/11/20 07:12:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\ippcvw7.dll
[2006/11/20 07:12:24 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\ippcva6.dll
[2006/11/20 07:12:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\ippcvm6.dll
[2006/11/20 07:12:24 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\ippcvpx.dll
[2006/11/20 07:12:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ippcv.dll
[2006/11/20 07:12:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/11/03 18:16:26 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/21 07:56:17 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/10/20 10:23:47 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/10/20 04:10:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/20 04:10:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/08/30 02:30:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/03 20:35:20 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/31 02:17:05 | 000,001,665 | ---- | C] () -- C:\WINDOWS\FiveCardFrenzy.ini
[2006/01/29 14:57:07 | 000,000,094 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/01/29 03:33:10 | 000,000,968 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/01/22 03:05:24 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/22 03:05:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 07:35:50 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll
[2006/01/09 02:37:17 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2006/01/09 02:37:17 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2006/01/09 02:37:17 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2006/01/09 02:37:17 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2006/01/09 02:37:17 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2006/01/09 02:36:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2006/01/09 02:36:54 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2006/01/09 02:36:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2006/01/09 02:36:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/01/09 02:36:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/01/09 02:36:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2006/01/09 02:36:49 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/01/09 02:21:49 | 000,010,585 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/01/09 00:11:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/09 00:11:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/09 00:11:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/09 00:11:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/09 00:11:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/09 00:11:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/08 23:00:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/24 21:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/21 15:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/10/19 17:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/25 23:02:27 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/25 23:01:25 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005/08/25 23:01:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/25 23:00:29 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005/08/25 23:00:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/08/25 22:57:42 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/03 15:54:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/28 10:00:59 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MPEGCreator.dll
[2004/08/11 07:41:08 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\WMVCreator.dll
[2004/08/11 07:03:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\AVICreator.dll
[2004/08/04 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/05/20 11:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 15:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/11/16 14:32:30 | 001,253,376 | ---- | C] () -- C:\WINDOWS\System32\mptiff.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/30 23:29:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2002/11/24 08:40:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/01/08 21:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2007/01/05 15:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2008/02/27 05:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/04/30 20:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/04/06 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/02/01 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CandyLabs
[2007/10/08 23:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/02/11 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2006/02/07 02:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2006/12/31 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/09/11 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007/09/01 03:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/11/30 19:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INMPAIFTXG
[2006/04/30 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2006/01/09 00:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MimarSinan
[2009/12/01 17:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/04/30 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2009/02/20 16:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/06/29 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/01 17:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/02/06 18:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/07/30 01:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/14 14:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/08/24 23:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/03/29 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/04 04:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/04 12:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/02/01 18:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/02 19:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/08/04 18:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2006/02/21 05:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\7Wonders
[2006/03/02 02:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Alawar
[2006/11/30 01:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\allTunes
[2006/12/28 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Angkor
[2006/10/20 18:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\AVS Video Converter
[2006/07/13 13:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\BCL Technologies
[2010/03/02 22:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Blitware
[2006/02/01 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CandyLabs
[2010/06/30 22:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CoffeeCup Software
[2009/09/15 15:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CoreFTP
[2010/02/06 18:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\DriverCure
[2006/02/07 02:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\EA
[2006/02/19 08:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Elaborate Bytes
[2006/01/21 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\funkitron
[2007/06/17 03:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\GetRightToGo
[2007/05/01 07:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Incredible Ink
[2006/01/09 02:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\InterVideo
[2006/03/21 10:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\IrfanView
[2007/04/13 15:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\iWin
[2009/02/11 05:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\KompoZer
[2007/01/05 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Leadertech
[2006/02/11 15:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Magic Match
[2007/04/05 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MagicBall3
[2006/01/19 16:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MSNInstaller
[2006/08/23 01:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Musicmatch
[2006/10/25 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\NCH Swift Sound
[2006/12/07 13:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Paltalk
[2007/03/02 17:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\pixelStorm
[2010/07/14 21:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\QuickScan
[2006/10/20 15:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SendYourFiles
[2006/05/28 14:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Seven Zip
[2006/09/03 08:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SlySoft
[2006/12/29 20:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Ulead Systems
[2010/03/26 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Uniblue
[2008/08/15 05:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\VonageTalk
[2007/10/15 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Wildfire
[2006/11/07 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Desktop Search
[2009/12/13 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Live Writer
[2010/08/09 13:50:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/11 03:04:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2010/08/09 18:00:18 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/04/11 05:49:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/08/09 20:17:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WIFI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WEIGHT TRAINING:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WEB DESIGN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\VONAGE 4 FEB MAR10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\UTILITES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\UC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\TRANSPORTATION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\SONGLIST STORIES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\SOCIAL SECURITY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\redbox movie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\QUINN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\pageflip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\MOM IN WOLDOW COLUMN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\misc shortcuts from desktop 062010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\MEDICATION ASSIST:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LOW INCOME:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LOGS FROM AV SEC FIX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LAPTOP BATTERY EBAY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\JOB SEARCH AND SOCIAL NETWORKING FOR THOMPSON AND MARKETING FOCUS0710:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\jmc9232-1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\jims:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\insightbb pages:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\img.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\how_to_Fail_a_Breathalyzer.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\EBAY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\COMPUTER INSIDE PICS FOR FAN 0610:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\COMPASS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\CoffeeCup Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BODY FOR LIFE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BIKE RIDING:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BETH KATZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\AIR CONDITIONER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\UTILITIES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\TAXES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\QUICK CASH KIT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\PARDON EXPUNGEMENT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\PAINT PROGS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\McDs + other burger joints:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\GOOGLE SEARCHES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\COMCAST SLOWNESS PROB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\bridal.jpg:Roxio EMC Stream
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0C23D942276A564A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
< End of report >

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

I don;t see anything glaring in the OTL log but  I wll over it again. Part of your problem is a 10yr old computer with minimal memory and an extremelly small  boot partition (your C: drive). Modern software takes up more space on your system and requires more memory . Older systems can run these programs, but they wil be slow. As an example, I have a back up computer that is a2ghz  P4 processor withr 2gb ram, and an 80gb hard drive. For me, that is a marginally acceptable computer for base email, web surfing, and word processing.

 

There is one file I want to check,, so please do the following:

Please submit the following file(s) to VirusTotal for analysis: [url=http://www.virustotal.com]http://www.virustotal.com[/url]
[b]
C:\WINDOWS\System32\mhmtqtix.jtq
[/b]

Be sure to post the results in this thread.

 

 

Also, can you give me the name of that dll file that causes the error and I will see if that can be easily fixed.

 

One last thing, to avoid confusion and possible goofs, please follow only the instructions that I post.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

[ Edited ]

:smileycry:

 

well the computer is only about 6 years old and would it help if I moved C files to another drive?

i have 78.5 GB free space on D and 74.1 free space on E

so i have to work with what i have...and it's critical to me because I am job hunting and everything is online these days...so

 

I couldnt find C:\WINDOWS\System32\mhmtqtix.jtq   :smileycry:

 

I'm assuming that is what you wanted me to put in virustotal.com

 

 

 

The error i'm getting says ERROR LOADIMG C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll

The specified module could not be found.

 

Yeah there are a few people I trust here but I did see somewhere that when the computer is running slow to perform http:and then an isp number and heres what came out of that.....have no idea if it helps you at all.  Isn't there a way to see how fast my computer is running

 

About Your Modem
This page provides the basic information about your cable modem.

Name

 WebSTAR DPX100

Modem Serial Number

 SM0995841

Cable Modem MAC Address

 00:40:7B:74:10:06

Hardware Version

 1.0

Software Version

 1.1.2 r1.1.3.1-1110 (dpx100-v112r1131-1110a.bin)

Receive Power Level

 -6.33 dBmV

Transmit Power Level

 41.75 dBmV

Cable Modem Status

 operational

 

I can't believe you even put up with all of this seeming complicated questions..

But thanks again.

s

 

 

would it help to move all the extraeous stuff like 'worldwidewinner' games????

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

OK, let's take this one at a time...

 

First:

On  the file, C:\WINDOWS\System32\mhmtqtix.jtq. Did you paste the file name into the box on VirusTotal and  get a not found message, or did you try to find it manually?  if you tried to find it manually it may be hidden. Ttry submitting it by pasting the file name (full path) into the box on Virus Total.

 

 

Second:

On the dll message a booutp the instructions here should fix it:

http://www.utilitysoftwarereviews.com/how-to-remove-paretologic-uusdll-error-message/

 

(Thanks to

 




"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

[ Edited ]

I tried to paste and/or type the file but it wouldn't let me do either.

I'll stop there before doing anything further

awaiting instructions please........

 

 

oh yeah I also searched just that mhmtqtix by searching in the start>search ...nothing

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

If the file is not there, there is no sense in pursuing that avenue. Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

[ Edited ]

Can't thank you enough for all this.....

I'll run that dll link when I get time...

also two I've been getting serious errors which I marked down the coding and always seem to lead to updating drivers.....but first things first.....wanna get rid of this virus

maybe its just bad luck but the other day, yesterday, my outlook express gave me duplicate emails.

ugh...

thanks

Suz..

 

 

OTL logfile created on: 8/17/2010 8:05:38 PM - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Suzanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.48 Gb Total Space | 2.82 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 92.65 Gb Total Space | 78.55 Gb Free Space | 84.78% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 74.11 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive F: | 114.48 Gb Total Space | 20.40 Gb Free Space | 17.82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SUZANNEPC
Current User Name: Suzanne
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/08/11 18:42:02 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/08/11 18:42:01 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/09 20:14:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
PRC - [2010/06/09 20:55:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/02/12 11:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/01 14:43:46 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/06/01 14:43:46 | 000,448,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 13:16:08 | 001,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/20 19:06:24 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/08 22:07:33 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2005/11/08 03:31:48 | 000,278,528 | ---- | M] (InterVideo Inc.) -- D:\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2005/10/25 23:48:30 | 000,988,565 | ---- | M] (Acronis) -- D:\trueimage\TrueImageMonitor.exe
PRC - [2005/10/25 23:48:30 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/10/25 23:48:30 | 000,118,784 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2005/10/21 17:13:40 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/10/21 17:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/10/21 17:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/21 16:54:54 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/10/20 22:47:58 | 001,687,552 | ---- | M] (Sonic Solutions) -- D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
PRC - [2005/03/02 17:12:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Topro\tppoll.exe
PRC - [2004/12/22 09:21:48 | 000,823,296 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2004/10/28 10:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/10/21 14:28:40 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/04 11:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2002/12/19 02:59:00 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2001/03/26 00:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/08/09 20:14:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/10/28 10:27:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/01/14 21:48:53 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2001/07/30 22:01:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\MouseDll.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/11 18:42:01 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/10/25 23:48:30 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/10/21 17:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 17:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaD:smileycool:
SRV - [2005/10/21 17:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 14:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 14:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WPN111.sys -- (WPN111)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\SVKP.sys -- (SVKP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\mhmtqtix.jtq -- (MHMTQTIX)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\athwpn.sys -- (ATHFMWDL)
DRV - [2010/08/11 18:42:16 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/03 17:52:53 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/03 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100817.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/03 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100817.008\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/22 07:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/19 19:28:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft A:smileycool: [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/16 21:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100813.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/07/24 17:11:18 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/10/21 07:56:17 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2006/03/28 15:03:22 | 000,198,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TP6800.sys -- (DCamUSBIntel)
DRV - [2006/01/08 21:54:19 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006/01/08 21:54:19 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006/01/08 21:54:16 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005/12/15 21:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005/10/21 15:34:30 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/20 09:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/20 09:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/20 09:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/20 09:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/08/25 21:37:08 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/08/03 23:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/11 08:00:00 | 000,236,928 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2005/01/27 04:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/01/05 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/21 14:32:12 | 000,013,107 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/10/21 14:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 14:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 14:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 14:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/10/07 11:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/03 21:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 21:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2003/10/10 05:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2003/01/27 13:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/01/16 16:03:08 | 000,129,084 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aox402vc.sys -- (Aox402Camera) Concord Eye-Q Mini (Video)
DRV - [2001/11/20 14:58:14 | 000,067,332 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aox402sc.sys -- (SE402RefCameraStill) Concord Eye-Q Mini (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/02 12:43:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/04 15:27:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/03 17:54:59 | 000,000,000 | ---D | M]
 
[2008/06/26 15:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Extensions
[2008/06/27 06:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions
[2006/05/02 04:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{1BF7AC8B-3EE4-46be-AD8B-7F1FA1F3E15D}
[2008/06/26 15:44:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/01/15 19:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2006/01/15 19:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2006/01/15 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\temp
[2008/06/26 15:45:05 | 000,001,229 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\a9.xml
[2008/06/26 15:45:05 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\ask.xml
[2008/06/26 15:45:06 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\expediadotcom.xml
[2008/06/26 15:45:06 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\flickr-tags.xml
[2008/06/26 15:45:06 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\hollywood.xml
[2008/06/26 15:45:07 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\IMDB.xml
[2008/06/26 15:45:07 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\lonelyplanet.xml
[2008/06/26 15:45:07 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\webster.xml
[2008/06/26 15:45:07 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\wikipedia.xml
[2008/06/27 06:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2005/07/21 20:40:44 | 001,384,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
 
O1 HOSTS File: ([2010/07/14 20:40:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [\DELLXPS\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R300 Series on DELLXPS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [CloneCDTray] D:\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\1.1.0.10\FileHelper.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [OESYFplugin]  File not found
O4 - HKLM..\Run: [RoxioDragToDisc] D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe ()
O4 - HKLM..\Run: [TransferAgent]  File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\trueimage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: X-Casino - {5B477265-656E-4869-6C6C-5D4945657874} - F:\X-Casino\XCasino.exe File not found
O9 - Extra 'Tools' menuitem : X-Casino - {5B477265-656E-4869-6C6C-5D4945657874} - F:\X-Casino\XCasino.exe File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {08BF311F-789B-4413-B7B9-05355A612410} Reg Error: Key error. (JadeScanGui)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.... (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v57/bjattack/bja.cab (BJA Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?11907665354... (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?120164216... (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} Reg Error: Key error. (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} Reg Error: Key error. (Driver Agent ActiveX Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5506/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab (H2hPool Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/25 21:25:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (SsiEfr.e) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/08/17 19:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/14 00:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\GO THRU
[2010/08/12 13:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\LABOR LAWS DISCRIMINATION
[2010/08/12 13:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\WIFI
[2010/08/09 20:14:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
[2010/08/07 02:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\My Music
[2010/08/06 01:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\PAINT PROGS
[2010/08/06 01:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\COMCAST SLOWNESS PROB
[2010/08/05 22:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\My Pictures
[2010/08/05 18:10:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/05 18:10:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/05 18:10:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/05 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\UTILITIES
[2010/08/05 16:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\McDs + other burger joints
[2010/08/05 16:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\TAXES
[2010/08/05 16:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\GOOGLE SEARCHES
[2010/08/04 18:31:41 | 000,064,288 | ---- | C] (Lavasoft A:smileycool: -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/04 18:21:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/04 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/03 21:44:10 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/08/03 21:44:10 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/08/03 21:44:10 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/08/03 21:44:09 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/08/03 21:44:09 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/08/03 21:44:09 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/08/03 21:44:09 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/08/03 21:44:08 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/08/03 21:43:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/08/03 17:53:20 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/03 17:52:55 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/03 17:52:55 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/03 17:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/08/03 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/08/03 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\Symantec
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/03 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/08/03 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/02 12:28:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/25 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\PARDON EXPUNGEMENT
[2010/07/24 22:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\QUICK CASH KIT
[2010/07/22 21:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\WEB DESIGN
[2010/07/22 21:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\UTILITES
[2010/07/22 15:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/22 15:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Sunbelt Software
[2010/07/22 15:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\Temp
[2010/07/22 07:37:29 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2005/08/25 23:00:18 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/08/17 20:08:38 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
[2010/08/17 20:05:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/17 19:58:23 | 000,686,470 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/17 19:33:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/17 19:20:57 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10071102}.CDF
[2010/08/17 19:19:11 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 19:19:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/17 19:17:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 19:17:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 16:08:25 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Fred Beans Family of Dealerships - ATS.url
[2010/08/17 13:53:06 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Fred Beans Family of Dealerships - Search Jobs.url
[2010/08/17 13:51:09 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Fred Beans Family of Dealerships - Job Details.url
[2010/08/17 09:59:35 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/17 09:59:35 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/17 09:59:35 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/17 09:59:35 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/17 09:59:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/08/17 09:59:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/08/17 09:59:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
[2010/08/17 09:59:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
[2010/08/17 09:59:08 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Suzanne\ntuser.dat
[2010/08/17 09:59:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Suzanne\ntuser.ini
[2010/08/17 09:12:22 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\medication for restless leg syndrome - Google Search.url
[2010/08/17 09:03:32 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Microsoft Windows Error Reporting.url
[2010/08/16 18:01:49 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/08/16 14:28:03 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\iGoogle.url
[2010/08/15 03:04:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2010/08/15 01:51:38 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Spinal surgery with minimal pain Find out more (2).url
[2010/08/15 01:51:03 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Spinal surgery with minimal pain Find out more.url
[2010/08/14 17:20:00 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\American Friends - AF.com.url
[2010/08/14 01:20:57 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/08/11 17:16:59 | 004,634,548 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Resolved Security Risksnorton scan 081110.mcf
[2010/08/11 02:19:01 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Causes of fatigue and lack of energy.url
[2010/08/11 00:15:06 | 004,498,483 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Resolved Security Risks.mcf
[2010/08/10 21:25:28 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Shoes  Zappos.com.url
[2010/08/10 19:49:28 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\State Labor Laws Research.url
[2010/08/10 18:34:23 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Pennsylvania Code.url
[2010/08/10 18:20:53 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\order cheap camel snaps cigarettes - Jumptags.com.url
[2010/08/10 18:17:58 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Careers - Financial Services Careers.url
[2010/08/10 18:15:53 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Articles by Robert Gerhart reporter morning call about my deans listCall.url
[2010/08/10 18:15:16 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\April 6 letter to judge douple.doc
[2010/08/09 21:04:59 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\otl log 080910.doc
[2010/08/09 20:14:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
[2010/08/09 18:39:14 | 000,399,703 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\poretta and orr.pdf
[2010/08/09 17:56:43 | 000,113,210 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\mcdonalds nutrion.pdf
[2010/08/09 14:29:57 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\Questions You Should Ask in Your Job Interview.url
[2010/08/06 11:29:38 | 002,122,688 | -H-- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\IconCache.db
[2010/08/05 23:05:22 | 000,022,393 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\bridal.jpg
[2010/08/05 16:51:18 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyDVD.lnk
[2010/08/04 18:21:45 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/03 17:52:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/03 17:52:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/03 17:52:53 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/03 17:52:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/02 12:44:09 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/02 12:33:37 | 000,545,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/02 12:33:37 | 000,471,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/02 12:33:37 | 000,083,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 23:30:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/25 18:38:10 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance.url
[2010/07/25 00:52:29 | 000,000,085 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/22 22:19:28 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to adaware scan 072210.lnk
[2010/07/22 22:19:28 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to pa uc filed 070410.lnk
[2010/07/22 22:19:28 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to wellbutrin.lnk
[2010/07/22 22:19:28 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to f1040ez.lnk
[2010/07/22 22:19:28 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to BCT.lnk
[2010/07/22 22:19:28 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Energy powder designed to look like COCAINE could be sold in Britain  Mail Online.url
[2010/07/22 22:19:28 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\It's easy to find the Office Supplies, Copy Paper, Furniture, Ink, Toner, Cleaning Products, Electronics and Technology you need  Staples®.url
[2010/07/22 22:19:28 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Psychological Testing  Psychological Assessment.url
[2010/07/22 22:19:28 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Local Office Search.url
[2010/07/22 22:19:28 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Reading Terminal Market › Home.url
[2010/07/22 22:19:28 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Site Map for the APCO International Web Site.url
[2010/07/22 22:19:28 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\WinSCP  Free SFTP and FTP client for Windows (2).url
[2010/07/22 22:19:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Patient Assistance Program for Medicare Part D enrollees.url
[2010/07/22 22:19:28 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\COMMONWEALTH OF PA BUREAU OF STATE EMPLOYMENT.url
[2010/07/22 22:19:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut (2) to Microsoft Outlook.lnk
[2010/07/22 22:19:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to Microsoft Outlook.lnk
[2010/07/22 15:32:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/22 07:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/07/21 23:00:16 | 000,002,993 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Discovery News Videos.url
[2010/07/21 22:52:41 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works (2).url
[2010/07/21 22:52:01 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works.url
[2010/07/21 12:30:26 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Suzanne R. Kondracki's Resume.url
[2010/07/19 22:00:32 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Marriott International Employment Application  Apply Online.url
[2010/07/19 21:45:29 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Sheraton Careers Homepage Find and apply for hotel jobs and travel careers www.sheraton.jobs.url
[2010/07/19 18:11:33 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\PeopleAnswers.url
[2010/07/19 17:45:53 | 000,000,043 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/07/19 16:00:02 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Social Security Online - Benefit Eligibility Screening Tool (BEST).url
[2010/07/19 12:59:33 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\The Pennsylvania House of Representatives.url
[2010/07/18 22:03:08 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Kohl’s Careers.url
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/17 16:08:25 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Fred Beans Family of Dealerships - ATS.url
[2010/08/17 13:53:06 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Fred Beans Family of Dealerships - Search Jobs.url
[2010/08/17 13:51:09 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Fred Beans Family of Dealerships - Job Details.url
[2010/08/17 09:12:22 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\medication for restless leg syndrome - Google Search.url
[2010/08/17 09:03:32 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Microsoft Windows Error Reporting.url
[2010/08/15 01:51:38 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Spinal surgery with minimal pain Find out more (2).url
[2010/08/15 01:51:03 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Spinal surgery with minimal pain Find out more.url
[2010/08/14 17:20:00 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\American Friends - AF.com.url
[2010/08/11 17:16:49 | 004,634,548 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Resolved Security Risksnorton scan 081110.mcf
[2010/08/11 02:19:00 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Causes of fatigue and lack of energy.url
[2010/08/11 00:15:00 | 004,498,483 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Resolved Security Risks.mcf
[2010/08/10 21:25:27 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Shoes  Zappos.com.url
[2010/08/10 19:49:28 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\State Labor Laws Research.url
[2010/08/10 18:34:23 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Pennsylvania Code.url
[2010/08/09 21:04:59 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\otl log 080910.doc
[2010/08/09 18:39:14 | 000,399,703 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\poretta and orr.pdf
[2010/08/09 17:56:43 | 000,113,210 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\mcdonalds nutrion.pdf
[2010/08/09 14:29:57 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\Questions You Should Ask in Your Job Interview.url
[2010/08/05 23:05:17 | 000,022,393 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\bridal.jpg
[2010/08/05 16:51:18 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyDVD.lnk
[2010/08/05 02:20:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/04 18:21:45 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/04 15:12:47 | 000,686,470 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/03 21:44:10 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/08/03 21:44:10 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/08/03 21:44:10 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/08/03 21:44:10 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/08/03 21:44:09 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/08/03 21:44:09 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/08/03 21:44:09 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/08/03 21:44:09 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/08/03 21:44:09 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/08/03 21:44:09 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/08/03 21:44:09 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/08/03 21:44:09 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/08/03 21:44:09 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/08/03 21:44:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/08/03 21:44:08 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/08/03 21:44:08 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/08/03 21:43:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/08/03 17:52:55 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/03 17:52:55 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/25 18:38:10 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\H.I.R.E. Resources and Assistance.url
[2010/07/22 22:19:28 | 000,002,993 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Discovery News Videos.url
[2010/07/22 22:19:28 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to adaware scan 072210.lnk
[2010/07/22 22:19:28 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to pa uc filed 070410.lnk
[2010/07/22 22:19:28 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to wellbutrin.lnk
[2010/07/22 22:19:28 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to f1040ez.lnk
[2010/07/22 22:19:28 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to BCT.lnk
[2010/07/22 22:19:28 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Energy powder designed to look like COCAINE could be sold in Britain  Mail Online.url
[2010/07/22 22:19:28 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\It's easy to find the Office Supplies, Copy Paper, Furniture, Ink, Toner, Cleaning Products, Electronics and Technology you need  Staples®.url
[2010/07/22 22:19:28 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\PeopleAnswers.url
[2010/07/22 22:19:28 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\GSK Access Eligibility Criteria.url
[2010/07/22 22:19:28 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Psychological Testing  Psychological Assessment.url
[2010/07/22 22:19:28 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Local Office Search.url
[2010/07/22 22:19:28 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Reading Terminal Market › Home.url
[2010/07/22 22:19:28 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Statement for Recipients of PA UC.url
[2010/07/22 22:19:28 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Site Map for the APCO International Web Site.url
[2010/07/22 22:19:28 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\WinSCP  Free SFTP and FTP client for Windows (2).url
[2010/07/22 22:19:28 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Patient Assistance Program for Medicare Part D enrollees.url
[2010/07/22 22:19:28 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\COMMONWEALTH OF PA BUREAU OF STATE EMPLOYMENT.url
[2010/07/22 22:19:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut (2) to Microsoft Outlook.lnk
[2010/07/22 22:19:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to Microsoft Outlook.lnk
[2010/07/22 21:49:00 | 000,001,523 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\peace.gif
[2010/07/22 15:00:11 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/22 15:00:10 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/21 22:52:41 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works (2).url
[2010/07/21 22:52:01 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\HowStuffWorks How the Radio Spectrum Works.url
[2010/07/19 22:00:32 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Marriott International Employment Application  Apply Online.url
[2010/07/19 21:45:28 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Sheraton Careers Homepage Find and apply for hotel jobs and travel careers www.sheraton.jobs.url
[2010/07/19 16:00:02 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Social Security Online - Benefit Eligibility Screening Tool (BEST).url
[2010/07/19 12:59:33 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\The Pennsylvania House of Representatives.url
[2010/07/18 22:03:08 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Kohl’s Careers.url
[2010/03/20 19:13:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolumeAP.dll
[2009/09/13 20:21:11 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SiteSpiderforms.ini
[2008/07/06 15:17:45 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2007/10/10 00:00:20 | 001,523,712 | ---- | C] () -- C:\WINDOWS\System32\ToproVC.dll
[2007/10/10 00:00:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\camlib.dll
[2007/07/20 03:50:05 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2007/07/20 03:50:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2007/07/20 03:50:04 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2007/06/17 05:04:37 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/20 08:50:53 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2006/11/20 07:12:29 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ippsrw7.dll
[2006/11/20 07:12:29 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ippsrpx.dll
[2006/11/20 07:12:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ippsra6.dll
[2006/11/20 07:12:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ippsrm6.dll
[2006/11/20 07:12:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ippsr.dll
[2006/11/20 07:12:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\ippcvw7.dll
[2006/11/20 07:12:24 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\ippcva6.dll
[2006/11/20 07:12:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\ippcvm6.dll
[2006/11/20 07:12:24 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\ippcvpx.dll
[2006/11/20 07:12:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ippcv.dll
[2006/11/20 07:12:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/11/03 18:16:26 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/21 07:56:17 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/10/20 10:23:47 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/10/20 04:10:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/20 04:10:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/08/30 02:30:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/03 20:35:20 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/31 02:17:05 | 000,001,665 | ---- | C] () -- C:\WINDOWS\FiveCardFrenzy.ini
[2006/01/29 14:57:07 | 000,000,094 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/01/29 03:33:10 | 000,000,968 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/01/22 03:05:24 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/22 03:05:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 07:35:50 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll
[2006/01/09 02:37:17 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2006/01/09 02:37:17 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2006/01/09 02:37:17 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2006/01/09 02:37:17 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2006/01/09 02:37:17 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2006/01/09 02:36:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2006/01/09 02:36:54 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2006/01/09 02:36:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2006/01/09 02:36:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/01/09 02:36:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/01/09 02:36:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2006/01/09 02:36:49 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/01/09 02:21:49 | 000,010,585 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/01/09 00:11:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/09 00:11:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/09 00:11:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/09 00:11:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/09 00:11:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/09 00:11:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/08 23:00:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/24 21:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/21 15:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/10/19 17:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/25 23:02:27 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/25 23:01:25 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005/08/25 23:01:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/25 23:00:29 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005/08/25 23:00:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/08/25 22:57:42 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/03 15:54:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/28 10:00:59 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MPEGCreator.dll
[2004/08/11 07:41:08 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\WMVCreator.dll
[2004/08/11 07:03:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\AVICreator.dll
[2004/05/20 11:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 15:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/11/16 14:32:30 | 001,253,376 | ---- | C] () -- C:\WINDOWS\System32\mptiff.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/30 23:29:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2002/11/24 08:40:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/01/08 21:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2007/01/05 15:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2008/02/27 05:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/04/30 20:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/04/06 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/02/01 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CandyLabs
[2007/10/08 23:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/02/11 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2006/02/07 02:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2006/12/31 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/09/11 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007/09/01 03:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/11/30 19:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INMPAIFTXG
[2006/04/30 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2006/01/09 00:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MimarSinan
[2009/12/01 17:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/04/30 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2009/02/20 16:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/06/29 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/01 17:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/02/06 18:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/07/30 01:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/14 14:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/08/24 23:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/03/29 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/04 04:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/04 12:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/02/01 18:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/02 19:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/08/04 18:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2006/02/21 05:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\7Wonders
[2006/03/02 02:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Alawar
[2006/11/30 01:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\allTunes
[2006/12/28 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Angkor
[2006/10/20 18:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\AVS Video Converter
[2006/07/13 13:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\BCL Technologies
[2010/03/02 22:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Blitware
[2006/02/01 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CandyLabs
[2010/06/30 22:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CoffeeCup Software
[2009/09/15 15:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CoreFTP
[2010/02/06 18:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\DriverCure
[2006/02/07 02:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\EA
[2006/02/19 08:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Elaborate Bytes
[2006/01/21 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\funkitron
[2007/06/17 03:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\GetRightToGo
[2007/05/01 07:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Incredible Ink
[2006/01/09 02:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\InterVideo
[2006/03/21 10:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\IrfanView
[2007/04/13 15:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\iWin
[2009/02/11 05:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\KompoZer
[2007/01/05 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Leadertech
[2006/02/11 15:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Magic Match
[2007/04/05 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MagicBall3
[2006/01/19 16:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MSNInstaller
[2006/08/23 01:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Musicmatch
[2006/10/25 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\NCH Swift Sound
[2006/12/07 13:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Paltalk
[2007/03/02 17:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\pixelStorm
[2010/07/14 21:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\QuickScan
[2006/10/20 15:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SendYourFiles
[2006/05/28 14:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Seven Zip
[2006/09/03 08:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SlySoft
[2006/12/29 20:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Ulead Systems
[2010/03/26 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Uniblue
[2008/08/15 05:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\VonageTalk
[2007/10/15 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Wildfire
[2006/11/07 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Desktop Search
[2009/12/13 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Live Writer
[2010/08/17 19:33:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/15 03:04:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2010/08/16 18:01:49 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/04/11 05:49:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2010/08/17 20:08:38 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WIFI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WEIGHT TRAINING:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WEB DESIGN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\VONAGE 4 FEB MAR10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\UTILITES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\UC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\TRANSPORTATION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\SONGLIST STORIES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\SOCIAL SECURITY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\redbox movie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\QUINN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\pageflip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\MOM IN WOLDOW COLUMN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\misc shortcuts from desktop 062010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\MEDICATION ASSIST:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LOW INCOME:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LOGS FROM AV SEC FIX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LAPTOP BATTERY EBAY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\JOB SEARCH AND SOCIAL NETWORKING FOR THOMPSON AND MARKETING FOCUS0710:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\jmc9232-1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\jims:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\insightbb pages:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\img.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\how_to_Fail_a_Breathalyzer.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\EBAY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\COMPUTER INSIDE PICS FOR FAN 0610:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\COMPASS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\CoffeeCup Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BODY FOR LIFE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BIKE RIDING:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BETH KATZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\AIR CONDITIONER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\WIFI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\UTILITIES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\TAXES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\QUICK CASH KIT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\PARDON EXPUNGEMENT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\PAINT PROGS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\McDs + other burger joints:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\LABOR LAWS DISCRIMINATION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\GOOGLE SEARCHES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\GO THRU:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\COMCAST SLOWNESS PROB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\bridal.jpg:Roxio EMC Stream
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:0C23D942276A564A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
< End of report >

 

 

oh yeah too....you lost me when you starting talkin about partitions.....guess i should read that book that's floating around here.....

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

There are no glaring exploits showing. There is evidence of an old exploit but nothing more.

 

Exactly what symptoms are you having?  Don't worry about all the processes. From the logs there are none harmful;. Perhaps too many running at once, but we can tackle that later.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

Well, I don't know how to put it but the computer is very slow on start up.

That 'recovering from serious error' just recently.

And now my emails are duplicating themselves.

Would it be good to run hijack this?

 

I know there were problems before I installed Norton.

It seemed clean after that last problem but shortly after that the looooong time to

connect and come to comcast's landing page concerns me.

I am taking into the account what you said about the age of the computer and I know

I should delete files but I'm always afraid I will delete something important.

Anything else I can do?

The duplicating email error occured after I installed Norton.

Does that matter.

Sorry I'm all over the place.....maybe its contagious and my computer has it too now.

let me know if this makes any sense.

S

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

Adding or changing software, especially protection software, is never a good idea on a machine with problems. But, it's been done.

 

I want to check for infecitons with a different program..

 

Download the Malicious Software Removal Tool, saving it to your desktop, then run it.

    Link for most computers: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356

    Link for Vista x64, Windows XP x64, or Windows 2003 x64 Editions ONLY: http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74

    After the tool runs, you will find its log here C:\WINDOWS\Debug\mrt.log or here C:\WINNT\Debug\mrt.log. Please include it in your next post in this thread.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

Is this what you wanted? to possibly help me???


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.17, June 2006
Started On Thu Jun 29 02:19:34 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 29 02:20:22 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.18, July 2006
Started On Sun Jul 16 04:20:34 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 16 04:21:09 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Wed Nov 08 04:20:53 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 08 04:21:16 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Wed Nov 08 04:21:23 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 08 04:22:10 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Thu Nov 23 20:43:32 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 23 20:43:59 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Fri Dec 15 17:53:17 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 15 17:53:46 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Sat Jan 13 19:09:54 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 13 19:10:25 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Sat Feb 17 06:45:20 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 17 06:45:44 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Thu Mar 15 21:29:37 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 21:30:05 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Fri Apr 13 17:41:43 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 13 17:42:09 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Thu May 10 10:27:44 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 10 10:29:13 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Sun Jun 17 05:02:51 2007

Quick Scan Results:
----------------
Found virus: TrojanDownloader:Win32/Zlob.gen!A in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\user32.dll
Found virus: TrojanDownloader:Win32/Zlob.gen!A in runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\user32.dll
Found virus: TrojanDownloader:Win32/Zlob.gen!A in file://C:\Program Files\Video ActiveX Access\iesmn.exe
Found virus: TrojanDownloader:Win32/Zlob.gen in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IExplorer Security Plug-in
Found virus: TrojanDownloader:Win32/Zlob.gen in uninstall://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IExplorer Security Plug-in
Found virus: TrojanDownloader:Win32/Zlob.gen in file://C:\Program Files\Video ActiveX Access\iesunst.exe
Found virus: TrojanDownloader:Win32/Zlob.gen in regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Internet Explorer Secure Bar
Found virus: TrojanDownloader:Win32/Zlob.gen in uninstall://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Internet Explorer Secure Bar
Found virus: TrojanDownloader:Win32/Zlob.gen in file://C:\Program Files\Video ActiveX Access\iesbunst.exe

Quick Scan Removal Results
----------------
Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Internet Explorer Secure Bar
Operation succeeded !

Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IExplorer Security Plug-in
Operation succeeded !

Start 'remove' for regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\user32.dll
Operation succeeded !

Start 'remove' for runkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\user32.dll
Operation succeeded !

Start 'remove' for uninstall://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Internet Explorer Secure Bar
Operation succeeded !

Start 'remove' for uninstall://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IExplorer Security Plug-in
Operation succeeded !

Start 'remove' for file://\\?\C:\Program Files\Video ActiveX Access\iesunst.exe
Operation succeeded !

Start 'remove' for file://\\?\C:\Program Files\Video ActiveX Access\iesmn.exe
Operation succeeded !

Start 'remove' for file://\\?\C:\Program Files\Video ActiveX Access\iesbunst.exe
Operation succeeded !


Results Summary:
----------------
For cleaning TrojanDownloader:Win32/Zlob.gen, the system needs to be restarted.
For cleaning TrojanDownloader:Win32/Zlob.gen!A, the system needs to be restarted.

Return code: 10
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 17 05:05:10 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Sun Jun 17 16:05:38 2007
-> Sysclean ERROR: Internal error, code = 8050800C

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 17 16:05:49 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Wed Jul 25 11:03:33 2007
->Scan ERROR: resource process://pid:1120 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 25 11:05:31 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Thu Aug 16 13:17:02 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 13:18:22 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Tue Sep 25 20:32:22 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 25 20:33:22 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Mon Oct 15 06:33:57 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 15 06:34:55 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Wed Nov 14 14:52:40 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 14:53:38 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Fri Dec 14 03:21:38 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 14 03:22:40 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Fri Jan 11 23:29:45 2008
->Scan ERROR: resource process://pid:972 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:972 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 11 23:30:48 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Mon Feb 18 09:14:58 2008
->Scan ERROR: resource process://pid:2112 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2112 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 18 09:16:19 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Thu Mar 06 23:41:22 2008
->Scan ERROR: resource process://pid:2520 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2520 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 06 23:43:22 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Sun Mar 16 04:24:46 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 16 04:26:06 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 23 04:43:34 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 23 04:44:58 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
Started On Wed Jun 04 21:22:30 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 04 21:23:43 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
Started On Sun Jun 15 03:34:50 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 15 03:36:01 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
Started On Sat Jul 26 14:02:54 2008
->Scan ERROR: resource process://pid:2244 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2244 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jul 26 14:05:48 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.1, August 2008
Started On Wed Aug 20 20:10:52 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 20 20:12:05 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Fri Sep 12 02:14:29 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 02:16:05 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Tue Oct 28 08:47:06 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 28 08:48:41 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Wed Oct 29 09:19:48 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 29 09:22:52 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
Started On Thu Nov 27 03:21:17 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 27 03:22:39 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Thu Jan 22 13:53:58 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 22 13:55:32 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
Started On Tue Apr 07 13:53:24 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 07 13:54:58 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
Started On Mon Apr 27 00:53:52 2009
Security policy adjusted. Engine requests reboot and try again, ignoring.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 00:55:32 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Thu May 21 02:13:21 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 21 02:14:52 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Fri Jun 19 12:39:01 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 19 12:41:23 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Fri Jun 19 12:41:27 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 19 12:43:14 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.12, July 2009
Started On Wed Aug 05 17:45:52 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 05 17:47:28 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.13, August 2009
Started On Thu Sep 03 16:09:56 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 03 16:12:09 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Sep 11 01:18:49 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 01:20:46 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.0, October 2009
Started On Fri Oct 16 11:26:49 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 16 11:28:54 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.2, December 2009
Started On Wed Dec 23 13:59:49 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 23 14:01:59 2009


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.3, January 2010
Started On Sat Feb 06 11:57:23 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 06 11:59:37 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.4, February 2010
Started On Sun Mar 07 04:29:21 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 07 04:31:25 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.8, June 2010
Started On Fri Jun 25 18:31:59 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:2816 (code 0x00000057 (87))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 25 18:46:09 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.8, June 2010
Started On Thu Jul 08 15:01:35 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 08 15:06:02 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.9, July 2010
Started On Mon Aug 02 12:36:59 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 02 12:42:14 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.10, August 2010
Started On Tue Aug 17 22:56:16 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 17 23:00:28 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.10, August 2010
Started On Sat Aug 21 19:18:17 2010
->Scan ERROR: resource process://pid:2720 (code 0x00000057 (87))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 21 19:44:00 2010


Return code: 0 (0x0)

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Not good. MSRT removed some infections but had issues with others. At this point I suggest you backup al important data before going any further. It may be necessary to reformat and re-install to return your computer to a stable state.

 

Once you have made backups then delete the MSRT program off your desktpo and do the following...

 

[b]Cleaning Up:[/b]

[i]To Delete TFC[/i]:
[list]* Delete the TFC icon on your Desktop[/list]
[i]Delete OTL[/i]:
[list]* Double click the OTL icon on your Desktop
* Press the 'Cleanup' button[/list]&#9;
[i]Delete Security Check[/i]:
[list]* Delete the SecurityCheck icon on your Desktop[/list]
[i]Delete Malware Bytes[/i]:
[list]* We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.[/list]
[i]Other Programs[/i]:
[list]* If we asked you to install any other programs that are not removed by the OTL cleanup procesure, we will provide separate removal instructions.[/list]

 

 



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Then..

 

Download ComboFix from one of these locations:

[url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b][color=blue]Link 1[/color][/b][/url]
[url=http://www.forospyware.com/sUBs/ComboFix.exe][b][color=blue]Link 2[/color][/b][/url]

[COLOR=purple][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/COLOR]


[list][*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


[*]Double click on ComboFix.exe & follow the prompts.


[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[/list]


[color=blue]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]

[img]http://home.comcast.net/~sward17/other/RcAuto1.gif[/img]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[img]http://home.comcast.net/~sward17/other/whatnext.gif[/img]  

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the [B]C:\ComboFix.txt[/B] in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

Ok. 

so now all i have to do is triage between what's more important with my time

death~taxes~a job~or my computer.....suppose I'll have to flip flop

I don't know where you find the time for all this...

but again thank you.

now for my reply

:smileyshocked:

I read the first reply and couldn't find the 'shaking my head in disbelieve' smiley...

but ok

what i think looks bad, you say is ok

what i think is ok (meaning the MSRT log), you said what I really didn't want to hear.

 

Somewhere along the line...I think I mentioned that I had several expensive software programs

installed by the ex (guy who built the computer) and I wanted them to remain on my computer.

Is there anyway that can be done?  Specifically Clone DVD, Anydvd and well, photoshop i think

i still have.....

 

Anyways......ok now that its out there.

I will deal with your help hopefully.

But I have a few dumby questions.

 

on your first reply

 

Backing up...

I have acronis true image which i'm not really sure how to use but if I save these files where do I save them to?  Here, meaning acronis or on my computer somewhere else or a few cd's?

 

again, i'm jumping around sorry....

 

i did a whoops and didnt save the MSRT program I just ran it

 

(if you have it in you, what exactly made you realize that's where I had the trouble)

 

what is TFC?

 

Do I need to delete OTL from just my desktop? (the logs and the program?) or are they elsewhere too?

 

?Clean up button list i suppose is when i open OTL.

 

Security Check?  Norton?  what is this?

 

MBAM ok...yeah i realize the importance of that.....

but it's one of those programs like hijack this whether you dont know whether to remove or not.....

so.....even i remain a bit clueless for now......if you can try to help

well, just let me know where to send the check (after I win the lotto)

 

and the second post I just printed....will ask questions when i get thru the first....

and if i hit print on options in this forum does it print just the post or the whole thread?

 

i hope you know how much i appreciate this.

s....

 

 

 

 

 

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

OK, stop everything. The only thing I want you to do is open OTL and press the Cleanup button. That will remove OTL.

 

From your response, this forum is not the place to continue trying to help. You computer needs some close attention and you have little  time and less experience dealing with these issues. That's not a criticism, just an honest observation. You would be best served by  taking your computer to a professional and have  them take care of all the problems.

 

Save the image you made with Acronis True image. It's a picture of your computer at the time you made it, Unless it was fairly recent, it will, of course, be out of date. What I meant byh backup was to copy off all the current information  you deem valuable. Note, all images and backups should be stored off the computer. Large (1 terrabyte) external hard drives that connect by USB are available for under $100. Put it on your "need" .list.

 

You should always have the installation disks for any software you have on your computer if it is not available for download online. Keep the keys, serials numbers, etc, safely stored.

 

I'll be happy to answer any other questions that you may have. Just add them to this thread.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

huh, well so much for being proud of myself for getting this far.....

so what do i do with this log now?

 

 

 

ComboFix 10-08-24.07 - Suzanne 08/24/2010  17:15:12.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.433 [GMT -4:00]
Running from: c:\documents and settings\Suzanne\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Suzanne\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Process.exe
c:\windows\system32\skinboxer43.dll
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain.dll
D:\install.exe

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


(((((((((((((((((((((((((   Files Created from 2010-07-24 to 2010-08-24  )))))))))))))))))))))))))))))))
.

2010-08-05 21:30 . 2010-08-05 21:30 503808 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\msvcp71.dll
2010-08-05 21:30 . 2010-08-05 21:30 499712 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\jmc.dll
2010-08-05 21:30 . 2010-08-05 21:30 348160 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\msvcr71.dll
2010-08-05 21:30 . 2010-08-05 21:30 12800 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-728cc8ab-n\decora-d3d.dll
2010-08-05 21:30 . 2010-08-05 21:30 61440 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-728cc8ab-n\decora-sse.dll
2010-08-05 06:20 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-04 22:31 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-04 22:21 . 2010-08-04 22:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 22:21 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-04 22:19 . 2010-08-04 22:19 -------- d-----w- c:\program files\Lavasoft
2010-08-03 21:53 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-03 21:53 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-03 21:52 . 2010-08-03 21:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-03 21:52 . 2010-08-03 21:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-03 21:51 . 2010-08-04 19:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-08-03 21:51 . 2010-08-03 21:51 -------- d-----w- c:\program files\Norton Security Suite
2010-08-03 21:51 . 2010-08-03 21:51 -------- d-----w- c:\program files\Windows Sidebar
2010-08-03 21:48 . 2010-08-03 21:48 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-03 21:48 . 2010-08-03 21:48 -------- d-----w- c:\program files\NortonInstaller
2010-08-03 21:44 . 2010-08-03 21:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-02 16:28 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 21:27 . 2005-08-26 03:09 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
2010-08-24 21:27 . 2005-08-26 03:09 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
2010-08-24 20:51 . 2006-01-09 06:08 132528 -c--a-w- c:\documents and settings\Suzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 20:35 . 2010-03-21 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 19:46 . 2009-12-01 18:36 -------- d-----w- c:\documents and settings\Suzanne\Application Data\HpUpdate
2010-08-05 22:09 . 2006-01-19 20:30 -------- d-----w- c:\program files\Java
2010-08-04 22:19 . 2008-01-14 03:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-03 22:02 . 2007-10-19 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-03 21:52 . 2005-12-31 02:59 -------- d-----w- c:\program files\Symantec
2010-08-03 21:52 . 2010-08-03 21:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-03 21:52 . 2010-08-03 21:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-03 21:02 . 2010-03-18 22:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-28 03:30 . 2009-03-29 01:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 17:24 . 2006-01-09 06:22 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-25 04:52 . 2006-01-11 05:44 85 -c--a-w- c:\windows\popcinfo.dat
2010-07-22 19:32 . 2009-10-31 20:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 19:02 . 2006-01-19 20:32 -------- d-----w- c:\program files\Google
2010-07-22 11:37 . 2010-07-22 11:37 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-17 09:00 . 2010-07-06 00:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:45 . 2010-07-15 01:42 -------- d-----w- c:\documents and settings\Suzanne\Application Data\QuickScan
2010-07-12 01:57 . 2010-07-12 00:54 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-12 01:01 . 2005-08-26 03:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 00:56 . 2010-07-12 00:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-12 00:54 . 2010-07-12 00:54 71680 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-07 22:41 . 2010-07-07 22:41 2855 ----a-w- c:\windows\PIF\bootmenu.PIF
2010-07-06 16:39 . 2010-06-04 20:41 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-01 02:00 . 2009-08-08 05:48 -------- d-----w- c:\program files\CoffeeCup Software
2010-07-01 02:00 . 2010-07-01 02:00 -------- d-----w- c:\documents and settings\Suzanne\Application Data\CoffeeCup Software
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 19:48 . 2010-06-25 16:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-26 01:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-12-31 03:20 . 2005-12-31 03:20 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-06-17 03:48 . 2006-06-17 03:48 110592 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-25 09:06 . 2008-01-30 10:16 6530080 -csha-w- c:\windows\system32\drivers\fidbox.dat
2008-07-25 09:06 . 2008-01-30 10:16 18208 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TrueImageMonitor.exe"="d:\trueimage\TrueImageMonitor.exe" [2005-10-26 988565]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]
"RoxioDragToDisc"="d:\easy media creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-21 1687552]
"MXOBG"="c:\windows\MXOALDR.EXE" [2006-01-09 94208]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTHelper"="CTHELPER.EXE" [2002-12-19 28672]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CloneCDTray"="d:\clonecd\CloneCDTray.exe" [2009-01-29 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"AsioReg"="CTASIO.DLL" [2002-11-08 110592]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-26 118784]
"tppoll"="c:\program files\Topro\tppoll.exe" [2005-03-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"File Helper"="c:\program files\File Helper\1.1.0.10\FileHelper.exe" [2010-01-22 583136]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - d:\intervideo\Common\Bin\WinCinemaMgr.exe [2006-1-9 278528]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-1-13 581632]
Microsoft Office.lnk - d:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Easy Media Creator 8\\Audio Master\\RxTagEdit8.exe"=
"d:\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Topro\\capture.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Easy Media Creator 8\\Sound Editor\\SoundEdit.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\RoxUpnpRenderer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5100:TCP"= 5100:TCP:*:smileylaugh:isabled:127.0.0.1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/4/2010 6:31 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [8/3/2010 9:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [8/3/2010 9:44 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/19/2010 2:15 PM 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [12/17/2008 11:32 PM 236928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [8/3/2010 9:44 PM 501888]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [10/21/2006 7:56 AM 33824]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [8/3/2010 9:44 PM 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [8/3/2010 9:43 PM 126392]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/25/2005 11:01 PM 12160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 5:54 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100820.001\IDSXpx86.sys [8/21/2010 12:33 PM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 3:00 PM 135664]
S2 MHMTQTIX;MHMTQTIX;\??\c:\windows\system32\mhmtqtix.jtq --> c:\windows\system32\mhmtqtix.jtq [?]
S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
S3 Aox402Camera;Concord Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [11/20/2006 7:08 AM 129084]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys --> c:\windows\system32\Drivers\athwpn.sys [?]
S3 DCamUSBIntel;305 Video Camera;c:\windows\system32\drivers\TP6800.sys [10/10/2007 12:00 AM 198672]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/25/2005 9:37 PM 17149]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 6:42 PM 15008]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [1/9/2006 2:40 AM 15104]
S3 SE402RefCameraStill;Concord Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [11/20/2006 7:08 AM 67332]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:42]

2010-08-15 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\1.1.0.10\FileHelper.exe [2010-02-06 23:25]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 19:00]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 19:00]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel
IE: {{5B477265-656E-4869-6C6C-5D4945657874} - f:\x-casino\XCasino.exe
DPF: {08BF311F-789B-4413-B7B9-05355A612410}
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
HKCU-Run-MtdAcq - c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-Auto EPSON Stylus Photo R300 Series on DELLXPS - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
HKLM-Run-TransferAgent - (no file)
HKLM-Run-OESYFplugin - (no file)
HKLM-Run-\DELLXPS\EPSON Stylus Photo R300 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MHMTQTIX]
"ImagePath"="\??\c:\windows\system32\mhmtqtix.jtq"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,27,f1,ed,ec,da,89,4e,92,c7,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,27,f1,ed,ec,da,89,4e,92,c7,3c,\

[HKEY_USERS\S-1-5-21-73586283-484061587-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1736)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\easy media creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-24  17:46:11 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-24 21:45

Pre-Run: 2,933,055,488 bytes free
Post-Run: 2,822,758,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=5 LastKnownGood=3 Sets=1,2,3,5
- - End Of File - - 0E0CDB9E1B02F2B42298EB2938482AE0

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

If  you have the time to devote to trying to fix your computer, I'll keep on working on it. From your last past I made the assumption, perhaps wrongly, that you life was chaotic, at best and that finding time to work on the computer was not high on your list of priorities. Continuing to use an infected computer will only make it worse. If you can devote the time to work on it on a daily basis, then let's continue. I would not expect it to take too much of your time.

 

Let me know if you want to continue



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

yes, my life is more chaotic than most but i'm game if you are

 

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

I want to check two files again. Follow the instructions below. If the file is not uploaded becasue it cannot be found, then tell me than when you post, otherwise post the link to the VirusTotal site foreach file that was uploaded

 

 

Please go to http://www.virustotal.com/

Copy and paste the following file path into the "Upload a file]" box in the center of the page:


c:\windows\system32\mhmtqtix.jtq
c:\windows\system32\SVKP.sys

 

 

Click on the Send File button

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.




If the file has been previously scanned, the results webpage will show:
"File has already submitted"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.





If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

[ Edited ]

When I click your link for virus total and get there

it comes to the Analysis page where it automatically comes up at [upload a file]

and the cursor blinks in the yellow box where you want me to paste the file(s)

but it wont let me paste anything and I cannot type the file name in that box either

 

the only way it will let me do anything in that box is if i use the BROWSE button alongside.

which i didn't

 

at the top where it gives the option to upload a file the only other option is submit a url

which i didnt

 

below the blinking curson in the yellow box and the browse button alongside

the next thing on the page is a little box to check where you would check to 'send it over ssl'

which i didnt

 

and below that a box with sendfile in grey, in box

which i didnt do

 

or send via email

again

awaiting your instructions

 

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

Arggghhh. VirusTotal has changed so you need use the browse button to select the file.

 

OK, go to VirusTotal using the link above. Press the 'Browse' button and navigate to the file(s) listed in my previous post (one at a time). Press the Open or Select button in the file dialog box to transfer the file name to the yellow box. Then press 'Send File'

 

If you can't find the file, let me know and do the next file, or stop if it was the last file.

 

 



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

:smileysad:

if you remember...i couldnt find the mhmt   file before

and i cant find the svkp one this time either

 

i dont know if case matters but you have windows lower case

that for me is WINDOWS upper case when i go to the c drive and check

 

after i got to system32

i organized the files first by name

nothing

then i realized there was a different file ext so i organized that way

and nothing

 

i get this bad feeling your gonna tell me to dump my computer at the local staples and have them fix it

but i can't.....no $$$.......it's that simple

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Sorry, forgot to make sure you had the computer set to show all hidden files. Instructions follow. Once you have done this, then look for those two files again, please.

 

Enable Show Hidden Files and Folders


    If using Windows XP:
    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the Tools menu and click Folder Options.
    • After the new window appears select the View tab.
    • Put a checkmark in the checkbox labeled Display the contents of system folders.
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    • Remove the checkmark from the checkbox labeled Hide protected operating system files.
    • Press the Apply button and then the OK button and exit My Computer.
    • Now your computer is configured to show all hidden files.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

[ Edited ]

:smileysad:  still not there

 

 

 

don't know if this matters but after I went in and did what you said to show files

a word doc showed up on my desktop

~$ekLD1-Oct-25-to-Nov-1-2009-Xjjw.doc

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

1. Close any open browsers.

2. Open notepad and copy/paste the text between the dotted lines below into it:

 

.............................................................................................

KillAll::

 

File::
c:\windows\system32\mhmtqtix.jtq
c:\windows\system32\SVKP.sys

 

Folder::

 

Registry::

 

Driver::
MHMTQTIX
SVKP

.....................................................................................

 

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

[ Edited ]

A few things happened when I did this...

 

spybot came up with a warning..

Ad-Watch Live! Alert gave me a 'registry change' notice for the process pev.ext

that it was trying to make changes to the Windows File Association in this area in the registry....

i dont think i touched the spybot error but to go further to get on this forum again i had to allow the adwatch thing once or twice then it disappeared as i was typing this....

 

I have 2 NirCmd warnings

1 that says I have to be admin (thought i was logged as that)

the other about Norton because i wasnt told by you to close these (norton, spybot, awwatchlive)

i didnt do anything with them, the warning (admin and norton) are still here

 

here's the log:

ComboFix 10-08-24.07 - Suzanne 08/24/2010  17:15:12.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.433 [GMT -4:00]
Running from: c:\documents and settings\Suzanne\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Suzanne\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Process.exe
c:\windows\system32\skinboxer43.dll
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain.dll
D:\install.exe

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


(((((((((((((((((((((((((   Files Created from 2010-07-24 to 2010-08-24  )))))))))))))))))))))))))))))))
.

2010-08-05 21:30 . 2010-08-05 21:30 503808 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\msvcp71.dll
2010-08-05 21:30 . 2010-08-05 21:30 499712 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\jmc.dll
2010-08-05 21:30 . 2010-08-05 21:30 348160 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\msvcr71.dll
2010-08-05 21:30 . 2010-08-05 21:30 12800 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-728cc8ab-n\decora-d3d.dll
2010-08-05 21:30 . 2010-08-05 21:30 61440 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-728cc8ab-n\decora-sse.dll
2010-08-05 06:20 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-04 22:31 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-04 22:21 . 2010-08-04 22:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 22:21 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-04 22:19 . 2010-08-04 22:19 -------- d-----w- c:\program files\Lavasoft
2010-08-03 21:53 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-03 21:53 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-03 21:52 . 2010-08-03 21:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-03 21:52 . 2010-08-03 21:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-03 21:51 . 2010-08-04 19:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-08-03 21:51 . 2010-08-03 21:51 -------- d-----w- c:\program files\Norton Security Suite
2010-08-03 21:51 . 2010-08-03 21:51 -------- d-----w- c:\program files\Windows Sidebar
2010-08-03 21:48 . 2010-08-03 21:48 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-03 21:48 . 2010-08-03 21:48 -------- d-----w- c:\program files\NortonInstaller
2010-08-03 21:44 . 2010-08-03 21:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-02 16:28 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 21:27 . 2005-08-26 03:09 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
2010-08-24 21:27 . 2005-08-26 03:09 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
2010-08-24 20:51 . 2006-01-09 06:08 132528 -c--a-w- c:\documents and settings\Suzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 20:35 . 2010-03-21 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 19:46 . 2009-12-01 18:36 -------- d-----w- c:\documents and settings\Suzanne\Application Data\HpUpdate
2010-08-05 22:09 . 2006-01-19 20:30 -------- d-----w- c:\program files\Java
2010-08-04 22:19 . 2008-01-14 03:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-03 22:02 . 2007-10-19 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-03 21:52 . 2005-12-31 02:59 -------- d-----w- c:\program files\Symantec
2010-08-03 21:52 . 2010-08-03 21:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-03 21:52 . 2010-08-03 21:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-03 21:02 . 2010-03-18 22:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-28 03:30 . 2009-03-29 01:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 17:24 . 2006-01-09 06:22 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-25 04:52 . 2006-01-11 05:44 85 -c--a-w- c:\windows\popcinfo.dat
2010-07-22 19:32 . 2009-10-31 20:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 19:02 . 2006-01-19 20:32 -------- d-----w- c:\program files\Google
2010-07-22 11:37 . 2010-07-22 11:37 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-17 09:00 . 2010-07-06 00:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:45 . 2010-07-15 01:42 -------- d-----w- c:\documents and settings\Suzanne\Application Data\QuickScan
2010-07-12 01:57 . 2010-07-12 00:54 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-12 01:01 . 2005-08-26 03:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 00:56 . 2010-07-12 00:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-12 00:54 . 2010-07-12 00:54 71680 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-07 22:41 . 2010-07-07 22:41 2855 ----a-w- c:\windows\PIF\bootmenu.PIF
2010-07-06 16:39 . 2010-06-04 20:41 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-01 02:00 . 2009-08-08 05:48 -------- d-----w- c:\program files\CoffeeCup Software
2010-07-01 02:00 . 2010-07-01 02:00 -------- d-----w- c:\documents and settings\Suzanne\Application Data\CoffeeCup Software
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 19:48 . 2010-06-25 16:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-26 01:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-12-31 03:20 . 2005-12-31 03:20 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-06-17 03:48 . 2006-06-17 03:48 110592 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-25 09:06 . 2008-01-30 10:16 6530080 -csha-w- c:\windows\system32\drivers\fidbox.dat
2008-07-25 09:06 . 2008-01-30 10:16 18208 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TrueImageMonitor.exe"="d:\trueimage\TrueImageMonitor.exe" [2005-10-26 988565]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]
"RoxioDragToDisc"="d:\easy media creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-21 1687552]
"MXOBG"="c:\windows\MXOALDR.EXE" [2006-01-09 94208]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTHelper"="CTHELPER.EXE" [2002-12-19 28672]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CloneCDTray"="d:\clonecd\CloneCDTray.exe" [2009-01-29 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"AsioReg"="CTASIO.DLL" [2002-11-08 110592]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-26 118784]
"tppoll"="c:\program files\Topro\tppoll.exe" [2005-03-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"File Helper"="c:\program files\File Helper\1.1.0.10\FileHelper.exe" [2010-01-22 583136]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - d:\intervideo\Common\Bin\WinCinemaMgr.exe [2006-1-9 278528]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-1-13 581632]
Microsoft Office.lnk - d:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Easy Media Creator 8\\Audio Master\\RxTagEdit8.exe"=
"d:\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Topro\\capture.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Easy Media Creator 8\\Sound Editor\\SoundEdit.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\RoxUpnpRenderer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5100:TCP"= 5100:TCP:*:smileylaugh:isabled:127.0.0.1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/4/2010 6:31 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [8/3/2010 9:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [8/3/2010 9:44 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/19/2010 2:15 PM 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [12/17/2008 11:32 PM 236928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [8/3/2010 9:44 PM 501888]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [10/21/2006 7:56 AM 33824]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [8/3/2010 9:44 PM 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [8/3/2010 9:43 PM 126392]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/25/2005 11:01 PM 12160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 5:54 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100820.001\IDSXpx86.sys [8/21/2010 12:33 PM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 3:00 PM 135664]
S2 MHMTQTIX;MHMTQTIX;\??\c:\windows\system32\mhmtqtix.jtq --> c:\windows\system32\mhmtqtix.jtq [?]
S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
S3 Aox402Camera;Concord Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [11/20/2006 7:08 AM 129084]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys --> c:\windows\system32\Drivers\athwpn.sys [?]
S3 DCamUSBIntel;305 Video Camera;c:\windows\system32\drivers\TP6800.sys [10/10/2007 12:00 AM 198672]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/25/2005 9:37 PM 17149]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 6:42 PM 15008]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [1/9/2006 2:40 AM 15104]
S3 SE402RefCameraStill;Concord Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [11/20/2006 7:08 AM 67332]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:42]

2010-08-15 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\1.1.0.10\FileHelper.exe [2010-02-06 23:25]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 19:00]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 19:00]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel
IE: {{5B477265-656E-4869-6C6C-5D4945657874} - f:\x-casino\XCasino.exe
DPF: {08BF311F-789B-4413-B7B9-05355A612410}
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
HKCU-Run-MtdAcq - c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-Auto EPSON Stylus Photo R300 Series on DELLXPS - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
HKLM-Run-TransferAgent - (no file)
HKLM-Run-OESYFplugin - (no file)
HKLM-Run-\DELLXPS\EPSON Stylus Photo R300 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MHMTQTIX]
"ImagePath"="\??\c:\windows\system32\mhmtqtix.jtq"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,27,f1,ed,ec,da,89,4e,92,c7,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,27,f1,ed,ec,da,89,4e,92,c7,3c,\

[HKEY_USERS\S-1-5-21-73586283-484061587-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1736)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\easy media creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-24  17:46:11 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-24 21:45

Pre-Run: 2,933,055,488 bytes free
Post-Run: 2,822,758,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=5 LastKnownGood=3 Sets=1,2,3,5
- - End Of File - - 0E0CDB9E1B02F2B42298EB2938482AE0

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

That was the Combofix log from 2 days ago. Check and see there is more than one log there. It should be at C:\ComboFix.txt



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

grrrr......

 

there was no combofix for the 26th.....

 

i thought maybe it didnt run it cause it said i wasnt admin

but i checked and i was

 

regardless....i thought i shut down norton and adware watch live (i know i did)

but when i did the drag and drop of the txt file to combo fix

i let it go for about 45 min

when i came back i figured it was done so i went and checked...and still same log for the 24th

 

i went through this procedure again

making sure that i could still view hidden files

but the drag and drop i let go for about well over an hour and a half

 

again, when i came back i figured it was done....

checked and still old log

 

i clicked on the norton is running error (the only thing that was still pending on my desktop)

and the combofix blue box popped back up

 

i dont think i did anything wrong...

would you mind walking me through this again?

or give me a check list to see if i did everything ok?

ty

 

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Norton must be blocking Combofix. We'll use OTL instead. Post hte OTL log in this thread

 

Download OTL, saving it to your desktop:

 


    • Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
    • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
    • Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
    • Do not TOUCH your keyboard until the scan completes!
    • Exit OTL by clicking the X at top right



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

...what happened between posts

 

Before you posted this last reply....

when i signed on my computer for the day

i turned off norton and adware

and did the drag and drop

again

 

Note the log below.

Do you still want me to do this last step with the otl?

do you want me to do the itx one as well...

i just didnt want to go any further without you knowing what i did and that i finally got a log

 

ComboFix 10-08-26.04 - Suzanne 08/27/2010  12:09:12.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.373 [GMT -4:00]
Running from: c:\documents and settings\Suzanne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Suzanne\Desktop\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\mhmtqtix.jtq"
"c:\windows\system32\SVKP.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MHMTQTIX
-------\Legacy_SVKP
-------\Service_MHMTQTIX
-------\Service_SVKP


(((((((((((((((((((((((((   Files Created from 2010-07-27 to 2010-08-27  )))))))))))))))))))))))))))))))
.

2010-08-05 21:30 . 2010-08-05 21:30 503808 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\msvcp71.dll
2010-08-05 21:30 . 2010-08-05 21:30 499712 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\jmc.dll
2010-08-05 21:30 . 2010-08-05 21:30 348160 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6d3623b2-n\msvcr71.dll
2010-08-05 21:30 . 2010-08-05 21:30 12800 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-728cc8ab-n\decora-d3d.dll
2010-08-05 21:30 . 2010-08-05 21:30 61440 ----a-w- c:\documents and settings\Suzanne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-728cc8ab-n\decora-sse.dll
2010-08-05 06:20 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-04 22:31 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-04 22:21 . 2010-08-04 22:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 22:21 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-04 22:19 . 2010-08-04 22:19 -------- d-----w- c:\program files\Lavasoft
2010-08-03 21:53 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-03 21:53 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-03 21:52 . 2010-08-03 21:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-03 21:52 . 2010-08-03 21:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-03 21:51 . 2010-08-04 19:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-08-03 21:51 . 2010-08-03 21:51 -------- d-----w- c:\program files\Norton Security Suite
2010-08-03 21:51 . 2010-08-03 21:51 -------- d-----w- c:\program files\Windows Sidebar
2010-08-03 21:48 . 2010-08-03 21:48 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-03 21:48 . 2010-08-03 21:48 -------- d-----w- c:\program files\NortonInstaller
2010-08-03 21:44 . 2010-08-03 21:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-02 16:28 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 16:20 . 2005-08-26 03:09 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
2010-08-27 16:20 . 2005-08-26 03:09 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
2010-08-24 20:51 . 2006-01-09 06:08 132528 -c--a-w- c:\documents and settings\Suzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 20:35 . 2010-03-21 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 19:46 . 2009-12-01 18:36 -------- d-----w- c:\documents and settings\Suzanne\Application Data\HpUpdate
2010-08-05 22:09 . 2006-01-19 20:30 -------- d-----w- c:\program files\Java
2010-08-04 22:19 . 2008-01-14 03:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-03 22:02 . 2007-10-19 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-03 21:52 . 2005-12-31 02:59 -------- d-----w- c:\program files\Symantec
2010-08-03 21:52 . 2010-08-03 21:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-03 21:52 . 2010-08-03 21:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-03 21:02 . 2010-03-18 22:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-28 03:30 . 2009-03-29 01:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-25 17:24 . 2006-01-09 06:22 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-25 04:52 . 2006-01-11 05:44 85 -c--a-w- c:\windows\popcinfo.dat
2010-07-22 19:32 . 2009-10-31 20:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 19:02 . 2006-01-19 20:32 -------- d-----w- c:\program files\Google
2010-07-22 11:37 . 2010-07-22 11:37 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-17 09:00 . 2010-07-06 00:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:45 . 2010-07-15 01:42 -------- d-----w- c:\documents and settings\Suzanne\Application Data\QuickScan
2010-07-12 01:57 . 2010-07-12 00:54 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-12 01:01 . 2005-08-26 03:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 00:56 . 2010-07-12 00:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-12 00:54 . 2010-07-12 00:54 71680 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-07 22:41 . 2010-07-07 22:41 2855 ----a-w- c:\windows\PIF\bootmenu.PIF
2010-07-06 16:39 . 2010-06-04 20:41 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-07-01 02:00 . 2009-08-08 05:48 -------- d-----w- c:\program files\CoffeeCup Software
2010-07-01 02:00 . 2010-07-01 02:00 -------- d-----w- c:\documents and settings\Suzanne\Application Data\CoffeeCup Software
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 19:48 . 2010-06-25 16:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-26 01:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-12-31 03:20 . 2005-12-31 03:20 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-06-17 03:48 . 2006-06-17 03:48 110592 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-25 09:06 . 2008-01-30 10:16 6530080 -csha-w- c:\windows\system32\drivers\fidbox.dat
2008-07-25 09:06 . 2008-01-30 10:16 18208 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TrueImageMonitor.exe"="d:\trueimage\TrueImageMonitor.exe" [2005-10-26 988565]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]
"RoxioDragToDisc"="d:\easy media creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-21 1687552]
"MXOBG"="c:\windows\MXOALDR.EXE" [2006-01-09 94208]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTHelper"="CTHELPER.EXE" [2002-12-19 28672]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CloneCDTray"="d:\clonecd\CloneCDTray.exe" [2009-01-29 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"AsioReg"="CTASIO.DLL" [2002-11-08 110592]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-26 118784]
"tppoll"="c:\program files\Topro\tppoll.exe" [2005-03-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"File Helper"="c:\program files\File Helper\1.1.0.10\FileHelper.exe" [2010-01-22 583136]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TransferAgent"="" [BU]
"OESYFplugin"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - d:\intervideo\Common\Bin\WinCinemaMgr.exe [2006-1-9 278528]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-1-13 581632]
Microsoft Office.lnk - d:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Easy Media Creator 8\\Audio Master\\RxTagEdit8.exe"=
"d:\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Topro\\capture.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Easy Media Creator 8\\Sound Editor\\SoundEdit.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\RoxUpnpRenderer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5100:TCP"= 5100:TCP:*:smileylaugh:isabled:127.0.0.1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/4/2010 6:31 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [8/3/2010 9:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [8/3/2010 9:44 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/19/2010 2:15 PM 692272]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [12/17/2008 11:32 PM 236928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [8/3/2010 9:44 PM 501888]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [10/21/2006 7:56 AM 33824]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [8/3/2010 9:44 PM 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [8/3/2010 9:43 PM 126392]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [8/25/2005 11:01 PM 12160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2010 5:54 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100826.001\IDSXpx86.sys [8/27/2010 12:12 AM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 3:00 PM 135664]
S3 Aox402Camera;Concord Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [11/20/2006 7:08 AM 129084]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys --> c:\windows\system32\Drivers\athwpn.sys [?]
S3 DCamUSBIntel;305 Video Camera;c:\windows\system32\drivers\TP6800.sys [10/10/2007 12:00 AM 198672]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/25/2005 9:37 PM 17149]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 6:42 PM 15008]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [1/9/2006 2:40 AM 15104]
S3 SE402RefCameraStill;Concord Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [11/20/2006 7:08 AM 67332]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:42]

2010-08-15 c:\windows\Tasks\File Helper.job
- c:\program files\File Helper\1.1.0.10\FileHelper.exe [2010-02-06 23:25]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 19:00]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 19:00]

2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel
IE: {{5B477265-656E-4869-6C6C-5D4945657874} - f:\x-casino\XCasino.exe
DPF: {08BF311F-789B-4413-B7B9-05355A612410}
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-\DELLXPS\EPSON Stylus Photo R300 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,27,f1,ed,ec,da,89,4e,92,c7,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,27,f1,ed,ec,da,89,4e,92,c7,3c,\

[HKEY_USERS\S-1-5-21-73586283-484061587-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\easy media creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-27  12:37:27 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-27 16:36
ComboFix2.txt  2010-08-24 21:46

Pre-Run: 2,621,616,128 bytes free
Post-Run: 2,657,640,448 bytes free

Current=2 Default=2 Failed=5 LastKnownGood=3 Sets=1,2,3,5
- - End Of File - - 2ADA8AFE4EE863D11D045DADD5F1B95D

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

That went fine. You can ignore the OTL instrucitons for the moment.

 

Time for a reality check,. What problems do you still have??   Be as specific and descriptive as you can.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

believe it or not it seems to be running much better ....  :smileyhappy:

not the same lag at startup or getting to a webpage now....

 

does this mean i am virus free ?

 

do i need to run this from earlier?

 

Second:

On the dll message a booutp the instructions here should fix it:

http://www.utilitysoftwarereviews.com/how-to-remov​e-paretologic-uusdll-error-message/

 

(Thanks to

 

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Sounds  good. I would still like to see an OTL log before we wrap up.

 

Go ahead and follow the instructions for running OTL in my prior post andpost the log in this thread.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

otl gave me two logs (the otl and extras)

here is both of them

 

 

OTL logfile created on: 8/28/2010 4:25:39 PM - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Documents and Settings\Suzanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.48 Gb Total Space | 2.37 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Drive D: | 92.65 Gb Total Space | 80.62 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 74.11 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive F: | 114.48 Gb Total Space | 20.31 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SUZANNEPC
Current User Name: Suzanne
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/08/28 16:23:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
PRC - [2010/08/11 18:42:02 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/08/11 18:42:01 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/09 20:55:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/02/12 11:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/01 14:43:46 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/06/01 14:43:46 | 000,448,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 13:16:08 | 001,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/20 19:06:24 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/08 22:07:33 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2005/11/08 03:31:48 | 000,278,528 | ---- | M] (InterVideo Inc.) -- D:\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2005/10/25 23:48:30 | 000,988,565 | ---- | M] (Acronis) -- D:\trueimage\TrueImageMonitor.exe
PRC - [2005/10/25 23:48:30 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/10/25 23:48:30 | 000,118,784 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2005/10/21 17:13:40 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
PRC - [2005/10/21 17:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/10/21 17:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/21 16:54:54 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
PRC - [2005/10/20 22:47:58 | 001,687,552 | ---- | M] (Sonic Solutions) -- D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
PRC - [2005/03/02 17:12:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Topro\tppoll.exe
PRC - [2004/12/22 09:21:48 | 000,823,296 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2004/10/28 10:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/10/21 14:28:40 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/07/27 17:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 17:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/03/04 11:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2002/12/19 02:59:00 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2001/03/26 00:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/08/28 16:23:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/10/28 10:27:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/01/14 21:48:53 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2001/07/30 22:01:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\MouseDll.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/11 18:42:01 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/10/25 23:48:30 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/10/21 17:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 17:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaD:smileycool:
SRV - [2005/10/21 17:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 14:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 14:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WPN111.sys -- (WPN111)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\athwpn.sys -- (ATHFMWDL)
DRV - [2010/08/11 18:42:16 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/09 21:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/03 17:52:53 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/03 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100828.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/03 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100828.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/22 07:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft A:smileycool: [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/16 21:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100827.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/07/24 17:11:18 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/10/21 07:56:17 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2006/03/28 15:03:22 | 000,198,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TP6800.sys -- (DCamUSBIntel)
DRV - [2006/01/08 21:54:19 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006/01/08 21:54:19 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006/01/08 21:54:16 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005/12/15 21:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2005/10/21 15:34:30 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/20 09:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/20 09:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/20 09:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/20 09:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/08/25 21:37:08 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/08/03 23:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/11 08:00:00 | 000,236,928 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2005/01/27 04:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/01/05 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/21 14:32:12 | 000,013,107 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/10/21 14:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 14:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 14:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 14:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/10/07 11:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/03 21:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 21:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2003/10/10 05:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2003/01/27 13:37:38 | 000,286,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/21 05:38:12 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/01/07 05:03:42 | 000,822,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/01/06 03:24:12 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2003/01/06 03:05:14 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/12/19 02:06:02 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/12/19 02:05:52 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002/12/19 02:05:32 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/12/19 02:05:12 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/19 02:03:42 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2002/01/16 16:03:08 | 000,129,084 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aox402vc.sys -- (Aox402Camera) Concord Eye-Q Mini (Video)
DRV - [2001/11/20 14:58:14 | 000,067,332 | ---- | M] (Endpoints, Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aox402sc.sys -- (SE402RefCameraStill) Concord Eye-Q Mini (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/02 12:43:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/04 15:27:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/03 17:54:59 | 000,000,000 | ---D | M]
 
[2008/06/26 15:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Extensions
[2008/06/27 06:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions
[2006/05/02 04:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{1BF7AC8B-3EE4-46be-AD8B-7F1FA1F3E15D}
[2008/06/26 15:44:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/01/15 19:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2006/01/15 19:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2006/01/15 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\extensions\temp
[2008/06/26 15:45:05 | 000,001,229 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\a9.xml
[2008/06/26 15:45:05 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\ask.xml
[2008/06/26 15:45:06 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\expediadotcom.xml
[2008/06/26 15:45:06 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\flickr-tags.xml
[2008/06/26 15:45:06 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\hollywood.xml
[2008/06/26 15:45:07 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\IMDB.xml
[2008/06/26 15:45:07 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\lonelyplanet.xml
[2008/06/26 15:45:07 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\webster.xml
[2008/06/26 15:45:07 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\imh2wa8e.default\searchplugins\wikipedia.xml
[2008/06/27 06:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2005/07/21 20:40:44 | 001,384,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
 
O1 HOSTS File: ([2010/08/27 12:27:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [\DELLXPS\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CloneCDTray] D:\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\1.1.0.10\FileHelper.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [OESYFplugin]  File not found
O4 - HKLM..\Run: [RoxioDragToDisc] D:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe ()
O4 - HKLM..\Run: [TransferAgent]  File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\trueimage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: X-Casino - {5B477265-656E-4869-6C6C-5D4945657874} - F:\X-Casino\XCasino.exe File not found
O9 - Extra 'Tools' menuitem : X-Casino - {5B477265-656E-4869-6C6C-5D4945657874} - F:\X-Casino\XCasino.exe File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {08BF311F-789B-4413-B7B9-05355A612410} Reg Error: Key error. (JadeScanGui)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.... (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab (Jigsaw Genius Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v57/bjattack/bja.cab (BJA Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?11907665354... (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?120164216... (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} Reg Error: Key error. (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v47/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} Reg Error: Key error. (Driver Agent ActiveX Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5506/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab (H2hPool Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Suzanne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/25 21:25:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (SsiEfr.e) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/08/28 16:23:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
[2010/08/27 18:05:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/27 16:17:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Suzanne\My Documents\My Pictures
[2010/08/26 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\DESKTOP NEED TO FILE
[2010/08/24 17:09:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/24 16:56:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/24 16:56:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/24 16:56:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/24 16:56:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/24 16:54:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/24 16:53:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/23 19:59:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Suzanne\My Documents\My Data Sources
[2010/08/07 02:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\My Music
[2010/08/05 18:10:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/05 18:10:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/05 18:10:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/05 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\Desktop\UTILITIES
[2010/08/04 18:31:41 | 000,064,288 | ---- | C] (Lavasoft A:smileycool: -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/04 18:21:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/04 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/03 21:44:10 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/08/03 21:44:10 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/08/03 21:44:10 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/08/03 21:44:09 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/08/03 21:44:09 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/08/03 21:44:09 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/08/03 21:44:09 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/08/03 21:44:08 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/08/03 21:43:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/08/03 17:53:20 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/03 17:52:55 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/03 17:52:55 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/03 17:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/08/03 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/08/03 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzanne\My Documents\Symantec
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/08/03 17:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/08/03 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/08/03 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/08/02 12:28:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2005/12/30 23:20:32 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/08/25 23:00:18 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/08/28 16:23:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzanne\Desktop\OTL.exe
[2010/08/28 16:19:16 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
[2010/08/28 16:05:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 15:05:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/28 13:29:34 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10071102}.CDF
[2010/08/28 13:29:33 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/28 13:27:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/28 13:27:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/28 03:09:04 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/28 03:09:04 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/28 03:09:04 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/28 03:09:04 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10071102}.rfx
[2010/08/28 03:09:04 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/08/28 03:09:04 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/08/28 03:09:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
[2010/08/28 03:09:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10071102}.dat
[2010/08/28 03:08:40 | 017,563,648 | ---- | M] () -- C:\Documents and Settings\Suzanne\ntuser.dat
[2010/08/28 03:08:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Suzanne\ntuser.ini
[2010/08/27 22:10:26 | 000,000,419 | ---- | M] () -- C:\Documents and Settings\Suzanne\Desktop\boston legal - Google Search.url
[2010/08/27 12:30:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/27 12:27:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/27 12:03:40 | 003,829,261 | R--- | M] () -- C:\Documents and Settings\Suzanne\Desktop\ComboFix.exe
[2010/08/26 22:34:19 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/25 23:00:14 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/08/24 17:09:12 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/24 16:51:48 | 000,132,528 | ---- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 16:25:53 | 000,431,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/23 23:43:00 | 005,838,390 | -H-- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\IconCache.db
[2010/08/23 20:02:34 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\creditor calls.xls
[2010/08/23 18:02:20 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 17:57:23 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to adaware scan 072210.lnk
[2010/08/23 17:57:23 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to pa uc filed 070410.lnk
[2010/08/23 17:57:23 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to wellbutrin.lnk
[2010/08/23 17:57:23 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to f1040ez.lnk
[2010/08/23 17:57:23 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Shortcut to BCT.lnk
[2010/08/17 23:09:56 | 000,693,748 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/17 23:09:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/17 23:07:04 | 000,545,538 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/17 23:07:04 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/17 23:07:04 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 14:28:03 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\iGoogle.url
[2010/08/15 03:04:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2010/08/11 17:16:59 | 004,634,548 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Resolved Security Risksnorton scan 081110.mcf
[2010/08/10 18:20:53 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\order cheap camel snaps cigarettes - Jumptags.com.url
[2010/08/10 18:17:58 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Careers - Financial Services Careers.url
[2010/08/10 18:15:53 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\Articles by Robert Gerhart reporter morning call about my deans listCall.url
[2010/08/10 18:15:16 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\April 6 letter to judge douple.doc
[2010/08/09 21:04:59 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\Suzanne\My Documents\otl log 080910.doc
[2010/08/05 16:51:18 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyDVD.lnk
[2010/08/04 18:21:45 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/03 17:52:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/03 17:52:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/03 17:52:53 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/03 17:52:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/27 22:10:26 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\Suzanne\Desktop\boston legal - Google Search.url
[2010/08/24 17:09:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/24 17:09:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/24 16:56:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/24 16:56:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/24 16:56:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/24 16:56:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/24 16:56:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/24 16:48:24 | 003,829,261 | R--- | C] () -- C:\Documents and Settings\Suzanne\Desktop\ComboFix.exe
[2010/08/23 20:02:33 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\creditor calls.xls
[2010/08/11 17:16:49 | 004,634,548 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\Resolved Security Risksnorton scan 081110.mcf
[2010/08/09 21:04:59 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\Suzanne\My Documents\otl log 080910.doc
[2010/08/05 16:51:18 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyDVD.lnk
[2010/08/05 02:20:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/04 18:21:45 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/04 15:12:47 | 000,693,748 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/03 21:44:10 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/08/03 21:44:10 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/08/03 21:44:10 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/08/03 21:44:10 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/08/03 21:44:09 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/08/03 21:44:09 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/08/03 21:44:09 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/08/03 21:44:09 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/08/03 21:44:09 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/08/03 21:44:09 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/08/03 21:44:09 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/08/03 21:44:09 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/08/03 21:44:09 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/08/03 21:44:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/08/03 21:44:08 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/08/03 21:44:08 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/08/03 21:43:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/08/03 17:52:55 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/03 17:52:55 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/20 19:13:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolumeAP.dll
[2009/09/13 20:21:11 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SiteSpiderforms.ini
[2008/07/06 15:17:45 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2008/05/28 20:33:28 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\$_hpcst$.hpc
[2007/10/10 00:00:20 | 001,523,712 | ---- | C] () -- C:\WINDOWS\System32\ToproVC.dll
[2007/10/10 00:00:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\camlib.dll
[2007/07/20 03:50:05 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2007/07/20 03:50:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2007/07/20 03:50:04 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2007/06/17 05:04:37 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/20 08:50:53 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2006/12/31 19:57:17 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/11/20 07:12:29 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ippsrw7.dll
[2006/11/20 07:12:29 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ippsrpx.dll
[2006/11/20 07:12:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ippsra6.dll
[2006/11/20 07:12:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ippsrm6.dll
[2006/11/20 07:12:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ippsr.dll
[2006/11/20 07:12:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\ippcvw7.dll
[2006/11/20 07:12:24 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\ippcva6.dll
[2006/11/20 07:12:24 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\ippcvm6.dll
[2006/11/20 07:12:24 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\ippcvpx.dll
[2006/11/20 07:12:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ippcv.dll
[2006/11/20 07:12:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/11/03 18:16:26 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/21 07:56:17 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/10/20 10:23:47 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/10/20 04:10:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/20 04:10:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/13 12:30:10 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/08/30 02:30:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/03 20:35:20 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/28 19:32:44 | 000,280,364 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\rx_audio.Cache
[2006/05/28 10:39:41 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Suzanne\Application Data\WavCodec.wff
[2006/05/28 00:24:20 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\Suzanne\Application Data\.zreglib
[2006/02/23 16:47:33 | 000,807,212 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\rx_image.Cache
[2006/02/01 01:14:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\fusioncache.dat
[2006/01/31 02:17:05 | 000,001,665 | ---- | C] () -- C:\WINDOWS\FiveCardFrenzy.ini
[2006/01/29 14:57:07 | 000,000,094 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/01/29 03:33:10 | 000,000,968 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/01/23 14:47:53 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2006/01/22 03:05:24 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/22 03:05:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 07:35:50 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\midas11.dll
[2006/01/11 02:41:05 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/10 01:03:42 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Suzanne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/09 02:37:17 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2006/01/09 02:37:17 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
[2006/01/09 02:37:17 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
[2006/01/09 02:37:17 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
[2006/01/09 02:37:17 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
[2006/01/09 02:36:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2006/01/09 02:36:54 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2006/01/09 02:36:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2006/01/09 02:36:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/01/09 02:36:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/01/09 02:36:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2006/01/09 02:36:49 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/01/09 02:21:49 | 000,010,585 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/01/09 00:11:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/09 00:11:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/09 00:11:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/09 00:11:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/09 00:11:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/09 00:11:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/08 23:00:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/24 21:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/21 15:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/10/19 17:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/25 23:02:27 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/08/25 23:01:25 | 000,066,980 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005/08/25 23:01:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/25 23:00:29 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005/08/25 23:00:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/08/25 22:57:42 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/03 15:54:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/28 10:00:59 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MPEGCreator.dll
[2004/08/11 07:41:08 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\WMVCreator.dll
[2004/08/11 07:03:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\AVICreator.dll
[2004/05/20 11:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 15:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/11/16 14:32:30 | 001,253,376 | ---- | C] () -- C:\WINDOWS\System32\mptiff.dll
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/30 23:29:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2002/11/24 08:40:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/01/08 21:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2007/01/05 15:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2008/02/27 05:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2006/04/30 20:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/04/06 12:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/02/01 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CandyLabs
[2007/10/08 23:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/02/11 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2006/02/07 02:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2006/12/31 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/09/11 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007/09/01 03:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/11/30 19:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INMPAIFTXG
[2006/04/30 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2006/01/09 00:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MimarSinan
[2009/12/01 17:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/04/30 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2009/02/20 16:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/06/29 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/01 17:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/02/06 18:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/07/30 01:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/14 14:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/08/24 23:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/03/29 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/04 04:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/04 12:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/02/01 18:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/02 19:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/08/04 18:22:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2006/02/21 05:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\7Wonders
[2006/03/02 02:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Alawar
[2006/11/30 01:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\allTunes
[2006/12/28 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Angkor
[2006/10/20 18:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\AVS Video Converter
[2006/07/13 13:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\BCL Technologies
[2010/03/02 22:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Blitware
[2006/02/01 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CandyLabs
[2010/06/30 22:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CoffeeCup Software
[2009/09/15 15:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\CoreFTP
[2010/02/06 18:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\DriverCure
[2006/02/07 02:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\EA
[2006/02/19 08:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Elaborate Bytes
[2006/01/21 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\funkitron
[2007/06/17 03:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\GetRightToGo
[2007/05/01 07:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Incredible Ink
[2006/01/09 02:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\InterVideo
[2006/03/21 10:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\IrfanView
[2007/04/13 15:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\iWin
[2009/02/11 05:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\KompoZer
[2007/01/05 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Leadertech
[2006/02/11 15:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Magic Match
[2007/04/05 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MagicBall3
[2006/01/19 16:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\MSNInstaller
[2006/08/23 01:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Musicmatch
[2006/10/25 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\NCH Swift Sound
[2006/12/07 13:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Paltalk
[2007/03/02 17:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\pixelStorm
[2010/07/14 21:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\QuickScan
[2006/10/20 15:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SendYourFiles
[2006/05/28 14:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Seven Zip
[2006/09/03 08:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\SlySoft
[2006/12/29 20:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Ulead Systems
[2010/03/26 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Uniblue
[2008/08/15 05:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\VonageTalk
[2007/10/15 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Wildfire
[2006/11/07 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Desktop Search
[2009/12/13 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzanne\Application Data\Windows Live Writer
[2010/08/26 22:34:19 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/15 03:04:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job
[2010/08/28 16:19:16 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1C88987-2FC3-4DEC-92C3-35C1590D6C7D}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WIFI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WEIGHT TRAINING:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\WEB DESIGN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\VONAGE 4 FEB MAR10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\UTILITES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\UC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\TRANSPORTATION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\SONGLIST STORIES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\SOCIAL SECURITY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\redbox movie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\QUINN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\pageflip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\My Data Sources:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\MOM IN WOLDOW COLUMN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\misc shortcuts from desktop 062010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\MEDICATION ASSIST:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LOW INCOME:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LOGS FROM AV SEC FIX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\LAPTOP BATTERY EBAY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\JOB SEARCH AND SOCIAL NETWORKING FOR THOMPSON AND MARKETING FOCUS0710:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\jmc9232-1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\jims:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\insightbb pages:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\img.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\how_to_Fail_a_Breathalyzer.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\EBAY:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\COMPUTER INSIDE PICS FOR FAN 0610:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\COMPASS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\CoffeeCup Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BODY FOR LIFE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BIKE RIDING:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\BETH KATZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\My Documents\AIR CONDITIONER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\UTILITIES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Suzanne\Desktop\DESKTOP NEED TO FILE:Roxio EMC Stream
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
< End of report >

 

 

OTL Extras logfile created on: 8/28/2010 4:25:39 PM - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Documents and Settings\Suzanne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.48 Gb Total Space | 2.37 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Drive D: | 92.65 Gb Total Space | 80.62 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 74.11 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive F: | 114.48 Gb Total Space | 20.31 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SUZANNEPC
Current User Name: Suzanne
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:smileylaugh:isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:smileylaugh:isabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:smileylaugh:isabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:smileylaugh:isabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:smileylaugh:isabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:smileylaugh:isabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5100:TCP" = 5100:TCP:*:smileylaugh:isabled:127.0.0.1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Easy Media Creator 8\Audio Master\RxTagEdit8.exe" = D:\Easy Media Creator 8\Audio Master\RxTagEdit8.exe:*:smileylaugh:isabled:Roxio Audio Tag Editor -- (Sonic Solutions)
"D:\InterVideo\DVD7\WinDVD.exe" = D:\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Topro\capture.exe" = C:\Program Files\Topro\capture.exe:*:smileylaugh:isabled:Amcap -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Easy Media Creator 8\Sound Editor\SoundEdit.exe" = D:\Easy Media Creator 8\Sound Editor\SoundEdit.exe:*:Enabled:Roxio Sound Editor -- (Sonic Solutions)
"C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" = C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe:*:Enabled:Roxio UPnP Renderer Service -- (Sonic Solutions)
"D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42095863-98D1-4A49-BDF8-638DE8A5F316}" = Sound Blaster Audigy 2
"{428E4B9F-DD98-4BE1-A041-51DBA76A1613}" = BCL ALLPDF Converter
"{44B3522B-195C-488D-84AC-9526FA99CB73}" = Motorola Handset USB Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5F2B85E0-66F2-4E61-BA50-12784EFAE696}" = Macromedia Flash Player 8 Plugin
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{620797B0-A022-4B57-A95E-CD7DD0325010}" = MoRUN.net Sticker
"{63C02196-D8B3-11D7-ABE1-0080C8274868}" = Digimax 301
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FCB49E0-C0FF-11D7-A015-00055DF4E7AC}" = 305 PC Camera Driver
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 1.1.0.10
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83D8FE90-457F-4DBB-84F7-FFEA9DC5FB25}" = Blaze Media Pro
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95392E65-0900-0001-3030-1EEC2624019E}" = InterVideo Promotion Agent
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.0
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EAX Unified" = EAX Unified
"Floppy Disk Manager" = Floppy Disk Manager
"Google Chrome" = Google Chrome
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InterActual Player" = InterActual Player
"Memorex 6142 USB" = Memorex 6142 USB
"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX" = USB Storage Adapter FX (MXO)
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 7/8/2010 3:00:03 PM | Computer Name = SUZANNEPC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
 or CD-ROM drive. For other potential solutions to this problem, see D:\Microsoft
 Office\Office10\1033\SETUP.HLP.
 
Error - 7/8/2010 3:00:06 PM | Computer Name = SUZANNEPC | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Professional with FrontPage - Update
'{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603.
 Windows Installer can create logs to help troubleshoot issues with installing software
 packages. Use the following link for instructions on turning on logging support:
 http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 7/11/2010 6:46:23 PM | Computer Name = SUZANNEPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module acropdf.dll, version 8.1.3.0, fault address 0x0002a422.
 
Error - 7/11/2010 6:46:27 PM | Computer Name = SUZANNEPC | Source = Application Error | ID = 1001
Description = Fault bucket 1192670507.
 
Error - 7/11/2010 6:48:34 PM | Computer Name = SUZANNEPC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 7/11/2010 6:48:34 PM | Computer Name = SUZANNEPC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 7/19/2010 5:18:46 PM | Computer Name = SUZANNEPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/22/2010 3:55:25 PM | Computer Name = SUZANNEPC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 7/22/2010 3:55:25 PM | Computer Name = SUZANNEPC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 7/30/2010 4:43:49 PM | Computer Name = SUZANNEPC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
[ System Events ]
Error - 8/28/2010 1:19:16 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
 arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 8/28/2010 1:19:16 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service SeaPort with
 arguments "-Service"  in order to run the server:  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 8/28/2010 1:19:17 AM | Computer Name = SUZANNEPC | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
   %%126
 
Error - 8/28/2010 1:50:44 AM | Computer Name = SUZANNEPC | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
   %%126
 
Error - 8/28/2010 1:50:45 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service SeaPort with
 arguments "-Service"  in order to run the server:  {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
 
Error - 8/28/2010 1:50:45 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service RoxWatch with
 arguments ""  in order to run the server:  {B5BA0EB9-E99C-45D1-86E2-20B8E1004C16}
 
Error - 8/28/2010 1:50:45 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
 arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 8/28/2010 1:50:45 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service BITS with arguments
 ""  in order to run the server:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 8/28/2010 1:50:45 AM | Computer Name = SUZANNEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
 arguments ""  in order to run the server:  {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 8/28/2010 1:27:56 PM | Computer Name = SUZANNEPC | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
   %%126
 
 
< End of report >

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

Great. I want to verify one file to be safe.

 

Please go to http://www.virustotal.com/

Copy and paste the following file path into the "[b]Upload a file[/b]" box in the center of the page:

 

C:\WINDOWS\System32\appmgmts.dll

 



Click on the [b]Send File[/b] button


Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.




If the file has been previously scanned, the results webpage will show:
"[b]File has already submitted:[/b]"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.





If there is more than one file listed for scanning, press the [b]Another File[/b] button at the bottom of the page. Repeat this procedure until all files listed have been scanned.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

uhm.....

if you remember I couldn't/can't copy and paste anything virus total at the upload a file option

nor will it allow me to type anything in that box

i browsed and couldnt find appmgmts.dll

i remembered you had me show hidden files before

so i checked that way as well

nothing

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

Thanks Time to clean up again, and then we're done. Once you cleanup make sure your antivirus is turned on.

 

 

Cleaning Up:
Double click the OTL icon on your Desktop
Press the 'Cleanup' button

 

(Note: this will remove Combofix as well)



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

grrr it's doin it again.....

other than taking so long to load a page

when going from one page to another the one page will get stuck

say for instance i have an open notepad note, like i'm copying a recipe

then i go back to the recipe site and it loads all but the block where notepad was.......

it seems to come and go

like my back pain

anything worth getting myself worked up about

or could it just be the ions in the air that day?

 

lol

 

ty

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Computer starting and running very very slow.

[ Edited ]

As I had mentioned before, you have a small operating system partition (Drive C:smileyhappy: on your computer along with very lttle free space. Normal operation of your computer will use some of the free space for temporary files. With such limited free space, some delays are inevitable.

 

You might try running the Disk Cleanup program that comes with your computer and delete the temporary files and folders. You'll find a link to the program in Start ->  All Programs -> Accessories -> System Tools -> Disk Cleanup.

 

If you want to check for infectiions, it would be best to handle that matter entirely at Broadband Reports which has a forum dedicated to malware cleanup.

 

You'll find the forum here: http://www.dslreports.com/forum/cleanup

 

You'll find instructions for the necessary programs to run here: http://www.dslreports.com/faq/13616  (I'm sure you will recognize some of them)

 

Once you have run the programs, post your logs in the Security Cleanup forum. Note the membership is not required, but posts from anonymous users require moderator approval in the Security Cleanup forum and may be delayed until a moderator releases them.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Bronze Star Contributor
Posts: 117
Registered: ‎11-11-2003

Re: Computer starting and running very very slow.

ok great thanks for the link....