lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Windows Vista Won't Update

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 4 of 6 123 4 56
 
Thread Tools
  #31  
Old 26th May 2009, 14:43
Donor Group
  
No change in the update status. Security Center doesn't see my AV (it was doing not seeing it before I ran that script) and I can't turn the MS firewall on. Well maybe I can if I go to the settings, but when I try through security center, I get a message saying it can't turn it on.

Looking at the "files created" section of the Combo log I saw this: ms49f4d98.dat. I googled it and saw on several malwares threads (bleeeping computer, geekstogo, kaspersky, ect. and they were moving it and deleting it. Ring any bells? I want to axe it with combofix (saw the instructions on Bleep) lol, but I will do NOTHING without your permission. I saw some other things on those logs that looked similar but I have not double checked them yet. I'm also curious about the apple stuff. The reason being, I'm looking at stuff they added at or around the time the first update failed, and that seems to have been May 16.
  #32  
Old 26th May 2009, 16:03
Malware Group
  
Hi Bubba

I think the file you refer to is just general crap which we can delete, I dont think it would prevent windows from updating. Regarding the apple stuff, ive not known it affect windows update but have you tried uninstalling it at all to rule out this possiblility.

Please run the following script..

Open notepad and copy/paste the text in the quotebox below into it:

Code:
Skipfix::

File::
c:\windows\ms49f4d98.dat
Save the script as CFScript.txt

Drag it over combofix and let it do its job

I want you to scan with a different tool just so we can get a different view of things

Download and Run OTL
Please download OTListIt by OldTimer to your desktop.
Open OTL by double clicking its icon. If you are using Windows Vista, right click OTListIt2.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTListIt.txt where OTListIt.exe is located.

Post back with the combofix log and the OTL log.
__________________
Proud member of ASAP & UNITE
__________________

My System: Steves Rig

Processor(s):
AMD Athlon 64x2 6000+
Motherboard:
ASUS M3N78 Pro
RAM Memory:
Corsair 4GB Dual Channel
Graphics Card(s):
NVIDIA GeForce 8400 GS
Sound Card:
Onboard
Hard Drive(s):
640GB Western Digital HD
Optical Drive(s):
LG Lightscribe
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
20Mb Virgin Media Broadband
Monitor(s):
Hanns-G 19" Widescreen
Operating System(s):
Vista Premium 64x
  #33  
Old 26th May 2009, 17:03
Donor Group
  
ComboFix 09-05-26.02 - Shirley 05/26/2009 19:41.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1796 [GMT -4:00]
Running from: c:\users\Shirley\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Shirley\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\windows\ms49f4d98.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ms49f4d98.dat

.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 23:30 . 2009-05-26 23:30 3371383 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 08:19 . 2009-05-26 08:19 286322536 ----a-w C:\Regback.reg
2009-05-26 00:47 . 2009-05-06 15:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{66E4D73A-4D5B-42EB-8326-72D19553A456}\mpengine.dll
2009-05-25 20:58 . 2009-05-25 20:58 -------- d-----w c:\programdata\Office Genuine Advantage
2009-05-24 11:58 . 2009-05-24 11:58 -------- d-----w c:\programdata\NortonInstaller
2009-05-22 23:57 . 2009-05-26 23:28 117760 ----a-w c:\users\Shirley\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 23:56 . 2009-05-22 23:56 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-22 23:52 . 2009-05-26 23:26 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 23:52 . 2009-05-22 23:52 -------- d-----w c:\users\Shirley\AppData\Roaming\SUPERAntiSpyware. com
2009-05-22 20:36 . 2009-05-22 20:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 15:06 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-22 15:06 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-22 15:06 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-22 15:06 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-22 15:06 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-22 15:06 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-22 15:06 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-22 15:06 . 2009-05-22 15:06 -------- d-----w c:\program files\Alwil Software
2009-05-22 04:38 . 2009-05-22 04:38 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-05-20 12:43 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-20 12:43 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-20 12:43 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-20 12:43 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-20 12:43 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-20 12:43 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-20 12:33 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-20 12:33 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-20 12:33 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-20 12:32 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-20 12:32 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-20 11:39 . 2009-05-20 11:39 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-20 04:03 . 2009-05-20 11:00 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-19 23:20 . 2009-05-19 23:20 -------- d-----w c:\users\Shirley\AppData\Local\Acer DV Magician
2009-05-19 23:10 . 2009-05-19 23:10 -------- d-----w c:\windows\Sun
2009-05-19 20:40 . 2009-05-19 20:40 -------- d-----w c:\users\Shirley\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40 . 2009-05-19 11:41 38200 ----a-w c:\users\Shirley\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-05-19 18:24 . 2009-05-26 22:49 -------- d-----w c:\users\Shirley\AppData\Local\Eraser
2009-05-19 18:24 . 2009-05-19 18:24 -------- d--h--w c:\users\Shirley\AppData\Local\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w c:\program files\Eraser
2009-05-19 17:20 . 2009-05-19 17:20 -------- d-----w c:\users\Shirley\AppData\Roaming\eSobi
2009-05-19 17:11 . 2008-07-10 06:32 538 ----a-w c:\windows\system32\RegRaidSedona.bat
2009-05-19 17:07 . 2009-05-19 17:07 -------- d-----w C:\NVIDIA
2009-05-19 14:04 . 2009-05-19 14:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-19 14:04 . 2009-05-19 14:05 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-19 13:01 . 2009-05-19 13:01 -------- d-----w c:\users\Shirley\AppData\Roaming\WinPatrol
2009-05-19 13:01 . 2006-09-18 21:43 10 ----a-w c:\users\Shirley\AppData\Roaming\WinPatrol\Config. sys
2009-05-19 13:01 . 2006-09-18 21:43 24 ----a-w c:\users\Shirley\AppData\Roaming\WinPatrol\Autoexe c.bat
2009-05-19 13:01 . 2009-05-19 13:01 -------- d-----w c:\program files\BillP Studios
2009-05-19 12:26 . 2009-05-19 12:26 -------- d-----w c:\users\Shirley\AppData\Roaming\Malwarebytes
2009-05-19 12:26 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 12:26 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 12:26 . 2009-05-26 23:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 12:26 . 2009-05-19 12:26 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 11:53 . 2009-05-19 11:53 0 ----a-w c:\windows\nsreg.dat
2009-05-19 11:53 . 2009-05-19 11:53 -------- d-----w c:\users\Shirley\AppData\Local\Mozilla
2009-05-19 11:41 . 2009-05-19 11:41 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 11:38 . 2009-05-19 12:45 -------- d-----w c:\programdata\NOS
2009-05-19 11:29 . 2009-05-19 11:29 -------- d-----w c:\users\Shirley\AppData\Local\Seven Zip
2009-05-19 10:41 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-19 10:41 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-19 10:41 . 2009-05-20 01:10 -------- d-----w c:\program files\iPod
2009-05-19 10:41 . 2009-05-19 10:41 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 10:41 . 2009-05-19 10:41 -------- d-----w c:\program files\iTunes
2009-05-19 10:38 . 2009-05-19 10:38 -------- d-----w c:\program files\QuickTime
2009-05-19 10:34 . 2009-05-19 10:34 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 10:34 . 2009-05-19 10:34 -------- d-----w c:\program files\Bonjour
2009-05-19 10:33 . 2009-05-19 10:33 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
2009-05-19 10:29 . 2009-05-19 10:29 410984 ----a-w c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-26 22:50 . 2009-02-17 13:54 602 ----a-w c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-05-24 04:22 . 2008-09-12 01:46 -------- d-----w c:\program files\Google
2009-05-20 11:55 . 2008-09-11 17:01 104472 ----a-w c:\users\Shirley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-20 11:51 . 2008-02-05 19:30 -------- d-----w c:\programdata\Microsoft Help
2009-05-20 11:49 . 2008-02-05 19:31 -------- d-----w c:\program files\Microsoft Works
2009-05-20 03:54 . 2008-09-12 14:01 -------- d-----w c:\program files\Lx_cats
2009-05-20 00:42 . 2008-02-05 20:19 -------- d-----w c:\program files\Common Files\Adobe
2009-05-19 23:28 . 2008-02-05 19:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 23:27 . 2008-02-05 19:49 -------- d-----w c:\program files\Acer Arcade Live
2009-05-19 23:20 . 2008-09-15 23:24 -------- d-----w c:\users\Shirley\AppData\Roaming\CyberLink
2009-05-19 21:38 . 2008-09-12 20:56 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-19 21:04 . 2008-09-12 14:09 1664 ----a-w c:\users\Shirley\AppData\Roaming\wklnhst.dat
2009-05-19 17:29 . 2009-03-04 15:55 -------- d-----w c:\users\Shirley\AppData\Roaming\Sony
2009-05-19 17:20 . 2008-02-05 19:22 -------- d-----w c:\programdata\NVIDIA
2009-05-19 16:54 . 2008-02-05 18:03 36864 ----a-w c:\windows\system32\nvcod100.dll
2009-05-19 16:54 . 2007-10-25 11:02 147456 ----a-w c:\windows\system32\nvcolor.exe
2009-05-19 11:32 . 2008-02-05 20:08 -------- d-----w c:\program files\Yahoo!
2009-05-19 11:05 . 2008-09-12 01:45 -------- d-----w c:\program files\Java
2009-05-19 10:41 . 2008-09-13 03:14 -------- d-----w c:\program files\Common Files\Apple
2009-05-19 10:38 . 2008-09-13 03:15 -------- d-----w c:\programdata\Apple Computer
2009-05-11 12:10 . 2009-05-11 12:10 78260 ----a-w c:\programdata\SPL23D4.tmp
2009-04-17 10:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 22:13 . 2009-04-02 22:13 702127 ----a-w c:\programdata\SPLFB91.tmp
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-17 05:22 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 05:22 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-20 03:47 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-20 03:47 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-20 03:47 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-20 03:47 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-20 03:47 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-20 03:47 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-20 03:47 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-20 03:47 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-20 03:47 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-20 03:47 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-20 03:47 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-20 03:47 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-20 03:47 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-20 03:47 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-20 03:47 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-20 03:47 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-20 03:47 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-20 03:47 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-17 05:22 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 05:22 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 05:22 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 05:22 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 05:22 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 05:22 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 05:22 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-17 05:22 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-17 05:22 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 05:22 17408 ----a-w c:\windows\system32\iashost.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-25_21.52.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-26 23:26 60960 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-26 23:26 80406 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-09-11 16:57 . 2009-05-26 22:51 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-11 16:57 . 2009-05-25 20:44 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-11 16:57 . 2009-05-26 22:51 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-11 16:57 . 2009-05-25 20:44 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-11 16:57 . 2009-05-26 22:51 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-09-11 16:57 . 2009-05-25 20:44 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-09-11 21:16 . 2009-05-26 08:22 2944 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-11 21:16 . 2009-05-22 15:07 2944 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-11 17:14 . 2009-05-26 23:26 8084 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2982904736-3036701459-4244829226-1000_UserData.bin
- 2009-05-25 20:44 . 2009-05-25 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-05-26 22:50 . 2009-05-26 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-05-25 20:44 . 2009-05-25 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-05-26 22:50 . 2009-05-26 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-09-12 19:37 . 2009-05-26 06:14 290548 c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2009-05-25 20:49 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-26 22:55 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-25 20:49 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-26 22:55 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"NVRaidService"="c:\windows\system32\nvraidservice .exe" [2008-11-12 203296]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-01-16 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4;FAMv4;c:\windows\System32\drivers\FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\Shirley\AppData\Roaming\Mozilla\Firefox\P rofiles\j0dqrqc6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.us.acer.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 19:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-05-26 19:43
ComboFix-quarantined-files.txt 2009-05-26 23:43
ComboFix2.txt 2009-05-26 06:39
ComboFix3.txt 2009-05-25 21:54

Pre-Run: 168,079,032,320 bytes free
Post-Run: 168,043,544,576 bytes free

262 --- E O F --- 2009-05-17 10:04


The logs are too long for 1 post and there are three logs so I'll do 3 posts.
  #34  
Old 26th May 2009, 17:07
Donor Group
  
OTListIt logfile created on: 5/26/2009 7:52:23 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Shirley\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 87.60% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 156.55 Gb Free Space | 68.62% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 220.81 Gb Free Space | 96.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-PC
Current User Name: Shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/16 03:42:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/06 20:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/17 14:38:20 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/12/30 17:54:42 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/03/08 08:21:18 | 00,537,520 | ---- | M] ( ) -- C:\Windows\system32\lxcecoms.exe
PRC - [2007/12/30 17:55:04 | 00,054,520 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2007/12/30 17:54:54 | 00,136,440 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2007/10/11 14:53:22 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/30 17:50:06 | 00,034,552 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/01/09 22:43:26 | 00,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/02/01 20:37:40 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2008/11/12 17:06:20 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/05/17 13:11:10 | 00,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4300 Series\lxcemon.exe
PRC - [2009/04/29 19:38:26 | 00,188,728 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/05/19 06:29:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/01/20 22:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/11/07 17:51:58 | 00,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2007/12/22 19:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/10/30 18:16:42 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/01/20 22:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/20 22:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/09 22:43:28 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/01/20 22:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.exe
PRC - [2009/05/26 19:34:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Shirley\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/06 20:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2007/10/17 14:38:20 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/12/30 17:54:42 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
SRV - [2007/12/19 22:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/03/08 08:21:18 | 00,537,520 | ---- | M] ( ) -- C:\Windows\system32\lxcecoms.exe -- (lxce_device [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/12/30 17:55:04 | 00,054,520 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2007/12/30 17:54:54 | 00,136,440 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2009/01/16 03:42:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 22:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 22:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 22:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 22:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 22:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2007/12/14 15:35:32 | 00,132,120 | ---- | M] (FAMv4) -- C:\Windows\system32\DRIVERS\FAMv4.sys -- (FAMv4 [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/01/20 22:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/06/13 16:56:40 | 00,247,808 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/07/02 22:05:20 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])
DRV - [2007/10/16 22:39:18 | 01,971,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 22:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2008/01/20 22:23:26 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008/02/05 15:36:55 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/08/01 11:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2009/01/16 03:42:00 | 07,744,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/11/12 17:02:46 | 00,133,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32 [Boot | Running])
DRV - [2008/08/25 02:22:52 | 00,015,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/11/12 17:02:46 | 00,146,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/01/20 22:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/05/14 14:22:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/05/14 14:22:00 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 22:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2007/02/01 20:37:36 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\Windows\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/20 22:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/09/10 19:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/11/06 13:30:48 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\Windows\system32\drivers\zntport.sys -- (zntport [Auto | Running])
DRV - [2009/05/14 14:22:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en.us.acer.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/20 08:48:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/25 16:59:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/25 16:59:28 | 00,000,000 | ---D | M]

[2009/05/19 07:53:31 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Extension s
[2009/05/19 07:53:31 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Extension s\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 15:09:51 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Extension s\mozswing@mozswing.org
[2009/05/19 07:53:31 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Firefox\P rofiles\j0dqrqc6.default\extensions
[2009/05/19 07:53:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/19 07:53:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306482 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10551 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" ()
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
O4 - HKCU..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/26 19:44:25 | 00,000,000 | R--D | M]
  #35  
Old 26th May 2009, 17:08
Donor Group
  
========== Files/Folders - Created Within 30 Days ==========

[7 C:\ProgramData\*.tmp files]
[2009/05/26 19:43:15 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/05/26 19:43:15 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/05/26 19:39:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/05/26 19:39:43 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/05/26 19:34:35 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Shirley\Desktop\OTListIt2.exe
[2009/05/26 18:30:46 | 14,436,63872 | ---- | C] () -- C:\Users\Shirley\Desktop\6002.18005.090410-1830_iso_update_sp_wave0-RTMSP2.0_DVD.iso
[2009/05/26 04:19:12 | 28,632,2536 | ---- | C] () -- C:\Regback.reg
[2009/05/26 03:49:52 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\Autoruns
[2009/05/26 03:49:07 | 00,582,708 | ---- | C] () -- C:\Users\Shirley\Desktop\Autoruns.zip
[2009/05/25 17:45:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/25 17:22:27 | 02,999,490 | R--- | C] () -- C:\Users\Shirley\Desktop\Combo-Fix.exe
[2009/05/25 17:04:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2009/05/25 16:58:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/05/25 12:37:37 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\ark
[2009/05/25 12:35:21 | 00,278,221 | ---- | C] () -- C:\Users\Shirley\Desktop\ark.zip
[2009/05/24 14:05:21 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/05/24 14:05:21 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/05/24 10:41:28 | 29,519,58528 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/24 09:45:12 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/05/24 09:44:54 | 29,551,2316 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/05/24 07:58:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/05/24 07:56:23 | 03,063,218 | ---- | C] (Symantec Corporation) -- C:\Users\Shirley\Desktop\Norton_Removal_Tool.exe
[2009/05/24 04:47:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/05/24 04:47:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/05/24 04:47:20 | 00,154,624 | ---- | C] () -- C:\Windows\PEV.exe
[2009/05/24 04:47:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/05/24 04:47:20 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/05/24 04:47:20 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/05/24 04:47:20 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/05/24 04:47:04 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/24 04:18:17 | 00,000,526 | ---- | C] () -- C:\Users\Shirley\Desktop\ResetTeaTimer.zip
[2009/05/24 00:27:20 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\backups
[2009/05/22 19:56:40 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/05/22 19:52:40 | 00,000,906 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/22 19:52:35 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\SUPERAntiSpyware. com
[2009/05/22 19:52:35 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/22 16:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/22 11:06:36 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/05/22 11:06:36 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/05/22 11:06:36 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 11:06:35 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/05/22 11:06:35 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/05/22 11:06:35 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/05/22 11:06:13 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/05/22 11:06:13 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/05/22 11:06:13 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/05/22 11:06:11 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/22 11:02:20 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Shirley\Desktop\HiJackThis.exe
[2009/05/22 11:01:24 | 06,367,264 | ---- | C] () -- C:\Users\Shirley\Desktop\SUPERAntiSpyware.exe
[2009/05/20 09:17:36 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\System Updates
[2009/05/20 08:43:28 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/20 08:43:26 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
[2009/05/20 08:43:24 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/20 08:43:24 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/20 08:43:24 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/20 08:43:23 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/20 08:43:20 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/20 08:43:15 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/20 08:33:09 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/20 08:33:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/20 08:33:02 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/05/20 08:32:39 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/20 08:32:33 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/20 07:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/20 00:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/05/19 23:47:57 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/19 23:47:57 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/19 23:47:57 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/19 23:47:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/19 23:47:57 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/19 23:47:56 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/19 23:47:56 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/19 23:47:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/19 23:47:55 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/19 23:47:55 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/19 23:47:55 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/19 23:47:55 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/19 23:47:55 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/19 23:47:55 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/19 23:47:55 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/19 23:47:54 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/19 23:47:54 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/19 23:47:54 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/19 23:47:54 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/19 23:47:54 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/19 23:47:54 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/19 23:47:54 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/19 23:47:54 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/19 23:47:54 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/19 23:47:53 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/19 23:47:53 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/19 23:47:53 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/19 23:47:53 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/19 23:47:53 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/19 23:47:53 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/19 23:47:53 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/19 23:47:53 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/19 23:47:52 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/19 23:47:52 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/19 23:47:52 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/19 23:47:52 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/19 23:47:51 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/19 23:47:51 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/19 23:47:50 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/19 23:47:50 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/19 23:47:50 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/19 23:47:50 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/19 23:47:50 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/19 23:47:50 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/19 23:47:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/19 23:47:49 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/19 23:47:49 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/19 23:47:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/19 23:47:49 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/19 23:47:49 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/19 23:47:49 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/19 23:47:48 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/19 23:47:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/19 23:47:48 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/19 23:47:47 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/19 22:55:22 | 00,000,000 | R--D | C] -- C:\Users\Shirley\Documents\Notes
[2009/05/19 19:38:28 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/05/19 19:10:14 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/05/19 16:40:59 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/19 14:24:32 | 00,000,000 | ---D | C] -- C:\Program Files\Eraser
[2009/05/19 14:19:23 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\Security Apps
[2009/05/19 13:20:42 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\eSobi
[2009/05/19 13:11:12 | 00,000,538 | ---- | C] () -- C:\Windows\System32\RegRaidSedona.bat
[2009/05/19 13:11:11 | 00,007,052 | ---- | C] () -- C:\Windows\System32\nvide.nvu
[2009/05/19 13:07:38 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/05/19 10:04:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/05/19 10:04:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/19 09:01:42 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\WinPatrol
[2009/05/19 09:01:34 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/05/19 08:26:12 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\Malwarebytes
[2009/05/19 08:26:10 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/19 08:26:08 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/19 08:26:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/19 08:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/19 07:53:31 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/19 07:53:22 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/05/19 07:41:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/19 07:40:33 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/05/19 07:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/05/19 07:38:37 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/05/19 06:41:36 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/19 06:41:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/19 06:41:12 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/19 06:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/19 06:38:50 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/05/19 06:38:36 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/19 06:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/18 09:34:15 | 01,083,881 | ---- | C] () -- C:\Users\Shirley\Desktop\100_0193.jpg
[2009/05/17 06:03:34 | 00,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/05/12 22:39:30 | 00,502,961 | ---- | C] () -- C:\Users\Shirley\Documents\joel project[1].pptx
[2009/05/04 17:37:36 | 01,262,316 | ---- | C] () -- C:\Users\Shirley\Documents\100_0098.jpg
[2009/05/04 17:33:32 | 00,000,162 | -H-- | C] () -- C:\Users\Shirley\Documents\~$ty app.docx
[2009/05/04 17:33:30 | 02,413,678 | ---- | C] () -- C:\Users\Shirley\Documents\ty app.docx
[2008/09/12 09:58:30 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxceserv.dll
[2008/09/12 09:58:30 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxceusb1.dll
[2008/09/12 09:58:30 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcehbn3.dll
[2008/09/12 09:58:30 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcecomc.dll
[2008/09/12 09:58:30 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcepmui.dll
[2008/09/12 09:58:30 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcelmpm.dll
[2008/09/12 09:58:30 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcecomm.dll
[2008/09/12 09:58:30 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxceinpa.dll
[2008/09/12 09:58:30 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxceiesc.dll
[2008/09/12 09:58:30 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcehcp.dll
[2008/09/12 09:58:30 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxceinst.dll
[2008/09/12 09:58:30 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxceprox.dll
[2008/09/12 09:58:30 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcepplc.dll
[2008/02/05 16:18:17 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 15:51:55 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/02/05 15:51:55 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/02/05 14:05:25 | 00,001,022 | ---- | C] () -- C:\Windows\generic.ini
[2008/02/05 14:05:25 | 00,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/22 21:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcecoin.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 09:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcevs.dll
[2005/02/24 20:23:52 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcecnv4.dll
[2001/12/26 20:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 03:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 20:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 02:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[7 C:\ProgramData\*.tmp files]
[2009/05/26 19:41:37 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/05/26 19:36:54 | 02,999,490 | R--- | M] () -- C:\Users\Shirley\Desktop\Combo-Fix.exe
[2009/05/26 19:34:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Shirley\Desktop\OTListIt2.exe
[2009/05/26 18:55:14 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/26 18:55:14 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/26 18:55:14 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/26 18:50:41 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/26 18:50:41 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/26 18:50:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/26 18:50:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/26 18:50:28 | 29,519,58528 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/26 18:31:16 | 14,436,63872 | ---- | M] () -- C:\Users\Shirley\Desktop\6002.18005.090410-1830_iso_update_sp_wave0-RTMSP2.0_DVD.iso
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/26 04:19:32 | 28,632,2536 | ---- | M] () -- C:\Regback.reg
[2009/05/26 03:49:08 | 00,582,708 | ---- | M] () -- C:\Users\Shirley\Desktop\Autoruns.zip
[2009/05/25 20:53:45 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/05/25 17:44:35 | 00,306,482 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/05/25 12:35:22 | 00,278,221 | ---- | M] () -- C:\Users\Shirley\Desktop\ark.zip
[2009/05/24 16:01:49 | 00,154,624 | ---- | M] () -- C:\Windows\PEV.exe
[2009/05/24 14:05:21 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/24 14:05:21 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/24 09:45:12 | 29,551,2316 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/24 07:56:36 | 03,063,218 | ---- | M] (Symantec Corporation) -- C:\Users\Shirley\Desktop\Norton_Removal_Tool.exe
[2009/05/24 04:18:25 | 00,000,526 | ---- | M] () -- C:\Users\Shirley\Desktop\ResetTeaTimer.zip
[2009/05/22 19:52:40 | 00,000,906 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/22 11:06:36 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 11:02:21 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Shirley\Desktop\HiJackThis.exe
[2009/05/22 11:01:35 | 06,367,264 | ---- | M] () -- C:\Users\Shirley\Desktop\SUPERAntiSpyware.exe
[2009/05/20 07:55:04 | 00,372,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/19 19:44:04 | 01,083,881 | ---- | M] () -- C:\Users\Shirley\Desktop\100_0193.jpg
[2009/05/19 17:59:22 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/05/19 17:04:14 | 00,001,664 | ---- | M] () -- C:\Users\Shirley\AppData\Roaming\wklnhst.dat
[2009/05/19 07:53:31 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/05/19 06:41:36 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/19 06:38:50 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/05/18 09:39:53 | 00,618,496 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2009/05/18 09:16:25 | 01,089,536 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2009/05/17 06:03:34 | 00,000,355 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/05/12 22:39:30 | 00,502,961 | ---- | M] () -- C:\Users\Shirley\Documents\joel project[1].pptx
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/07 02:08:22 | 00,000,402 | -HS- | M] () -- C:\Users\Shirley\Documents\desktop.ini
[2009/05/07 02:08:22 | 00,000,282 | -HS- | M] () -- C:\Users\Shirley\Desktop\desktop.ini
[2009/05/07 02:08:22 | 00,000,174 | -HS- | M] () -- C:\Users\Shirley\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\desktop.ini
[2009/05/06 15:01:45 | 00,023,552 | ---- | M] () -- C:\Users\Shirley\Documents\baby shower 2.wps
[2009/05/06 15:01:44 | 00,023,552 | ---- | M] () -- C:\Users\Shirley\Documents\baby shower 1.wps
[2009/05/06 15:01:42 | 00,018,432 | ---- | M] () -- C:\Users\Shirley\Documents\baby shower 4.wps
[2009/05/04 17:33:32 | 02,413,678 | ---- | M] () -- C:\Users\Shirley\Documents\ty app.docx
[2009/05/04 17:33:32 | 00,000,162 | -H-- | M] () -- C:\Users\Shirley\Documents\~$ty app.docx
[2009/05/04 17:24:49 | 01,262,316 | ---- | M] () -- C:\Users\Shirley\Documents\100_0098.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 522 bytes -> C:\Users\Shirley\Documents\Message.eml:OECustomPro perty
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
  #36  
Old 26th May 2009, 17:09
Donor Group
  
Whoops, four posts.......... i assume you want this extras logfile as well? Oh, and I downloaded SP2 for Vista. Install it or wait until we are finished?

OTListIt Extras logfile created on: 5/26/2009 7:52:23 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Shirley\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 87.60% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 156.55 Gb Free Space | 68.62% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 220.81 Gb Free Space | 96.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-PC
Current User Name: Shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Lexmark 4300 Series" = Lexmark 4300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MVApplication1" = Memorex exPressit Label Design Studio
"NTI Open File Manager" = NTI Open File Manager (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinPatrol" = WinPatrol 2009

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Eraser" = Eraser

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2009 8:12:54 PM | Computer Name = Shirley-PC | Source = pctsSvc.exe | ID = 0
Description =

Error - 5/19/2009 8:14:21 PM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/19/2009 11:52:11 PM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/20/2009 7:55:18 AM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/20/2009 8:55:28 AM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/20/2009 9:08:19 AM | Computer Name = Shirley-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 5/22/2009 11:42:36 AM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/23/2009 8:53:29 AM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/23/2009 10:30:34 AM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/24/2009 4:23:32 AM | Computer Name = Shirley-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 9/22/2008 6:23:06 PM | Computer Name = Shirley-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 10/7/2008 9:47:23 AM | Computer Name = Shirley-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 652680
seconds with 4620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/17/2009 6:02:42 AM | Computer Name = Shirley-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/17/2009 6:02:42 AM | Computer Name = Shirley-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/17/2009 6:13:31 AM | Computer Name = Shirley-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/17/2009 6:13:31 AM | Computer Name = Shirley-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/17/2009 6:14:25 AM | Computer Name = Shirley-PC | Source = HTTP | ID = 15016
Description =

Error - 4/17/2009 6:14:44 AM | Computer Name = Shirley-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/17/2009 5:07:24 PM | Computer Name = Shirley-PC | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/17/2009 5:07:24 PM | Computer Name = Shirley-PC | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/17/2009 5:08:09 PM | Computer Name = Shirley-PC | Source = HTTP | ID = 15016
Description =

Error - 4/17/2009 5:08:28 PM | Computer Name = Shirley-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  #37  
Old 27th May 2009, 01:15
Malware Group
  
Hi Bubba

Just a couple of things i notice that need attention..

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:
:OTLI
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

Let me know how things are....

Edit: Regarding Service Pack 2 - I would hang on a mo....
__________________
Proud member of ASAP & UNITE
  #38  
Old 27th May 2009, 10:04
Donor Group
  
Did you mean the Fixed log or run OTListit again and post that log? Nevermind, stupid question lol, you are at work. I'll do it and if you don't need it you can ignore it.

Fixed Log:
========== OTLISTIT ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\\ProxyEnable| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\\ProxyOverride| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\\ProxyEnable| /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Users\Shirley\AppData\Local\Temp\om299CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Shirley\AppData\Local\Temp\om2FEF7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05272009_125305

Files moved on Reboot...
File C:\Users\Shirley\AppData\Local\Temp\om299CE.tmp not found!
File C:\Users\Shirley\AppData\Local\Temp\om2FEF7.tmp not found!

Registry entries deleted on Reboot...
  #39  
Old 27th May 2009, 10:13
Donor Group
  
OTListIt Log 2. See above post for Ficed log if you went straight to this post:

Dang, too long again........

OTListIt logfile created on: 5/27/2009 1:05:34 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Shirley\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 92.97% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 154.41 Gb Free Space | 67.68% Space Free | Partition Type: NTFS
Drive D: | 227.87 Gb Total Space | 220.81 Gb Free Space | 96.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-PC
Current User Name: Shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/16 03:42:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/06 20:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/17 14:38:20 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/12/30 17:54:42 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/03/08 08:21:18 | 00,537,520 | ---- | M] ( ) -- C:\Windows\system32\lxcecoms.exe
PRC - [2007/12/30 17:55:04 | 00,054,520 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2007/12/30 17:54:54 | 00,136,440 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/10/11 14:53:22 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/30 17:50:06 | 00,034,552 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/01/09 22:43:26 | 00,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/02/01 20:37:40 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2008/11/12 17:06:20 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/05/17 13:11:10 | 00,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4300 Series\lxcemon.exe
PRC - [2007/05/17 13:13:32 | 00,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 4300 Series\ezprint.exe
PRC - [2009/04/29 19:38:26 | 00,188,728 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/05/19 06:29:44 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/20 12:07:26 | 00,337,216 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/01/20 22:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/11/07 17:51:58 | 00,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2008/01/20 22:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/12/22 19:03:28 | 00,916,240 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/05/26 19:26:30 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2008/10/30 18:16:42 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/01/20 22:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/01/09 22:43:28 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
PRC - [2008/01/20 22:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/09/06 15:02:04 | 00,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/26 19:34:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Shirley\Desktop\OTListIt2.exe
PRC - [2008/08/05 05:51:47 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\mcupdate.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/02/06 20:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2007/10/17 14:38:20 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/12/30 17:54:42 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
SRV - [2007/12/19 22:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/03/08 08:21:18 | 00,537,520 | ---- | M] ( ) -- C:\Windows\system32\lxcecoms.exe -- (lxce_device [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/12/30 17:55:04 | 00,054,520 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2007/12/30 17:54:54 | 00,136,440 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2009/01/16 03:42:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 22:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 22:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 22:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 22:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 22:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2007/12/14 15:35:32 | 00,132,120 | ---- | M] (FAMv4) -- C:\Windows\system32\DRIVERS\FAMv4.sys -- (FAMv4 [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/01/20 22:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/06/13 16:56:40 | 00,247,808 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/07/02 22:05:20 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])
DRV - [2007/10/16 22:39:18 | 01,971,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 22:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2008/01/20 22:23:26 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008/02/05 15:36:55 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/08/01 11:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2009/01/16 03:42:00 | 07,744,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/11/12 17:02:46 | 00,133,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32 [Boot | Running])
DRV - [2008/08/25 02:22:52 | 00,015,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/11/12 17:02:46 | 00,146,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/01/20 22:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/05/14 14:22:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/05/14 14:22:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/05/14 14:22:00 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 22:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2007/02/01 20:37:36 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\Windows\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/20 22:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/09/10 19:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/11/06 13:30:48 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\Windows\system32\drivers\zntport.sys -- (zntport [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en.us.acer.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/20 08:48:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/25 16:59:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/25 16:59:28 | 00,000,000 | ---D | M]

[2009/05/19 07:53:31 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Extension s
[2009/05/19 07:53:31 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Extension s\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 15:09:51 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Extension s\mozswing@mozswing.org
[2009/05/19 07:53:31 | 00,000,000 | ---D | M] -- C:\Users\Shirley\AppData\Roaming\mozilla\Firefox\P rofiles\j0dqrqc6.default\extensions
[2009/05/19 07:53:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/19 07:53:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306482 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10551 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" ()
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" (Lexmark International Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide (The Eraser Project)
O4 - HKCU..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/27 13:02:37 | 00,000,000 | R--D | M]
  #40  
Old 27th May 2009, 10:14
Donor Group
  
========== Files/Folders - Created Within 30 Days ==========

[7 C:\ProgramData\*.tmp files]
[2009/05/27 12:53:05 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/27 01:19:48 | 06,216,032 | ---- | C] (Microsoft Corporation) -- C:\Users\Shirley\Desktop\windowsupdateagent30-x86.exe
[2009/05/26 19:43:15 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/05/26 19:43:15 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/05/26 19:39:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/05/26 19:39:43 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/05/26 19:34:35 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Shirley\Desktop\OTListIt2.exe
[2009/05/26 18:30:46 | 14,436,63872 | ---- | C] () -- C:\Users\Shirley\Desktop\6002.18005.090410-1830_iso_update_sp_wave0-RTMSP2.0_DVD.iso
[2009/05/26 04:19:12 | 28,632,2536 | ---- | C] () -- C:\Regback.reg
[2009/05/26 03:49:52 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\Autoruns
[2009/05/26 03:49:07 | 00,582,708 | ---- | C] () -- C:\Users\Shirley\Desktop\Autoruns.zip
[2009/05/25 17:45:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/25 17:22:27 | 02,999,490 | R--- | C] () -- C:\Users\Shirley\Desktop\Combo-Fix.exe
[2009/05/25 17:04:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2009/05/25 16:58:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/05/25 12:37:37 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\ark
[2009/05/25 12:35:21 | 00,278,221 | ---- | C] () -- C:\Users\Shirley\Desktop\ark.zip
[2009/05/24 14:05:21 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/05/24 14:05:21 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/05/24 10:41:28 | 29,519,62624 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/24 09:45:12 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/05/24 09:44:54 | 29,551,2316 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/05/24 07:58:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/05/24 07:56:23 | 03,063,218 | ---- | C] (Symantec Corporation) -- C:\Users\Shirley\Desktop\Norton_Removal_Tool.exe
[2009/05/24 04:47:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/05/24 04:47:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/05/24 04:47:20 | 00,154,624 | ---- | C] () -- C:\Windows\PEV.exe
[2009/05/24 04:47:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/05/24 04:47:20 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/05/24 04:47:20 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/05/24 04:47:20 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/05/24 04:47:04 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/24 04:18:17 | 00,000,526 | ---- | C] () -- C:\Users\Shirley\Desktop\ResetTeaTimer.zip
[2009/05/24 00:27:20 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\backups
[2009/05/22 19:56:40 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/05/22 19:52:40 | 00,000,906 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/22 19:52:35 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\SUPERAntiSpyware. com
[2009/05/22 19:52:35 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/22 16:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/22 11:06:36 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/05/22 11:06:36 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/05/22 11:06:36 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 11:06:35 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/05/22 11:06:35 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/05/22 11:06:35 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/05/22 11:06:13 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/05/22 11:06:13 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/05/22 11:06:13 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/05/22 11:06:11 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/22 11:02:20 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Shirley\Desktop\HiJackThis.exe
[2009/05/22 11:01:24 | 06,367,264 | ---- | C] () -- C:\Users\Shirley\Desktop\SUPERAntiSpyware.exe
[2009/05/20 09:17:36 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\System Updates
[2009/05/20 08:43:28 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/20 08:43:26 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
[2009/05/20 08:43:24 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/20 08:43:24 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/20 08:43:24 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/20 08:43:23 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/20 08:43:20 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/20 08:43:15 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/20 08:33:09 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/20 08:33:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/20 08:33:02 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/05/20 08:32:39 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/20 08:32:33 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/20 07:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/20 00:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/05/19 23:47:57 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/19 23:47:57 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/19 23:47:57 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/19 23:47:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/19 23:47:57 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/19 23:47:56 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/19 23:47:56 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/19 23:47:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/19 23:47:55 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/19 23:47:55 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/19 23:47:55 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/19 23:47:55 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/19 23:47:55 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/19 23:47:55 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/19 23:47:55 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/19 23:47:54 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/19 23:47:54 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/19 23:47:54 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/19 23:47:54 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/19 23:47:54 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/19 23:47:54 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/19 23:47:54 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/19 23:47:54 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/19 23:47:54 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/19 23:47:53 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/19 23:47:53 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/19 23:47:53 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/19 23:47:53 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/19 23:47:53 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/19 23:47:53 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/19 23:47:53 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/19 23:47:53 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/19 23:47:52 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/19 23:47:52 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/19 23:47:52 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/19 23:47:52 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/19 23:47:51 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/19 23:47:51 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/19 23:47:50 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/19 23:47:50 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/19 23:47:50 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/19 23:47:50 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/19 23:47:50 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/19 23:47:50 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/19 23:47:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/19 23:47:49 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/19 23:47:49 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/19 23:47:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/19 23:47:49 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/19 23:47:49 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/19 23:47:49 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/19 23:47:48 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/19 23:47:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/19 23:47:48 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/19 23:47:47 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/19 22:55:22 | 00,000,000 | R--D | C] -- C:\Users\Shirley\Documents\Notes
[2009/05/19 19:38:28 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/05/19 19:10:14 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/05/19 16:40:59 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/19 14:24:32 | 00,000,000 | ---D | C] -- C:\Program Files\Eraser
[2009/05/19 14:19:23 | 00,000,000 | ---D | C] -- C:\Users\Shirley\Desktop\Security Apps
[2009/05/19 13:20:42 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\eSobi
[2009/05/19 13:11:12 | 00,000,538 | ---- | C] () -- C:\Windows\System32\RegRaidSedona.bat
[2009/05/19 13:11:11 | 00,007,052 | ---- | C] () -- C:\Windows\System32\nvide.nvu
[2009/05/19 13:07:38 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/05/19 10:04:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/05/19 10:04:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/19 09:01:42 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\WinPatrol
[2009/05/19 09:01:34 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/05/19 08:26:12 | 00,000,000 | ---D | C] -- C:\Users\Shirley\AppData\Roaming\Malwarebytes
[2009/05/19 08:26:10 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/19 08:26:08 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/19 08:26:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/19 08:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/19 07:53:31 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/19 07:53:22 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/05/19 07:41:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/19 07:40:33 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/05/19 07:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/05/19 07:38:37 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/05/19 06:41:36 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/19 06:41:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/19 06:41:12 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/19 06:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/19 06:38:50 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/05/19 06:38:36 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/19 06:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/18 09:34:15 | 01,083,881 | ---- | C] () -- C:\Users\Shirley\Desktop\100_0193.jpg
[2009/05/17 06:03:34 | 00,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/05/12 22:39:30 | 00,502,961 | ---- | C] () -- C:\Users\Shirley\Documents\joel project[1].pptx
[2009/05/04 17:37:36 | 01,262,316 | ---- | C] () -- C:\Users\Shirley\Documents\100_0098.jpg
[2009/05/04 17:33:32 | 00,000,162 | -H-- | C] () -- C:\Users\Shirley\Documents\~$ty app.docx
[2009/05/04 17:33:30 | 02,413,678 | ---- | C] () -- C:\Users\Shirley\Documents\ty app.docx
[2008/09/12 09:58:30 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxceserv.dll
[2008/09/12 09:58:30 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxceusb1.dll
[2008/09/12 09:58:30 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcehbn3.dll
[2008/09/12 09:58:30 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcecomc.dll
[2008/09/12 09:58:30 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcepmui.dll
[2008/09/12 09:58:30 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcelmpm.dll
[2008/09/12 09:58:30 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcecomm.dll
[2008/09/12 09:58:30 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxceinpa.dll
[2008/09/12 09:58:30 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxceiesc.dll
[2008/09/12 09:58:30 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcehcp.dll
[2008/09/12 09:58:30 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxceinst.dll
[2008/09/12 09:58:30 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxceprox.dll
[2008/09/12 09:58:30 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcepplc.dll
[2008/02/05 16:18:17 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 15:51:55 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/02/05 15:51:55 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/02/05 14:05:25 | 00,001,022 | ---- | C] () -- C:\Windows\generic.ini
[2008/02/05 14:05:25 | 00,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/02/22 21:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcecoin.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 09:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcevs.dll
[2005/02/24 20:23:52 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcecnv4.dll
[2001/12/26 20:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 03:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 20:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 02:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[7 C:\ProgramData\*.tmp files]
[2009/05/27 13:00:32 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/27 13:00:32 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/27 13:00:32 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/27 12:54:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/27 12:54:55 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/27 12:54:55 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/27 12:54:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/27 12:54:46 | 29,519,62624 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/27 01:19:53 | 06,216,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Shirley\Desktop\windowsupdateagent30-x86.exe
[2009/05/26 19:41:37 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/05/26 19:36:54 | 02,999,490 | R--- | M] () -- C:\Users\Shirley\Desktop\Combo-Fix.exe
[2009/05/26 19:34:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Shirley\Desktop\OTListIt2.exe
[2009/05/26 18:31:16 | 14,436,63872 | ---- | M] () -- C:\Users\Shirley\Desktop\6002.18005.090410-1830_iso_update_sp_wave0-RTMSP2.0_DVD.iso
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/26 04:19:32 | 28,632,2536 | ---- | M] () -- C:\Regback.reg
[2009/05/26 03:49:08 | 00,582,708 | ---- | M] () -- C:\Users\Shirley\Desktop\Autoruns.zip
[2009/05/25 20:53:45 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/05/25 17:44:35 | 00,306,482 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/05/25 12:35:22 | 00,278,221 | ---- | M] () -- C:\Users\Shirley\Desktop\ark.zip
[2009/05/24 16:01:49 | 00,154,624 | ---- | M] () -- C:\Windows\PEV.exe
[2009/05/24 14:05:21 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/24 14:05:21 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/24 09:45:12 | 29,551,2316 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/24 07:56:36 | 03,063,218 | ---- | M] (Symantec Corporation) -- C:\Users\Shirley\Desktop\Norton_Removal_Tool.exe
[2009/05/24 04:18:25 | 00,000,526 | ---- | M] () -- C:\Users\Shirley\Desktop\ResetTeaTimer.zip
[2009/05/22 19:52:40 | 00,000,906 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/22 11:06:36 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 11:02:21 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Shirley\Desktop\HiJackThis.exe
[2009/05/22 11:01:35 | 06,367,264 | ---- | M] () -- C:\Users\Shirley\Desktop\SUPERAntiSpyware.exe
[2009/05/20 07:55:04 | 00,372,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/19 19:44:04 | 01,083,881 | ---- | M] () -- C:\Users\Shirley\Desktop\100_0193.jpg
[2009/05/19 17:59:22 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/05/19 17:04:14 | 00,001,664 | ---- | M] () -- C:\Users\Shirley\AppData\Roaming\wklnhst.dat
[2009/05/19 07:53:31 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/05/19 06:41:36 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/19 06:38:50 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/05/18 09:39:53 | 00,618,496 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2009/05/18 09:16:25 | 01,089,536 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2009/05/17 06:03:34 | 00,000,355 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/05/12 22:39:30 | 00,502,961 | ---- | M] () -- C:\Users\Shirley\Documents\joel project[1].pptx
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/07 02:08:22 | 00,000,402 | -HS- | M] () -- C:\Users\Shirley\Documents\desktop.ini
[2009/05/07 02:08:22 | 00,000,282 | -HS- | M] () -- C:\Users\Shirley\Desktop\desktop.ini
[2009/05/07 02:08:22 | 00,000,174 | -HS- | M] () -- C:\Users\Shirley\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\desktop.ini
[2009/05/06 15:01:45 | 00,023,552 | ---- | M] () -- C:\Users\Shirley\Documents\baby shower 2.wps
[2009/05/06 15:01:44 | 00,023,552 | ---- | M] () -- C:\Users\Shirley\Documents\baby shower 1.wps
[2009/05/06 15:01:42 | 00,018,432 | ---- | M] () -- C:\Users\Shirley\Documents\baby shower 4.wps
[2009/05/04 17:33:32 | 02,413,678 | ---- | M] () -- C:\Users\Shirley\Documents\ty app.docx
[2009/05/04 17:33:32 | 00,000,162 | -H-- | M] () -- C:\Users\Shirley\Documents\~$ty app.docx
[2009/05/04 17:24:49 | 01,262,316 | ---- | M] () -- C:\Users\Shirley\Documents\100_0098.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 522 bytes -> C:\Users\Shirley\Documents\Message.eml:OECustomPro perty
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Reply
Page 4 of 6 123 4 56

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.