Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    May 2011
    Posts
    11
    Points
    0

    Default Firefox and IE randomly crash

    I've got several issues that all seem to be related. Firefox and IE both crash randomly. I've installed Chrome and currently it hasn't crashed at all, but is very slow to load web pages. Windows Update will not connect to the update server and Windows Error Reporting cannot connect to its server to send reports and look for solutions.

    I've tried both IE8 and 9, and Firefox 3.x and 4.x. I even restored my computer (complete partition restore using Acronis) from a backup from 2 months ago when I didn't have any problems, but the problem followed me through 2 restores. I keep thinking there is something that is hiding on my hard drive, outside the actual OS partition but my scans with Spybot only found GiftLoader, which it says it removed.

    After logging onto this site, I've installed HiJackThis, Malwarebytes and SuperAntiSpyware and ran them. The logs for each are below. In addition, here are the crash logs generated by both Firefox and IE.

    IE9 Crash Report
    Source
    Internet Explorer

    Summary
    Stopped working

    Date
    ?4/?22/?2011 2:31 AM

    Status
    Report sent

    Description
    Faulting Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Problem signature
    Problem Event Name: APPCRASH
    Application Name: iexplore.exe
    Application Version: 9.0.8112.16421
    Application Timestamp: 4d76255d
    Fault Module Name: StackHash_a7aa
    Fault Module Version: 0.0.0.0
    Fault Module Timestamp: 00000000
    Exception Code: c0000005
    Exception Offset: 00014ea3
    OS Version: 6.1.7600.2.0.0.256.1
    Locale ID: 1033
    Additional Information 1: a7aa
    Additional Information 2: a7aa91f17ea749d42a4de3b390fa5b3d
    Additional Information 3: a7aa
    Additional Information 4: a7aa91f17ea749d42a4de3b390fa5b3d

    Extra information about the problem
    Bucket ID: 2354425469




    Firefox Crash Detail:

    Add-ons: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3,{47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0,{1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3,{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8,firefox@facebook.com:1.6,{bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1,{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1,{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,noia2_option@kk.noia:3.76,{AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81,{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3,{340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7,{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15,{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
    BuildID: 20110303024726
    CrashTime: 1304312313
    EMCheckCompatibility: true
    FramePoisonBase: 00000000f0de0000
    FramePoisonSize: 65536
    InstallTime: 1300042552
    ProductName: Firefox
    ReleaseChannel: release
    SecondsSinceLastCrash: 30793634
    StartupTime: 1304312286
    Theme: Noia2f
    Throttleable: 1
    URL: Microsoft Online Crash Analysis
    Vendor: Mozilla
    Version: 3.6.15






    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/03/2011 at 04:17 PM

    Application Version : 4.51.1000

    Core Rules Database Version : 6979
    Trace Rules Database Version: 4791

    Scan type : Complete Scan
    Total Scan Time : 03:32:54

    Memory items scanned : 1086
    Memory threats detected : 0
    Registry items scanned : 12164
    Registry threats detected : 0
    File items scanned : 73398
    File threats detected : 167

    Adware.Tracking Cookie
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ad.yieldmanager[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@msnportal.112.2o7[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@mm.chitika[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@serving-sys[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ad.wsod[5].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@realmedia[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@invitemedia[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@questionmarket[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@247realmedia[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.wsod[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@content.yieldmanager[3].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@network.realmedia[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@media6degrees[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@apmebf[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adbrite[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@2o7[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@tribalfusion[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@imrworldwide[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@thefuckingweather[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@content.yieldmanager[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@bs.serving-sys[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@specificclick[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@oasn04.247realmedia[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.yieldmanager[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@msnportal.112.2o7[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ads.bridgetrack[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@snapfish.112.2o7[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@interclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@pointroll[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@a1.interclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adecn[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@mediaplex[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@trafficmp[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@serving-sys[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@fastclick[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adserver.adpredictive[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@yieldmanager[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ads.pointroll[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@casalemedia[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adserver.adtechus[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adxpose[1].txt
    .steelhousemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .steelhousemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .steelhousemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .steelhousemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .fastclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .videoegg.adbureau.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\s2mkaxrl.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .zedo.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .kontera.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .xiti.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ar.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    segment-pixel.invitemedia.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    g-pixel.invitemedia.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificmedia.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .specificclick.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adserver.adtechus.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tacoda.at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .at.atwola.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .advertising.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .collective-media.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .mediaplex.com [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revsci.net [ C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    i.adultswim.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    ia.media-imdb.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    media.khou.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    media.mtvnservices.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    media.scanscout.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    media1.break.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    media1.nfb.ca [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    msnbcmedia.msn.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    secure-us.imrworldwide.com [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    Immersive Media [ C:\Users\Scott\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GKMG6WRM ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ad.wsod[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@msnbc.112.2o7[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ad.wsod[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@sales.liveperson[3].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@invitemedia[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@imrworldwide[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ad.wsod[3].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ehg-verizon.hitbox[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@adbrite[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@content.yieldmanager[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@content.yieldmanager[3].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@atdmt[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@bs.serving-sys[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@collective-media[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@atdmt[4].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@atdmt.combing[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@adinterax[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@statse.webtrendslive[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@atdmt[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@yieldmanager[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@imrworldwide[3].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@sales.liveperson[1].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@richmedia.yahoo[2].txt
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\scott@ads.monster[1].txt






    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6500

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/4/2011 1:46:16 AM
    mbam-log-2011-05-04 (01-46-16).txt

    Scan type: Quick scan
    Objects scanned: 173150
    Time elapsed: 16 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)






    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:54:26 AM, on 5/4/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16722)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\CompanionLink\CompanionLink.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\SetPoint\SetPoint.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_0.50_windows_intelx86__sse2.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Scott\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe.bak" /P dellsupportcenter
    O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
    O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
    O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
    O4 - HKCU\..\Run: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: PGPtray.exe.lnk = ?
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
    O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
    O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos...ineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: acaptuser32.dll PGPmapih.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PGPserv - PGP Corporation - C:\Windows\system32\PGPserv.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

  2. #2
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello lonewolf147 and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at Help2Go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, I use Google as resource to research what the problem is just to understand some of the infections that are infecting the computer and understand where I need to focus more on to ensure that the member get the best and honest service.

    so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. Never will there be an all in one solution for repairing an infected computer. You must have a great arsenal of utilities that can take care of what another program may miss or isn't as specialized as another.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please reply using the Reply to Thread button in the lower left hand corner of your screen. Do not start a new topic.
    6. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    7. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    8. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!

    While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

    Open Spybot Search & Destroy.
    In the Mode menu click Advanced mode if not already selected.
    Choose Yes at the Warning prompt.
    Expand the Tools menu.
    Click Resident.
    Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
    If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
    In the File menu click Exit to exit Spybot Search & Destroy.

    ------------------------------------------------------

    If for some reason during these fixes you receive prompts from Spybot about whether to Allow or Deny any changes, please Allow them all.

    OK..If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    Step 1.

    * exeHelper by Raktor.

    Please download: exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2.

    Download TDSSKiller.exe (v2.4.0.0) from Kaspersky Labs and save it to your desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension
    • Click the Start Scan button.
    • Do not use the computer during the scan.
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
    * Post this log to your next message.

    If needed see the TDSS Rootkit Removing Tool website for detailed instructions on running TDSSkiller.
    ========

    Step 4.

    Please visit this webpage for instructions for downloading and running ComboFix if you have problems running it:

    Please download ComboFix from one of the following mirrors, and save it to your desktop.
    Warning: This tool is not a toy and not for everyday use!.
    Link 1
    Link 2
    Link 3
    • Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
    • Please insert all usb-drives before running Combofix
    • Close any open browsers.
    • Double click on your desktop.
      If using Vista/Win7, right-click and Run as Administrator...
    • Read and accept (Press Yes) to the disclaimer. *If using Windows XP... Please allow Combofix tool to download and install the Microsoft Recovery Console.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
      Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
      **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    • *Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      Post the log from ComboFix in your next reply.


    *EXTRA NOTES*

    * If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    * If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    * If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Summary of the logs I will need in your next reply:
    • ExeHelper log.
    • The ComboFix log.
    • The TDSSKiller.exe log.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  3. #3
    Member
    Join Date
    May 2011
    Posts
    11
    Points
    0

    Default

    Thanks for helping! (by the way, after running these, my system is already running better.)

    Here's the first log...

    exeHelper by Raktor
    Build 20100414
    Run at 12:11:19 on 05/07/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--


    Second log:

    2011/05/07 12:14:04.0673 6736 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/07 12:14:06.0237 6736 ================================================================================
    2011/05/07 12:14:06.0237 6736 SystemInfo:
    2011/05/07 12:14:06.0237 6736
    2011/05/07 12:14:06.0237 6736 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/07 12:14:06.0237 6736 Product type: Workstation
    2011/05/07 12:14:06.0237 6736 ComputerName: SHADOWOLF
    2011/05/07 12:14:06.0238 6736 UserName: Scott
    2011/05/07 12:14:06.0238 6736 Windows directory: C:\Windows
    2011/05/07 12:14:06.0238 6736 System windows directory: C:\Windows
    2011/05/07 12:14:06.0238 6736 Processor architecture: Intel x86
    2011/05/07 12:14:06.0238 6736 Number of processors: 2
    2011/05/07 12:14:06.0238 6736 Page size: 0x1000
    2011/05/07 12:14:06.0238 6736 Boot type: Normal boot
    2011/05/07 12:14:06.0238 6736 ================================================================================
    2011/05/07 12:14:08.0473 6736 Initialize success
    2011/05/07 12:14:12.0429 7664 ================================================================================
    2011/05/07 12:14:12.0429 7664 Scan started
    2011/05/07 12:14:12.0430 7664 Mode: Manual;
    2011/05/07 12:14:12.0430 7664 ================================================================================
    2011/05/07 12:14:13.0729 7664 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/07 12:14:13.0905 7664 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/07 12:14:14.0139 7664 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/07 12:14:14.0280 7664 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/07 12:14:14.0487 7664 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/07 12:14:14.0716 7664 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/07 12:14:14.0947 7664 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\Windows\system32\DRIVERS\afcdp.sys
    2011/05/07 12:14:15.0137 7664 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/07 12:14:15.0334 7664 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/07 12:14:15.0455 7664 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/07 12:14:15.0658 7664 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/07 12:14:15.0785 7664 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/07 12:14:15.0901 7664 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/07 12:14:16.0026 7664 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/07 12:14:16.0145 7664 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/07 12:14:16.0305 7664 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/07 12:14:16.0446 7664 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/07 12:14:16.0851 7664 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/07 12:14:16.0982 7664 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/05/07 12:14:17.0120 7664 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/07 12:14:17.0356 7664 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/07 12:14:17.0496 7664 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/07 12:14:17.0631 7664 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/07 12:14:17.0724 7664 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/07 12:14:17.0900 7664 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/07 12:14:18.0157 7664 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/07 12:14:18.0341 7664 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    2011/05/07 12:14:18.0533 7664 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/07 12:14:18.0711 7664 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/07 12:14:18.0840 7664 BlueletAudio (bc0e1c15e6fb3e20cd558f496ea684a0) C:\Windows\system32\DRIVERS\blueletaudio.sys
    2011/05/07 12:14:18.0955 7664 BlueletSCOAudio (5f81a2d1abc1e480c6152f7b9e446bfa) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
    2011/05/07 12:14:19.0155 7664 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/07 12:14:19.0282 7664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/07 12:14:19.0382 7664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/07 12:14:19.0515 7664 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/07 12:14:19.0710 7664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/07 12:14:19.0831 7664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/07 12:14:19.0925 7664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/07 12:14:20.0106 7664 Btcsrusb (942c602296119d758547808221c85a2c) C:\Windows\system32\Drivers\btcusb.sys
    2011/05/07 12:14:20.0235 7664 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/05/07 12:14:20.0370 7664 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\Windows\system32\Drivers\BtHidBus.sys
    2011/05/07 12:14:20.0499 7664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/07 12:14:20.0648 7664 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/05/07 12:14:20.0833 7664 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/05/07 12:14:21.0137 7664 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/05/07 12:14:21.0301 7664 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\Windows\system32\Drivers\btnetBus.sys
    2011/05/07 12:14:21.0500 7664 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
    2011/05/07 12:14:21.0651 7664 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/07 12:14:21.0833 7664 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/07 12:14:21.0993 7664 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/07 12:14:22.0137 7664 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/07 12:14:22.0331 7664 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/07 12:14:22.0442 7664 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/07 12:14:22.0577 7664 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/07 12:14:22.0723 7664 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/07 12:14:22.0846 7664 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/07 12:14:22.0997 7664 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/07 12:14:23.0204 7664 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/07 12:14:23.0466 7664 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/07 12:14:23.0617 7664 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/07 12:14:23.0767 7664 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/07 12:14:23.0950 7664 DKRtWrt (890b806894cd5c23dcec5a99b5f8abe2) C:\Windows\system32\DRIVERS\DKRtWrt.sys
    2011/05/07 12:14:24.0134 7664 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/07 12:14:24.0290 7664 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/07 12:14:24.0823 7664 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/07 12:14:25.0468 7664 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
    2011/05/07 12:14:25.0623 7664 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/07 12:14:25.0796 7664 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/07 12:14:25.0950 7664 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/07 12:14:26.0104 7664 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/07 12:14:26.0286 7664 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/07 12:14:26.0435 7664 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/07 12:14:26.0592 7664 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/07 12:14:26.0736 7664 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/07 12:14:26.0853 7664 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/07 12:14:27.0057 7664 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/07 12:14:27.0189 7664 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/07 12:14:27.0366 7664 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/07 12:14:27.0523 7664 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/07 12:14:27.0678 7664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/07 12:14:27.0809 7664 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2011/05/07 12:14:27.0965 7664 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
    2011/05/07 12:14:28.0079 7664 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/07 12:14:28.0252 7664 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/07 12:14:28.0418 7664 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/07 12:14:28.0540 7664 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/07 12:14:28.0734 7664 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/07 12:14:28.0858 7664 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/07 12:14:28.0989 7664 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/07 12:14:29.0190 7664 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/07 12:14:29.0397 7664 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/05/07 12:14:29.0939 7664 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/05/07 12:14:30.0165 7664 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/07 12:14:30.0522 7664 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/07 12:14:30.0661 7664 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/07 12:14:30.0815 7664 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/05/07 12:14:31.0108 7664 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/07 12:14:31.0273 7664 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/07 12:14:31.0423 7664 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/07 12:14:31.0616 7664 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/07 12:14:31.0758 7664 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/07 12:14:31.0892 7664 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/07 12:14:32.0068 7664 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/07 12:14:32.0172 7664 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/07 12:14:32.0298 7664 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/07 12:14:32.0512 7664 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\Windows\system32\Drivers\IvtBtBus.sys
    2011/05/07 12:14:32.0643 7664 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/07 12:14:32.0808 7664 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/07 12:14:32.0952 7664 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/07 12:14:33.0099 7664 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/07 12:14:33.0410 7664 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/05/07 12:14:33.0592 7664 LHidFilt (105009fc8df9b612f82d2758d4345b1b) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/05/07 12:14:33.0759 7664 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/07 12:14:33.0906 7664 LMouFilt (3d1d1c307f215924af837506d6919d90) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/05/07 12:14:34.0071 7664 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/07 12:14:34.0224 7664 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/07 12:14:34.0363 7664 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/07 12:14:34.0513 7664 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/07 12:14:34.0677 7664 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/07 12:14:34.0908 7664 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/05/07 12:14:35.0037 7664 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/07 12:14:35.0161 7664 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/07 12:14:35.0361 7664 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/07 12:14:35.0483 7664 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/07 12:14:35.0614 7664 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/07 12:14:35.0766 7664 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/07 12:14:35.0883 7664 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/07 12:14:36.0024 7664 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/07 12:14:36.0175 7664 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/07 12:14:36.0325 7664 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/07 12:14:36.0503 7664 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/07 12:14:36.0684 7664 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/07 12:14:36.0918 7664 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/07 12:14:37.0088 7664 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/07 12:14:37.0244 7664 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/07 12:14:37.0450 7664 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/07 12:14:37.0575 7664 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/07 12:14:37.0716 7664 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/07 12:14:37.0929 7664 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/07 12:14:38.0046 7664 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/07 12:14:38.0157 7664 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/07 12:14:38.0288 7664 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/07 12:14:38.0467 7664 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/07 12:14:38.0596 7664 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/07 12:14:38.0700 7664 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/07 12:14:38.0842 7664 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/07 12:14:39.0013 7664 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/07 12:14:39.0202 7664 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/07 12:14:39.0307 7664 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/07 12:14:39.0447 7664 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/07 12:14:39.0574 7664 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/07 12:14:39.0764 7664 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/07 12:14:39.0931 7664 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/07 12:14:40.0049 7664 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/07 12:14:40.0199 7664 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/07 12:14:40.0622 7664 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    2011/05/07 12:14:41.0451 7664 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/07 12:14:41.0640 7664 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/07 12:14:41.0804 7664 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/07 12:14:41.0992 7664 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/07 12:14:42.0393 7664 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/07 12:14:43.0111 7664 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/07 12:14:44.0487 7664 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/05/07 12:14:44.0669 7664 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/05/07 12:14:44.0867 7664 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/07 12:14:45.0104 7664 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    2011/05/07 12:14:45.0419 7664 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    2011/05/07 12:14:45.0530 7664 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/07 12:14:45.0745 7664 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/07 12:14:45.0878 7664 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/07 12:14:46.0011 7664 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/07 12:14:46.0294 7664 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
    2011/05/07 12:14:46.0507 7664 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/07 12:14:46.0663 7664 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/07 12:14:46.0818 7664 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/07 12:14:46.0985 7664 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/07 12:14:47.0141 7664 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/07 12:14:47.0491 7664 PGPdisk (dcac0a597a191c125ae1988bafcd7a4f) C:\Windows\system32\drivers\PGPdisk.sys
    2011/05/07 12:14:47.0636 7664 pgpfs (4689f39874f9d43c80113e64497b7d55) C:\Windows\system32\Drivers\PGPfsfd.sys
    2011/05/07 12:14:47.0798 7664 PGPsdkDriver (38ca493448682768a612bb5b827620b1) C:\Windows\system32\Drivers\PGPsdk.sys
    2011/05/07 12:14:47.0944 7664 PGPwded (f9163decf89f6720486117b56ed46399) C:\Windows\system32\drivers\PGPwded.sys
    2011/05/07 12:14:48.0168 7664 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
    2011/05/07 12:14:48.0441 7664 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/07 12:14:48.0634 7664 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/07 12:14:48.0822 7664 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/07 12:14:49.0042 7664 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/07 12:14:49.0513 7664 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/07 12:14:49.0710 7664 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/07 12:14:49.0896 7664 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/07 12:14:50.0043 7664 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/07 12:14:50.0209 7664 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/07 12:14:50.0360 7664 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/07 12:14:50.0519 7664 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/07 12:14:50.0710 7664 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/07 12:14:50.0894 7664 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/07 12:14:51.0048 7664 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/07 12:14:51.0194 7664 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/07 12:14:51.0351 7664 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/07 12:14:51.0563 7664 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/07 12:14:51.0692 7664 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/07 12:14:51.0916 7664 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/07 12:14:52.0174 7664 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
    2011/05/07 12:14:52.0320 7664 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/05/07 12:14:52.0478 7664 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/05/07 12:14:52.0615 7664 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/05/07 12:14:52.0753 7664 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
    2011/05/07 12:14:52.0926 7664 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/05/07 12:14:53.0076 7664 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/05/07 12:14:53.0264 7664 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
    2011/05/07 12:14:53.0454 7664 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/07 12:14:53.0608 7664 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/07 12:14:53.0880 7664 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/05/07 12:14:54.0042 7664 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/05/07 12:14:54.0260 7664 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/07 12:14:54.0513 7664 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
    2011/05/07 12:14:54.0654 7664 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/07 12:14:54.0863 7664 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/05/07 12:14:55.0063 7664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/07 12:14:55.0270 7664 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/07 12:14:55.0376 7664 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/07 12:14:55.0525 7664 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/07 12:14:55.0809 7664 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/07 12:14:55.0960 7664 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/07 12:14:56.0080 7664 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/07 12:14:56.0209 7664 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/07 12:14:56.0439 7664 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/07 12:14:56.0583 7664 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/07 12:14:56.0722 7664 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/07 12:14:56.0876 7664 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/07 12:14:57.0069 7664 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\Windows\system32\DRIVERS\snapman.sys
    2011/05/07 12:14:57.0270 7664 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    2011/05/07 12:14:57.0420 7664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/07 12:14:57.0666 7664 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/07 12:14:57.0968 7664 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/07 12:14:58.0248 7664 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/05/07 12:14:58.0462 7664 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/05/07 12:14:58.0869 7664 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/05/07 12:14:59.0217 7664 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/07 12:14:59.0391 7664 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
    2011/05/07 12:14:59.0532 7664 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    2011/05/07 12:14:59.0665 7664 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
    2011/05/07 12:14:59.0852 7664 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
    2011/05/07 12:15:00.0094 7664 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/07 12:15:00.0271 7664 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    2011/05/07 12:15:00.0476 7664 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    2011/05/07 12:15:00.0855 7664 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/07 12:15:01.0024 7664 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/07 12:15:01.0166 7664 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/07 12:15:01.0503 7664 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/05/07 12:15:01.0927 7664 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/07 12:15:02.0074 7664 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/07 12:15:02.0248 7664 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/07 12:15:02.0458 7664 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\Windows\system32\DRIVERS\tdrpm251.sys
    2011/05/07 12:15:02.0685 7664 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/07 12:15:02.0825 7664 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/07 12:15:02.0987 7664 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/07 12:15:03.0226 7664 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
    2011/05/07 12:15:03.0428 7664 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\Windows\system32\DRIVERS\timntr.sys
    2011/05/07 12:15:03.0668 7664 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\Windows\system32\DRIVERS\tmactmon.sys
    2011/05/07 12:15:03.0821 7664 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\Windows\system32\DRIVERS\tmcomm.sys
    2011/05/07 12:15:04.0024 7664 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
    2011/05/07 12:15:04.0180 7664 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
    2011/05/07 12:15:04.0393 7664 tmpreflt (9cbbe54780770fdb7aaa73be530e4d80) C:\Windows\system32\DRIVERS\tmpreflt.sys
    2011/05/07 12:15:04.0598 7664 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
    2011/05/07 12:15:04.0770 7664 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
    2011/05/07 12:15:05.0069 7664 tmxpflt (6cc393305bd60056ca09a4c8032a169a) C:\Windows\system32\DRIVERS\tmxpflt.sys
    2011/05/07 12:15:05.0309 7664 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/07 12:15:05.0440 7664 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/07 12:15:05.0678 7664 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/07 12:15:05.0867 7664 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/07 12:15:06.0098 7664 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/07 12:15:06.0273 7664 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/07 12:15:06.0481 7664 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/07 12:15:06.0768 7664 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/07 12:15:06.0950 7664 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/07 12:15:07.0104 7664 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/07 12:15:07.0249 7664 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/07 12:15:07.0420 7664 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/07 12:15:07.0536 7664 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/07 12:15:07.0744 7664 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/07 12:15:07.0826 7664 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/07 12:15:07.0999 7664 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/07 12:15:08.0235 7664 VComm (0955553090e0a88614e5b8a02af9324c) C:\Windows\system32\DRIVERS\VComm.sys
    2011/05/07 12:15:08.0385 7664 VcommMgr (ea0d7c68dc77b478f1c08022b8afe8ca) C:\Windows\system32\Drivers\VcommMgr.sys
    2011/05/07 12:15:08.0535 7664 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/07 12:15:08.0714 7664 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/07 12:15:08.0839 7664 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/07 12:15:08.0984 7664 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/07 12:15:09.0151 7664 VHidMinidrv (95a38e0a1b06109ad2bfb50dd40e31db) C:\Windows\system32\drivers\VHIDMini.sys
    2011/05/07 12:15:09.0290 7664 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/07 12:15:09.0443 7664 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/07 12:15:09.0616 7664 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/07 12:15:09.0802 7664 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/07 12:15:09.0949 7664 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/07 12:15:10.0082 7664 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/07 12:15:10.0234 7664 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/07 12:15:10.0397 7664 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/07 12:15:10.0631 7664 vsapint (bbdd84ca629c1f7c8172b4405867f196) C:\Windows\system32\DRIVERS\vsapint.sys
    2011/05/07 12:15:10.0904 7664 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/07 12:15:11.0100 7664 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/07 12:15:11.0284 7664 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/07 12:15:11.0424 7664 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/07 12:15:11.0570 7664 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/07 12:15:11.0819 7664 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/07 12:15:12.0009 7664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/07 12:15:12.0451 7664 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/07 12:15:12.0587 7664 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/07 12:15:12.0755 7664 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/05/07 12:15:13.0359 7664 WINUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS
    2011/05/07 12:15:13.0606 7664 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/07 12:15:13.0887 7664 WQ_USBHWA (3209ffbb904ec32553b2f38a1faf8209) C:\Windows\system32\DRIVERS\WQ_hwa.sys
    2011/05/07 12:15:14.0062 7664 WQ_USBLOAD (72d81978426a4185488aaa27f5e705e5) C:\Windows\system32\DRIVERS\WQ_ldr.sys
    2011/05/07 12:15:14.0284 7664 WQ_USBRCI (53995942d9b48659b908d996a7e9c32e) C:\Windows\system32\DRIVERS\WQ_rci.sys
    2011/05/07 12:15:14.0519 7664 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/07 12:15:14.0764 7664 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/07 12:15:14.0930 7664 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/07 12:15:15.0164 7664 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/05/07 12:15:15.0447 7664 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/07 12:15:15.0603 7664 ================================================================================
    2011/05/07 12:15:15.0603 7664 Scan finished
    2011/05/07 12:15:15.0603 7664 ================================================================================
    2011/05/07 12:15:15.0649 7308 Detected object count: 1
    2011/05/07 12:15:22.0572 7308 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/07 12:15:22.0573 7308 \HardDisk1 - ok
    2011/05/07 12:15:22.0582 7308 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
    2011/05/07 12:16:47.0015 7468 Deinitialize success



    Here's the third log:

    ComboFix 11-05-07.01 - Scott 05/07/2011 17:54:25.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2418 [GMT -5:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Scott\AppData\Local\Temp\sfamcc00001.dll
    c:\users\Scott\AppData\Local\Temp\sfareca00001.dll
    c:\users\Scott\Documents\DIR-615 Router Settings.bin
    c:\users\Scott\g2mdlhlpx.exe
    c:\windows\system32\service
    c:\windows\system32\service\04052011_TIS17_SfFniAU.log
    c:\windows\system32\service\16032011_TIS17_SfFniAU.log
    c:\windows\system32\service\23022010_TIS17_SfFniAU.log
    c:\windows\system32\service\23032010_TIS17_SfFniAU.log
    c:\windows\system32\service\27032010_TIS17_SfFniAU.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-07 23:19 . 2011-05-07 23:26 -------- d-----w- c:\users\Scott\AppData\Local\temp
    2011-05-07 23:19 . 2011-05-07 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-07 23:19 . 2011-05-07 23:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-05-05 17:38 . 2011-05-05 17:38 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-05 17:26 . 2011-04-29 17:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\program files\Lavasoft
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\programdata\Lavasoft
    2011-05-04 06:59 . 2011-05-04 06:59 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-04 06:59 . 2011-05-04 06:59 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-04 06:59 . 2011-05-04 06:59 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-04 06:59 . 2011-05-04 06:59 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-03 17:23 . 2011-05-03 17:23 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
    2011-05-03 17:22 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-03 17:22 . 2011-05-03 17:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-03 17:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-03 17:21 . 2011-05-03 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-03 17:19 . 2011-05-03 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-03 17:10 . 2011-05-03 17:10 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 18:14 . 2011-05-02 18:14 -------- d-----w- c:\users\Scott\.VirtualBox
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    2011-05-02 06:36 . 2011-05-02 06:36 -------- d-----w- c:\users\Scott\VirtualBox VMs
    2011-05-02 06:33 . 2011-05-02 06:33 -------- d-----w- c:\users\Scott\AppData\Roaming\Safer Networking
    2011-05-02 06:32 . 2011-05-02 06:32 -------- d-----w- c:\program files\Safer Networking
    2011-05-02 06:13 . 2011-05-07 18:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-02 06:13 . 2011-05-02 06:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-02 06:10 . 2011-05-07 17:11 -------- d-----w- c:\users\Scott\AppData\Roaming\uTorrent
    2011-05-02 05:46 . 2011-05-02 05:46 -------- d-----w- c:\program files\ESET
    2011-05-02 05:33 . 2011-05-07 23:26 -------- d-----w- c:\users\Scott\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-03 01:15 . 2011-03-13 22:35 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-03-17 06:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-19 05:33 . 2011-03-17 08:13 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32 . 2011-03-17 08:13 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32 . 2011-03-17 08:13 739840 ----a-w- c:\windows\system32\d2d1.dll
    2006-06-16 02:33 . 2010-02-24 03:31 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-26 00:43 . 2010-02-24 03:31 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 20:41 . 2010-02-24 03:31 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 19:10 . 2010-02-24 03:31 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 18:19 . 2010-02-24 03:31 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-11 00:35 . 2010-02-24 03:31 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 17:10 . 2010-02-24 03:31 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 17:42 . 2010-02-24 03:31 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 17:22 . 2010-02-24 03:31 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 17:21 . 2010-02-24 03:31 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
    .
    .
    ------- Sigcheck -------
    .
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    [-] 2010-02-24 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2007-08-10 21:27 598016 ----a-w- c:\windows\System32\PGPfsshl.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    "CompanionLink"="c:\program files\companionlink\companionlink.exe" [2010-03-12 15663104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 55824]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    .
    c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-2 23360040]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-23 50688]
    PGPtray.exe.lnk - c:\windows\Installer\{882025A7-7599-4989-8FCD-7604FB90D6A9}\Icon6560581611.exe [2010-2-24 55296]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-2-24 813584]
    SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
    R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-02-24 497008]
    R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-24 689416]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
    R3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\DRIVERS\WQ_ldr.sys [2007-08-05 33464]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-08 20744]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2007-08-10 97792]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-03-02 902432]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-02-24 146448]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-02 2326920]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-02-24 283152]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-02 159168]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-21 45232]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\DRIVERS\WQ_hwa.sys [2007-08-05 157752]
    S3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\DRIVERS\WQ_rci.sys [2007-08-05 75448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
    IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
    FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.triplebotch.com/
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe.bak
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
    @Denied: (2) (S-1-5-21-3998851370-4095316126-641813265-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Photo Manager 2009.v11o"
    .
    [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
    @Denied: (2) (S-1-5-21-3998851370-4095316126-641813265-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Photo Manager 2009.v11p"
    .
    [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
    @Denied: (2) (S-1-5-21-3998851370-4095316126-641813265-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Photo Manager 2009.v11pf"
    .
    [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (S-1-5-21-3998851370-4095316126-641813265-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Photo Manager 2009.xmp"
    .
    [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17931483-19A5-CE64-5523-7AA870491352}*]
    "kabnpipafjpmlphgaelmae"=hex:67,61,70,6d,65,6a,6d,69,64,6d,66,61,64,65,00,00
    "kabnpipafjpmlphgaelmld"=hex:66,61,6d,6e,6d,6a,6c,6c,69,67,6e,63,00,65
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3116)
    c:\windows\system32\PGPhk.dll
    c:\program files\SetPoint\lgscroll.dll
    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\pgpfsshl.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    c:\windows\system32\BsHelpCSps.dll
    c:\windows\system32\BlueSoleilCSps.dll
    c:\windows\system32\BsMobileCSps.dll
    c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\AUDIODG.EXE
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\STacSV.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
    c:\program files\BOINC\boinc.exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\DellTPad\HidFind.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPfsd.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-07 18:32:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-07 23:32
    .
    Pre-Run: 131,512,840,192 bytes free
    Post-Run: 131,312,160,768 bytes free
    .
    - - End Of File - - 59A6DA7B68BAB6B6054FD8CC974C388B

  4. #4
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Thanks for helping! (by the way, after running these, my system is already running better.)
    Glad to see that we got the rootkit...

    Code:
    2011/05/07 12:15:15.0447 7664 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/07 12:15:15.0603 7664 ================================================================================
    2011/05/07 12:15:15.0603 7664 Scan finished
    2011/05/07 12:15:15.0603 7664 ================================================================================
    2011/05/07 12:15:15.0649 7308 Detected object count: 1
    2011/05/07 12:15:22.0572 7308 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/07 12:15:22.0573 7308 \HardDisk1 - ok
    2011/05/07 12:15:22.0582 7308 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
    2011/05/07 12:16:47.0015 7468 Deinitialize success
    That is the reason that your computer is acting normal...You had a really bad rootkit.

    We need to give you the standard "compromised system" schpeel before we go on:
    IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read "How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"

    Although we MIGHT be able to remove the rootkit, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that IF the rootkit can be removed the computer will then be secure.

    In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

    Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Let us know how you wish to proceed.

    If you will like to continue cleaning your system...Please follow up the next set of steps:

    Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

    Update Software Optional
    Code:
    Mozilla Firefox
    Going over your logs I noticed that you are using an old version of Mozilla Firefox browser, You need to update to the latest version: 4.01

    Click on the help tab on top of your firefox page and select: "Check for Updates"

    Older versions contain holes that hackers can use to manipulate your machine.


    Please carefully follow my next set of steps:


    Step 1.
    Re-run ComboFix with some additional directives.

    Complex Malware removal is to be performed by trained personnel, as they’re capable of doing a surgical cleanup without affecting other components of the Operating System.
    :
    1. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
    2. Make sure that combofix.exe that you downloaded is on your Desktop but do NOT run it!
      o *If it is not on your Desktop, the below will not work.
    3. Go to Start -> Run... and in the "Open:" box that opens type Notepad and press Enter (alternatively, navigate to Start -> Accessories -> Notepad).
    4. Copy the entire contents inside the CODE box below into Notepad (do NOT copy the word "CODE"!) - don't use any other text editor than Notepad or the script will fail.
      Code:
      KillAll::
      
      FCopy::
      c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll
      
      
      
      RegLock::
      [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
      [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
      [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
      [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
      
      RegNull::
      [HKEY_USERS\S-1-5-21-3998851370-4095316126-641813265-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17931483-19A5-CE64-5523-7AA870491352}*]
      Looking at the image below as an example:
    5. Go to File -> Save and save as CFScript.txt in the same location as ComboFix.exe.
    6. Close all applications and windows so that you have nothing open and are at your Desktop.
    7. Drag CFScript.txt on top of ComboFix.exe. (This will start ComboFix again). Please follow the prompts.
    8. When finished, ComboFix shall produce a log for you at C:\ComboFix.txt. Please post the entire contents of that report in your next reply for further review.
      NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
      CAUTION!
      Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


    step 2.

    We should Re-run MBAM like this:

    Let's get your MalwareBytes AntiMalware updated and run a final scan:

    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab



    click Check for Updates



    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Post the report that comes up after the scan.


    Step 3.

    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The report log of MBAM
    • The report log of Combofix.
    • The TWO report logs of OTL.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer
    Last edited by Net_Surfer; 05-07-2011 at 09:35 PM.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  5. #5
    Member
    Join Date
    May 2011
    Posts
    11
    Points
    0

    Default

    ComboFix 11-05-07.01 - Scott 05/07/2011 21:55:52.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1775 [GMT -5:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    Command switches used :: c:\users\Scott\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Scott\AppData\Local\Temp\sfamcc00001.dll
    c:\users\Scott\AppData\Local\Temp\sfareca00001.dll
    c:\windows\system32\midas.dll
    c:\windows\system32\win.ini
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 03:06 . 2011-05-08 03:06 -------- d-----w- c:\windows\system32\Service
    2011-05-08 03:03 . 2011-05-08 03:07 -------- d-----w- c:\users\Scott\AppData\Local\temp
    2011-05-08 03:03 . 2011-05-08 03:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-05-08 03:03 . 2011-05-08 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-05 17:38 . 2011-05-05 17:38 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-05 17:26 . 2011-04-29 17:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\program files\Lavasoft
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\programdata\Lavasoft
    2011-05-04 06:59 . 2011-05-04 06:59 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-04 06:59 . 2011-05-04 06:59 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-04 06:59 . 2011-05-04 06:59 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-04 06:59 . 2011-05-04 06:59 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-03 17:23 . 2011-05-03 17:23 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
    2011-05-03 17:22 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-03 17:22 . 2011-05-03 17:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-03 17:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-03 17:21 . 2011-05-03 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-03 17:19 . 2011-05-03 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-03 17:10 . 2011-05-03 17:10 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 18:14 . 2011-05-02 18:14 -------- d-----w- c:\users\Scott\.VirtualBox
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    2011-05-02 06:36 . 2011-05-02 06:36 -------- d-----w- c:\users\Scott\VirtualBox VMs
    2011-05-02 06:33 . 2011-05-02 06:33 -------- d-----w- c:\users\Scott\AppData\Roaming\Safer Networking
    2011-05-02 06:32 . 2011-05-02 06:32 -------- d-----w- c:\program files\Safer Networking
    2011-05-02 06:13 . 2011-05-07 18:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-02 06:13 . 2011-05-02 06:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-02 06:10 . 2011-05-08 02:50 -------- d-----w- c:\users\Scott\AppData\Roaming\uTorrent
    2011-05-02 05:46 . 2011-05-02 05:46 -------- d-----w- c:\program files\ESET
    2011-05-02 05:33 . 2011-05-08 03:07 -------- d-----w- c:\users\Scott\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-03 01:15 . 2011-03-13 22:35 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-03-17 06:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-19 05:33 . 2011-03-17 08:13 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32 . 2011-03-17 08:13 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32 . 2011-03-17 08:13 739840 ----a-w- c:\windows\system32\d2d1.dll
    2006-06-16 02:33 . 2010-02-24 03:31 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-26 00:43 . 2010-02-24 03:31 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 20:41 . 2010-02-24 03:31 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 19:10 . 2010-02-24 03:31 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 18:19 . 2010-02-24 03:31 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-11 00:35 . 2010-02-24 03:31 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 17:10 . 2010-02-24 03:31 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 17:42 . 2010-02-24 03:31 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 17:22 . 2010-02-24 03:31 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 17:21 . 2010-02-24 03:31 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2007-08-10 21:27 598016 ----a-w- c:\windows\System32\PGPfsshl.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    "CompanionLink"="c:\program files\companionlink\companionlink.exe" [2010-03-12 15663104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 55824]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    .
    c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-2 23360040]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-23 50688]
    PGPtray.exe.lnk - c:\windows\Installer\{882025A7-7599-4989-8FCD-7604FB90D6A9}\Icon6560581611.exe [2010-2-24 55296]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-2-24 813584]
    SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
    R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-02-24 497008]
    R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-24 689416]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
    R3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\DRIVERS\WQ_ldr.sys [2007-08-05 33464]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-08 20744]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2007-08-10 97792]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-03-02 902432]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-02-24 146448]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-02 2326920]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-02-24 283152]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-02 159168]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-21 45232]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\DRIVERS\WQ_hwa.sys [2007-08-05 157752]
    S3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\DRIVERS\WQ_rci.sys [2007-08-05 75448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 15:14]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
    IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
    FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.triplebotch.com/
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(772)
    c:\windows\system32\PGPhk.dll
    c:\program files\SetPoint\lgscroll.dll
    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\pgpfsshl.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    c:\windows\system32\BsHelpCSps.dll
    c:\windows\system32\BlueSoleilCSps.dll
    c:\windows\system32\BsMobileCSps.dll
    c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\BOINC\boinc.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
    c:\windows\system32\conhost.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\PGP Corporation\PGP Desktop\PGPfsd.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\programdata\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-07 22:13:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-08 03:13
    ComboFix2.txt 2011-05-07 23:32
    .
    Pre-Run: 121,387,806,720 bytes free
    Post-Run: 121,294,725,120 bytes free
    .
    - - End Of File - - 341DF882DD945D500AD1B8EB19BA343E






    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6529

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/7/2011 10:30:23 PM
    mbam-log-2011-05-07 (22-30-23).txt

    Scan type: Quick scan
    Objects scanned: 168890
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)






    OTL Log (Sorry, I forgot to check Minimal Output, this is Standard Output)


    OTL logfile created on: 5/7/2011 10:33:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 266.01 Gb Total Space | 113.04 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 1.29 Gb Free Space | 21.33% Space Free | Partition Type: FAT32
    Drive E: | 292.01 Gb Total Space | 40.40 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
    Drive F: | 32.03 Gb Total Space | 26.61 Gb Free Space | 83.08% Space Free | Partition Type: NTFS

    Computer Name: SHADOWOLF | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    PRC - [2011/05/02 12:48:16 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/05/02 10:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/12/29 02:52:49 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    PRC - [2010/03/30 00:23:05 | 008,419,840 | ---- | M] () -- C:\ProgramData\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
    PRC - [2010/03/12 15:17:20 | 015,663,104 | ---- | M] (CompanionLink Software, Inc.) -- C:\Program Files\CompanionLink\CompanionLink.exe
    PRC - [2010/03/02 09:55:14 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2010/02/24 00:07:47 | 002,490,880 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
    PRC - [2009/11/25 08:24:14 | 004,009,592 | ---- | M] (Almico Software (Almico's Home Page)) -- C:\Program Files\SpeedFan\speedfan.exe
    PRC - [2009/11/06 17:58:02 | 004,793,088 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
    PRC - [2009/11/06 17:58:02 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
    PRC - [2009/11/06 17:58:00 | 000,783,104 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/23 20:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/06/18 11:32:26 | 019,121,072 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    PRC - [2009/05/26 18:49:12 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
    PRC - [2009/05/22 13:33:00 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2009/02/27 18:04:38 | 000,850,432 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    PRC - [2009/02/27 18:04:34 | 000,278,016 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    PRC - [2009/02/27 17:42:20 | 000,098,407 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    PRC - [2009/02/27 17:40:48 | 000,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/08/10 16:27:44 | 000,315,392 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe
    PRC - [2007/08/10 16:21:56 | 000,092,672 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe
    PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/06/07 12:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/05/21 09:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/06/10 16:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
    MOD - [2009/05/26 18:47:28 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\lgscroll.dll
    MOD - [2008/02/22 17:55:54 | 000,103,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2007/08/10 16:20:02 | 000,043,520 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPhk.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/02 10:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/11/08 11:40:56 | 000,715,440 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
    SRV - [2010/03/02 09:55:14 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/02/24 16:07:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/23 20:16:09 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/23 19:27:43 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
    SRV - [2010/02/23 19:27:43 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
    SRV - [2010/02/23 19:27:43 | 000,345,352 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2009/10/23 20:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/02/27 18:04:38 | 000,850,432 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
    SRV - [2009/02/27 17:42:20 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
    SRV - [2009/02/27 17:40:48 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
    SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/08/10 16:21:56 | 000,092,672 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)
    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/07/30 12:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
    DRV - [2010/07/30 12:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
    DRV - [2010/07/30 12:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
    DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/02 09:55:16 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/03/02 09:55:12 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
    DRV - [2010/03/02 09:55:11 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/03/02 09:54:55 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/02/26 12:45:25 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV - [2010/02/26 12:45:24 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2010/02/26 12:45:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2010/02/26 12:45:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2010/02/23 19:27:43 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
    DRV - [2010/02/23 19:27:43 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
    DRV - [2010/02/23 19:27:43 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2010/02/23 18:27:38 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/11/20 21:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/10/21 02:04:34 | 000,045,232 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\DKRtWrt.sys -- (DKRtWrt)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/04/22 18:13:36 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/04/22 18:13:28 | 000,035,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/01/08 03:20:04 | 000,031,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
    DRV - [2009/01/08 00:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
    DRV - [2009/01/03 17:40:12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2008/12/22 14:18:58 | 000,017,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
    DRV - [2008/12/09 16:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2008/12/07 13:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
    DRV - [2008/11/25 16:23:38 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2008/11/25 16:23:30 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
    DRV - [2008/07/02 15:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV - [2008/01/21 20:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
    DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/08/10 16:21:44 | 000,224,256 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
    DRV - [2007/08/10 16:21:28 | 000,097,792 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs)
    DRV - [2007/08/10 16:21:20 | 000,033,792 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
    DRV - [2007/08/10 16:21:04 | 000,168,960 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
    DRV - [2007/08/04 19:45:48 | 000,075,448 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WQ_rci.sys -- (WQ_USBRCI)
    DRV - [2007/08/04 19:45:44 | 000,157,752 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WQ_hwa.sys -- (WQ_USBHWA)
    DRV - [2007/08/04 19:45:44 | 000,033,464 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WQ_ldr.sys -- (WQ_USBLOAD)
    DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/22 14:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
    DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
    DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 A3 C0 16 84 08 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.triplebotch.com/"
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
    FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
    FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/04 21:03:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 01:59:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/04 01:59:33 | 000,000,000 | ---D | M]

    [2010/02/23 21:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
    [2011/05/07 20:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions
    [2011/05/02 13:31:29 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2011/05/02 13:31:29 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2011/05/03 00:37:25 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
    [2010/02/23 21:57:17 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2011/05/02 13:31:24 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2011/05/02 13:31:23 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2011/05/03 00:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/05/02 13:31:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/05/02 13:31:38 | 000,000,000 | ---D | M] (شريط أدوات فيس بوك) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\firefox@facebook.com
    [2011/05/02 12:51:19 | 000,000,675 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\searchplugins\dd-wiki-en.xml
    [2011/05/03 12:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/24 12:09:55 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
    [2010/05/02 13:19:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    File not found (No name found) --
    () (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DON5C7D.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    () (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DON5C7D.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
    [2011/05/04 01:59:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/05/04 01:59:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/05/07 22:06:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4 - HKCU..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
    O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
    O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - State: "startup" - 0
    MsConfig - State: "services" - 0


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/07 22:31:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/05/07 22:13:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/07 22:11:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/07 22:06:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Service
    [2011/05/07 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
    [2011/05/07 21:54:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/07 16:26:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/07 16:26:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/07 16:26:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/07 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/07 16:24:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/07 12:07:21 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\tdsskiller.exe
    [2011/05/05 12:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
    [2011/05/05 12:38:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/05/05 12:26:47 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/05/05 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/05/05 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/05/05 12:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/05/03 12:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/05/03 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes
    [2011/05/03 12:22:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/03 12:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/03 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/03 12:21:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/03 12:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/03 12:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/05/03 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    [2011/05/03 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/05/03 12:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/05/03 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/05/03 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/05/02 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\.VirtualBox
    [2011/05/02 12:53:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\New folder (2)
    [2011/05/02 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AllToAVI
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    [2011/05/02 01:36:02 | 000,000,000 | ---D | C] -- C:\Users\Scott\VirtualBox VMs
    [2011/05/02 01:33:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Safer Networking
    [2011/05/02 01:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
    [2011/05/02 01:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
    [2011/05/02 01:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/02 01:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/05/02 01:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/05/02 01:10:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\uTorrent
    [2011/05/02 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/02 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2011/05/02 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2011/05/02 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\QuickenOld

    ========== Files - Modified Within 30 Days ==========

    [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/05/07 22:08:35 | 000,006,510 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
    [2011/05/07 22:08:35 | 000,001,083 | ---- | M] () -- C:\Windows\System32\bscs.ini
    [2011/05/07 22:06:47 | 000,000,101 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
    [2011/05/07 22:06:29 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/05/07 22:06:17 | 000,000,452 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/05/07 22:06:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/07 22:05:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/07 22:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/07 22:04:58 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/07 21:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    [2011/05/07 21:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/07 18:30:15 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/07 18:30:15 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/07 17:43:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2011/05/07 17:43:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2011/05/07 16:40:40 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/07 16:40:40 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/07 16:25:51 | 004,343,224 | R--- | M] () -- C:\Users\Scott\Desktop\ComboFix.exe
    [2011/05/07 13:22:26 | 000,000,272 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
    [2011/05/07 12:07:33 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\tdsskiller.exe
    [2011/05/07 12:07:18 | 000,294,400 | ---- | M] () -- C:\Users\Scott\Desktop\exeHelper.com
    [2011/05/07 01:54:27 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    [2011/05/06 19:50:14 | 000,002,398 | ---- | M] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
    [2011/05/06 14:02:17 | 000,000,680 | ---- | M] () -- C:\Users\Scott\Desktop\PortableRoboForm.exe - Shortcut.lnk
    [2011/05/05 12:39:36 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\GoodSync.lnk
    [2011/05/05 12:38:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/05/05 12:26:54 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/05/04 02:31:12 | 000,001,998 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/05/03 12:22:29 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 12:20:09 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/05/03 12:10:58 | 000,002,963 | ---- | M] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
    [2011/05/02 21:14:00 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
    [2011/05/02 20:15:56 | 002,468,632 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
    [2011/05/02 13:03:44 | 000,151,762 | ---- | M] () -- C:\Users\Scott\Documents\Wisconsin Birth Certificate Application.pdf
    [2011/05/02 13:03:34 | 000,166,480 | ---- | M] () -- C:\Users\Scott\Documents\viewStatemen2t.pdf
    [2011/05/02 13:03:25 | 000,149,504 | ---- | M] () -- C:\Users\Scott\Documents\TransUnion.pdf
    [2011/05/02 13:03:24 | 000,016,515 | ---- | M] () -- C:\Users\Scott\Documents\Signature2_Page_2.jpg
    [2011/05/02 13:03:24 | 000,008,628 | ---- | M] () -- C:\Users\Scott\Documents\Signature.pdf
    [2011/05/02 13:03:24 | 000,006,354 | ---- | M] () -- C:\Users\Scott\Documents\Signature.jpg
    [2011/05/02 13:03:06 | 000,139,264 | ---- | M] () -- C:\Users\Scott\Documents\Scott's Dream Diary.lok
    [2011/05/02 13:03:06 | 000,021,454 | ---- | M] () -- C:\Users\Scott\Documents\Scott E. Falk.asc
    [2011/05/02 13:03:03 | 000,036,782 | ---- | M] () -- C:\Users\Scott\Documents\Savings Account Transaction Register.html
    [2011/05/02 13:02:39 | 000,073,641 | ---- | M] () -- C:\Users\Scott\Documents\Print Listing.pdf
    [2011/05/02 13:02:39 | 000,016,640 | ---- | M] () -- C:\Users\Scott\Documents\Pre-2009 Documents of Scott Eric Falk.pfl
    [2011/05/02 13:02:39 | 000,000,232 | ---- | M] () -- C:\Users\Scott\Documents\Play With Kristina.puz
    [2011/05/02 13:02:37 | 000,024,222 | ---- | M] () -- C:\Users\Scott\Documents\Patriot_reb_83709_022805.pdf
    [2011/05/02 13:01:46 | 001,513,834 | ---- | M] () -- C:\Users\Scott\Documents\mskc_poster.pdf
    [2011/05/02 13:01:43 | 009,277,440 | ---- | M] () -- C:\Users\Scott\Documents\Movie Audio and Book Library.mdb
    [2011/05/02 13:01:39 | 000,667,220 | ---- | M] () -- C:\Users\Scott\Documents\Microtek Scanner Direct Scan Controller.mdi
    [2011/05/02 13:01:39 | 000,033,160 | ---- | M] () -- C:\Users\Scott\Documents\Melaleuca Mortgage Application.pdf
    [2011/05/02 13:01:34 | 000,002,032 | ---- | M] () -- C:\Users\Scott\Documents\Itunes fix.reg
    [2011/05/02 13:01:33 | 004,727,883 | ---- | M] () -- C:\Users\Scott\Documents\HPIPAQRX3115.pdf
    [2011/05/02 13:01:33 | 000,020,685 | ---- | M] () -- C:\Users\Scott\Documents\invoice.pdf
    [2011/05/02 13:01:28 | 000,908,524 | ---- | M] () -- C:\Users\Scott\Documents\FSX Keyboard Commands Pamphlet.pdf
    [2011/05/02 12:59:05 | 000,097,620 | ---- | M] () -- C:\Users\Scott\Documents\Equifax FACT Act.pdf
    [2011/05/02 12:59:05 | 000,050,053 | ---- | M] () -- C:\Users\Scott\Documents\enq.pdf
    [2011/05/02 12:59:04 | 003,756,072 | ---- | M] () -- C:\Users\Scott\Documents\EcoSense08_US.pdf
    [2011/05/02 12:58:59 | 006,742,187 | ---- | M] () -- C:\Users\Scott\Documents\dir625_manual_101.pdf
    [2011/05/02 12:58:59 | 000,021,664 | ---- | M] () -- C:\Users\Scott\Documents\Documents of Scott Eric Falk.pfl
    [2011/05/02 12:58:58 | 000,002,034 | -H-- | M] () -- C:\Users\Scott\Documents\Default.rdp
    [2011/05/02 12:58:57 | 000,205,598 | ---- | M] () -- C:\Users\Scott\Documents\cc_20100905_191131.reg
    [2011/05/02 12:58:57 | 000,057,828 | ---- | M] () -- C:\Users\Scott\Documents\Creativity_Pack_ReadMe.htm
    [2011/05/02 12:58:47 | 002,899,742 | ---- | M] () -- C:\Users\Scott\Documents\1999-GMC-Sonoma.pdf
    [2011/05/02 12:58:46 | 635,040,046 | ---- | M] () -- C:\Users\Scott\Desktop\sleep60.wav
    [2011/05/02 12:57:10 | 317,520,046 | ---- | M] () -- C:\Users\Scott\Desktop\sleep30.wav
    [2011/05/02 12:56:33 | 000,013,021 | ---- | M] () -- C:\Users\Scott\Desktop\haha2.jpg
    [2011/05/02 12:56:32 | 000,175,734 | ---- | M] () -- C:\Users\Scott\Desktop\haha.jpg
    [2011/05/02 12:51:49 | 000,002,053 | ---- | M] () -- C:\Users\Scott\Desktop\TVersity.lnk
    [2011/05/02 12:51:49 | 000,001,823 | ---- | M] () -- C:\Users\Scott\Desktop\Rosetta Stone.lnk
    [2011/05/02 12:51:49 | 000,000,939 | ---- | M] () -- C:\Users\Scott\Desktop\Wildcat! Navigator.lnk
    [2011/05/02 12:51:49 | 000,000,821 | ---- | M] () -- C:\Users\Scott\Desktop\RPTools - Shortcut.lnk
    [2011/05/02 12:51:48 | 002,009,430 | ---- | M] () -- C:\Users\Scott\Desktop\MAN3550B_RFX9100-9400_MAN.pdf
    [2011/05/02 12:51:48 | 000,002,358 | ---- | M] () -- C:\Users\Scott\Desktop\Movie Audio and Book Library.mdb - Shortcut.lnk
    [2011/05/02 12:51:48 | 000,000,665 | ---- | M] () -- C:\Users\Scott\Desktop\RPG PDF's - Shortcut.lnk
    [2011/05/02 12:51:48 | 000,000,073 | ---- | M] () -- C:\Users\Scott\Desktop\Might and Magic Heroes Kingdoms - The Gathered Archers.URL
    [2011/05/02 12:51:47 | 000,001,644 | ---- | M] () -- C:\Users\Scott\Desktop\Firefox Sync Key.html
    [2011/05/02 12:51:47 | 000,000,086 | ---- | M] () -- C:\Users\Scott\Desktop\Dynamic Drive DHTML Scripts- PHP Photo Album script v2.0.URL
    [2011/05/02 12:51:46 | 000,081,678 | ---- | M] () -- C:\Users\Scott\Desktop\C-5(R307) - Copy.pdf
    [2011/05/02 12:51:46 | 000,068,590 | ---- | M] () -- C:\Users\Scott\Desktop\20100716124528061.pdf
    [2011/05/02 12:51:46 | 000,001,398 | ---- | M] () -- C:\Users\Scott\Desktop\Bluetooth Advanced Audio.lnk
    [2011/05/02 12:51:33 | 000,000,012 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\userdic.tlx
    [2011/05/02 12:49:32 | 000,000,897 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
    [2011/05/02 12:49:32 | 000,000,272 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/05/02 12:49:31 | 000,002,663 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2011/05/02 12:49:31 | 000,002,565 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
    [2011/05/02 12:49:31 | 000,001,367 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/02 12:49:31 | 000,001,063 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2011/05/02 12:49:31 | 000,000,290 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/05/02 12:48:11 | 000,000,141 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\default.pls
    [2011/05/02 12:27:08 | 000,000,036 | ---- | M] () -- C:\Users\Scott\AppData\Local\housecall.guid.cache
    [2011/05/02 12:26:43 | 000,008,704 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/02 12:24:18 | 000,001,024 | ---- | M] () -- C:\Users\Scott\.rnd
    [2011/05/02 01:13:34 | 000,001,176 | ---- | M] () -- C:\Users\Scott\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/02 00:35:19 | 000,001,040 | ---- | M] () -- C:\Users\Scott\Desktop\Dropbox.lnk
    [2011/05/02 00:34:07 | 000,001,020 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

    ========== Files Created - No Company Name ==========

    [2011/05/07 22:06:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/05/07 17:43:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/05/07 17:43:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011/05/07 16:26:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/07 16:26:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/07 16:26:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/07 16:26:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/07 16:26:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/07 12:08:36 | 004,343,224 | R--- | C] () -- C:\Users\Scott\Desktop\ComboFix.exe
    [2011/05/07 12:07:14 | 000,294,400 | ---- | C] () -- C:\Users\Scott\Desktop\exeHelper.com
    [2011/05/06 14:02:17 | 000,000,680 | ---- | C] () -- C:\Users\Scott\Desktop\PortableRoboForm.exe - Shortcut.lnk
    [2011/05/05 12:39:36 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\GoodSync.lnk
    [2011/05/05 12:26:54 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/05/04 01:59:35 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/03 12:22:29 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 12:20:09 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/05/03 12:10:58 | 000,002,963 | ---- | C] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
    [2011/05/03 01:44:56 | 000,002,398 | ---- | C] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
    [2011/05/03 01:43:36 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    [2011/05/03 01:43:36 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    [2011/05/02 12:57:10 | 635,040,046 | ---- | C] () -- C:\Users\Scott\Desktop\sleep60.wav
    [2011/05/02 12:56:33 | 317,520,046 | ---- | C] () -- C:\Users\Scott\Desktop\sleep30.wav
    [2011/05/02 12:56:32 | 000,175,734 | ---- | C] () -- C:\Users\Scott\Desktop\haha.jpg
    [2011/05/02 12:56:32 | 000,013,021 | ---- | C] () -- C:\Users\Scott\Desktop\haha2.jpg
    [2011/05/02 12:51:46 | 000,081,678 | ---- | C] () -- C:\Users\Scott\Desktop\C-5(R307) - Copy.pdf
    [2011/05/02 12:50:17 | 000,001,373 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/05/02 01:13:34 | 000,001,176 | ---- | C] () -- C:\Users\Scott\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/02 00:35:19 | 000,001,040 | ---- | C] () -- C:\Users\Scott\Desktop\Dropbox.lnk
    [2011/05/02 00:34:07 | 000,001,020 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/05/10 17:54:39 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
    [2010/04/17 14:03:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/03/24 14:28:08 | 000,000,036 | ---- | C] () -- C:\Users\Scott\AppData\Local\housecall.guid.cache
    [2010/03/18 19:27:35 | 000,000,073 | ---- | C] () -- C:\Windows\WCGUI.INI
    [2010/03/13 13:45:16 | 000,000,122 | ---- | C] () -- C:\Windows\WHO.INI
    [2010/03/12 19:39:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/03/05 09:51:18 | 000,008,704 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/03 14:11:29 | 000,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2010/02/25 23:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
    [2010/02/25 15:26:02 | 000,000,452 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/02/25 10:32:04 | 000,000,141 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\default.pls
    [2010/02/25 10:31:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/02/24 18:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/02/24 14:48:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2010/02/24 13:29:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010/02/24 12:18:36 | 000,001,370 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
    [2010/02/24 12:13:07 | 000,000,272 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
    [2010/02/24 12:10:57 | 000,006,510 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
    [2010/02/24 12:10:56 | 000,000,101 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
    [2010/02/24 12:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
    [2010/02/23 23:13:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI
    [2010/02/23 23:03:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/02/23 22:31:57 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2010/02/23 21:46:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/02/23 21:43:40 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/02/23 21:43:40 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,414,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,618,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,104,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 18:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
    [2009/06/15 10:38:54 | 000,000,129 | ---- | C] () -- C:\Windows\System32\GamesConfiguration.ini
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/02/27 18:04:46 | 000,001,083 | ---- | C] () -- C:\Windows\System32\bscs.ini
    [2009/02/27 17:45:16 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
    [2009/02/27 17:44:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
    [2009/02/27 17:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
    [2009/02/27 17:44:10 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
    [2009/02/27 17:41:38 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
    [2009/02/27 17:41:02 | 000,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
    [2009/02/27 17:40:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
    [2008/12/07 13:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
    [2008/10/22 16:30:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
    [2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\userdic.tlx
    [2008/03/07 14:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
    [2007/08/10 16:29:12 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
    [2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2010/02/24 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ACD Systems
    [2010/02/24 13:49:17 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Acronis
    [2010/02/26 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AutoSync for Yahoo
    [2010/02/24 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Canon
    [2010/02/26 00:38:19 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\CompanionLink
    [2011/05/07 22:07:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2010/03/31 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GARMIN
    [2011/05/06 00:02:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GoodSync
    [2011/05/02 13:32:55 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\iolo
    [2011/05/07 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MailWasherPro
    [2011/05/02 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mp3tag
    [2010/04/14 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Musicmatch
    [2010/02/24 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PGP Corporation
    [2010/02/23 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Quicken WillMaker
    [2011/05/02 01:33:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Safer Networking
    [2010/02/26 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Smith Micro
    [2011/05/07 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\uTorrent
    [2011/05/07 22:06:29 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011/03/17 01:27:13 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2010/04/19 13:11:58 | 000,013,505 | ---- | M] () -- C:\fl.exe


    < MD5 for: AGP440.SYS >
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
    [2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
    [2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
    [2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
    [2009/07/13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
    [2009/07/13 20:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >





    Extras log

    OTL Extras logfile created on: 5/7/2011 10:33:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 266.01 Gb Total Space | 113.04 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 1.29 Gb Free Space | 21.33% Space Free | Partition Type: FAT32
    Drive E: | 292.01 Gb Total Space | 40.40 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
    Drive F: | 32.03 Gb Total Space | 26.61 Gb Free Space | 83.08% Space Free | Partition Type: NTFS

    Computer Name: SHADOWOLF | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20ACA1B0-8043-11D4-AEB1-00C04F590412}" = MapSource
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
    "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4C8EA3DB-0851-4676-8A67-C4BB71BD743F}" = Garmin BlueChart Americas v9.5
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
    "{519529EB-BCE3-417E-9637-09A075545D51}" = CompanionLink
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
    "{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = Dell WUSB
    "{882025A7-7599-4989-8FCD-7604FB90D6A9}" = PGP Desktop
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8D015A2F-4D85-419E-8E1D-93B0C246D491}" = Diskeeper 2010 Pro Premier
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
    "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5ED1586-DF14-4A2E-A5D8-6E50708CC7AA}" = SecureNetTerm
    "{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
    "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "AMIP_iTunes" = AMIP for iTunes (remove only)
    "AMIPConfigurator" = AMIPConfigurator (remove only)
    "BioWIN_is1" = BioWIN 5.11
    "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "DELL Webcam Center" = DELL Webcam Center
    "DELL Webcam Manager" = DELL Webcam Manager
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Family Tree Maker 2009" = Family Tree Maker 2009
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "MailWasher Pro_is1" = MailWasher Pro
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "Mp3tag" = Mp3tag v2.46a
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PowerISO" = PowerISO
    "Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
    "RealPlayer 12.0" = RealPlayer
    "SpeedFan" = SpeedFan (remove only)
    "SUPER " = SUPER Version 2010.bld.37 (Jan 2, 2010)
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.3
    "uTorrent" = Torrent
    "Wildcat! Navigator_is1" = Wildcat! Navigator
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "xReminder Pro_is1" = xReminder Pro
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Advanced PDF Password Recovery" = Advanced PDF Password Recovery
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "uTorrent" = Torrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/7/2011 1:19:06 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 1:49:56 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 2:08:04 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 3:44:13 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 5:41:48 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 6:29:41 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 6:40:36 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 7:23:28 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 7:37:19 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 11:05:39 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ OSession Events ]
    Error - 2/24/2010 3:48:34 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 167
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 2/24/2010 4:07:56 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 421
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 2/25/2010 11:06:47 AM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47519
    seconds with 1920 seconds of active time. This session ended with a crash.

    Error - 3/4/2010 5:58:22 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94844
    seconds with 3840 seconds of active time. This session ended with a crash.

    Error - 3/18/2010 4:00:58 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141572
    seconds with 7800 seconds of active time. This session ended with a crash.

    Error - 3/24/2010 5:04:21 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102103
    seconds with 2100 seconds of active time. This session ended with a crash.

    Error - 4/22/2010 12:15:08 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3771
    seconds with 2280 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/2/2011 5:18:25 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =

    Error - 5/2/2011 10:15:25 PM | Computer Name = Shadowolf | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:11:23 PM on ?5/?2/?2011 was unexpected.

    Error - 5/2/2011 10:15:29 PM | Computer Name = Shadowolf | Source = BugCheck | ID = 1001
    Description =

    Error - 5/2/2011 10:17:35 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHelp20

    Error - 5/2/2011 10:18:34 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Defender service to connect.

    Error - 5/2/2011 10:18:41 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7000
    Description = The Windows Defender service failed to start due to the following
    error: %%1053

    Error - 5/3/2011 1:20:41 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =

    Error - 5/3/2011 1:53:36 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10010
    Description =

    Error - 5/3/2011 1:57:02 AM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHelp20

    Error - 5/3/2011 2:01:43 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =


    < End of report >

  6. #6
    Member
    Join Date
    May 2011
    Posts
    11
    Points
    0

    Default

    ComboFix 11-05-07.01 - Scott 05/07/2011 21:55:52.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1775 [GMT -5:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    Command switches used :: c:\users\Scott\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Scott\AppData\Local\Temp\sfamcc00001.dll
    c:\users\Scott\AppData\Local\Temp\sfareca00001.dll
    c:\windows\system32\midas.dll
    c:\windows\system32\win.ini
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 03:06 . 2011-05-08 03:06 -------- d-----w- c:\windows\system32\Service
    2011-05-08 03:03 . 2011-05-08 03:07 -------- d-----w- c:\users\Scott\AppData\Local\temp
    2011-05-08 03:03 . 2011-05-08 03:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-05-08 03:03 . 2011-05-08 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-05 17:38 . 2011-05-05 17:38 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-05 17:26 . 2011-04-29 17:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\program files\Lavasoft
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\programdata\Lavasoft
    2011-05-04 06:59 . 2011-05-04 06:59 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-04 06:59 . 2011-05-04 06:59 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-04 06:59 . 2011-05-04 06:59 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-04 06:59 . 2011-05-04 06:59 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-03 17:23 . 2011-05-03 17:23 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
    2011-05-03 17:22 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-03 17:22 . 2011-05-03 17:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-03 17:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-03 17:21 . 2011-05-03 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-03 17:19 . 2011-05-03 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-03 17:10 . 2011-05-03 17:10 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 18:14 . 2011-05-02 18:14 -------- d-----w- c:\users\Scott\.VirtualBox
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    2011-05-02 06:36 . 2011-05-02 06:36 -------- d-----w- c:\users\Scott\VirtualBox VMs
    2011-05-02 06:33 . 2011-05-02 06:33 -------- d-----w- c:\users\Scott\AppData\Roaming\Safer Networking
    2011-05-02 06:32 . 2011-05-02 06:32 -------- d-----w- c:\program files\Safer Networking
    2011-05-02 06:13 . 2011-05-07 18:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-02 06:13 . 2011-05-02 06:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-02 06:10 . 2011-05-08 02:50 -------- d-----w- c:\users\Scott\AppData\Roaming\uTorrent
    2011-05-02 05:46 . 2011-05-02 05:46 -------- d-----w- c:\program files\ESET
    2011-05-02 05:33 . 2011-05-08 03:07 -------- d-----w- c:\users\Scott\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-03 01:15 . 2011-03-13 22:35 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-03-17 06:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-19 05:33 . 2011-03-17 08:13 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32 . 2011-03-17 08:13 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32 . 2011-03-17 08:13 739840 ----a-w- c:\windows\system32\d2d1.dll
    2006-06-16 02:33 . 2010-02-24 03:31 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-26 00:43 . 2010-02-24 03:31 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 20:41 . 2010-02-24 03:31 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 19:10 . 2010-02-24 03:31 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 18:19 . 2010-02-24 03:31 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-11 00:35 . 2010-02-24 03:31 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 17:10 . 2010-02-24 03:31 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 17:42 . 2010-02-24 03:31 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 17:22 . 2010-02-24 03:31 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 17:21 . 2010-02-24 03:31 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2007-08-10 21:27 598016 ----a-w- c:\windows\System32\PGPfsshl.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    "CompanionLink"="c:\program files\companionlink\companionlink.exe" [2010-03-12 15663104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 55824]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    .
    c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-2 23360040]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-23 50688]
    PGPtray.exe.lnk - c:\windows\Installer\{882025A7-7599-4989-8FCD-7604FB90D6A9}\Icon6560581611.exe [2010-2-24 55296]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-2-24 813584]
    SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
    R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-02-24 497008]
    R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-24 689416]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
    R3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\DRIVERS\WQ_ldr.sys [2007-08-05 33464]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-08 20744]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2007-08-10 97792]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-03-02 902432]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-02-24 146448]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-02 2326920]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-02-24 283152]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-02 159168]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-21 45232]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\DRIVERS\WQ_hwa.sys [2007-08-05 157752]
    S3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\DRIVERS\WQ_rci.sys [2007-08-05 75448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 15:14]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
    IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
    FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.triplebotch.com/
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(772)
    c:\windows\system32\PGPhk.dll
    c:\program files\SetPoint\lgscroll.dll
    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\pgpfsshl.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    c:\windows\system32\BsHelpCSps.dll
    c:\windows\system32\BlueSoleilCSps.dll
    c:\windows\system32\BsMobileCSps.dll
    c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\BOINC\boinc.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
    c:\windows\system32\conhost.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\PGP Corporation\PGP Desktop\PGPfsd.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\programdata\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-07 22:13:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-08 03:13
    ComboFix2.txt 2011-05-07 23:32
    .
    Pre-Run: 121,387,806,720 bytes free
    Post-Run: 121,294,725,120 bytes free
    .
    - - End Of File - - 341DF882DD945D500AD1B8EB19BA343E






    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6529

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/7/2011 10:30:23 PM
    mbam-log-2011-05-07 (22-30-23).txt

    Scan type: Quick scan
    Objects scanned: 168890
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)






    OTL Log (Sorry, I forgot to check Minimal Output, this is Standard Output)


    OTL logfile created on: 5/7/2011 10:33:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 266.01 Gb Total Space | 113.04 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 1.29 Gb Free Space | 21.33% Space Free | Partition Type: FAT32
    Drive E: | 292.01 Gb Total Space | 40.40 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
    Drive F: | 32.03 Gb Total Space | 26.61 Gb Free Space | 83.08% Space Free | Partition Type: NTFS

    Computer Name: SHADOWOLF | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    PRC - [2011/05/02 12:48:16 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/05/02 10:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/12/29 02:52:49 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    PRC - [2010/03/30 00:23:05 | 008,419,840 | ---- | M] () -- C:\ProgramData\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
    PRC - [2010/03/12 15:17:20 | 015,663,104 | ---- | M] (CompanionLink Software, Inc.) -- C:\Program Files\CompanionLink\CompanionLink.exe
    PRC - [2010/03/02 09:55:14 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2010/02/24 00:07:47 | 002,490,880 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
    PRC - [2009/11/25 08:24:14 | 004,009,592 | ---- | M] (Almico Software (Almico's Home Page)) -- C:\Program Files\SpeedFan\speedfan.exe
    PRC - [2009/11/06 17:58:02 | 004,793,088 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
    PRC - [2009/11/06 17:58:02 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
    PRC - [2009/11/06 17:58:00 | 000,783,104 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/23 20:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/06/18 11:32:26 | 019,121,072 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    PRC - [2009/05/26 18:49:12 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
    PRC - [2009/05/22 13:33:00 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2009/02/27 18:04:38 | 000,850,432 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    PRC - [2009/02/27 18:04:34 | 000,278,016 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    PRC - [2009/02/27 17:42:20 | 000,098,407 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    PRC - [2009/02/27 17:40:48 | 000,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/08/10 16:27:44 | 000,315,392 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe
    PRC - [2007/08/10 16:21:56 | 000,092,672 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe
    PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/06/07 12:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/05/21 09:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/06/10 16:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
    MOD - [2009/05/26 18:47:28 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\lgscroll.dll
    MOD - [2008/02/22 17:55:54 | 000,103,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2007/08/10 16:20:02 | 000,043,520 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPhk.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/02 10:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/11/08 11:40:56 | 000,715,440 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
    SRV - [2010/03/02 09:55:14 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/02/24 16:07:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/23 20:16:09 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/23 19:27:43 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
    SRV - [2010/02/23 19:27:43 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
    SRV - [2010/02/23 19:27:43 | 000,345,352 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2009/10/23 20:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/02/27 18:04:38 | 000,850,432 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
    SRV - [2009/02/27 17:42:20 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
    SRV - [2009/02/27 17:40:48 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
    SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/08/10 16:21:56 | 000,092,672 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)
    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/07/30 12:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
    DRV - [2010/07/30 12:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
    DRV - [2010/07/30 12:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
    DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/02 09:55:16 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/03/02 09:55:12 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
    DRV - [2010/03/02 09:55:11 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/03/02 09:54:55 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/02/26 12:45:25 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV - [2010/02/26 12:45:24 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2010/02/26 12:45:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2010/02/26 12:45:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2010/02/23 19:27:43 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
    DRV - [2010/02/23 19:27:43 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
    DRV - [2010/02/23 19:27:43 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2010/02/23 18:27:38 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/11/20 21:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/10/21 02:04:34 | 000,045,232 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\DKRtWrt.sys -- (DKRtWrt)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/04/22 18:13:36 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/04/22 18:13:28 | 000,035,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/01/08 03:20:04 | 000,031,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
    DRV - [2009/01/08 00:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
    DRV - [2009/01/03 17:40:12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2008/12/22 14:18:58 | 000,017,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
    DRV - [2008/12/09 16:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2008/12/07 13:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
    DRV - [2008/11/25 16:23:38 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2008/11/25 16:23:30 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
    DRV - [2008/07/02 15:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV - [2008/01/21 20:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
    DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/08/10 16:21:44 | 000,224,256 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
    DRV - [2007/08/10 16:21:28 | 000,097,792 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs)
    DRV - [2007/08/10 16:21:20 | 000,033,792 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
    DRV - [2007/08/10 16:21:04 | 000,168,960 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
    DRV - [2007/08/04 19:45:48 | 000,075,448 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WQ_rci.sys -- (WQ_USBRCI)
    DRV - [2007/08/04 19:45:44 | 000,157,752 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WQ_hwa.sys -- (WQ_USBHWA)
    DRV - [2007/08/04 19:45:44 | 000,033,464 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WQ_ldr.sys -- (WQ_USBLOAD)
    DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/22 14:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
    DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
    DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 A3 C0 16 84 08 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.triplebotch.com/"
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
    FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
    FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/04 21:03:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 01:59:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/04 01:59:33 | 000,000,000 | ---D | M]

    [2010/02/23 21:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
    [2011/05/07 20:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions
    [2011/05/02 13:31:29 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2011/05/02 13:31:29 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2011/05/03 00:37:25 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
    [2010/02/23 21:57:17 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2011/05/02 13:31:24 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2011/05/02 13:31:23 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2011/05/03 00:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/05/02 13:31:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/05/02 13:31:38 | 000,000,000 | ---D | M] (شرŠط أدˆات فŠس بˆƒ) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\firefox@facebook.com
    [2011/05/02 12:51:19 | 000,000,675 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\searchplugins\dd-wiki-en.xml
    [2011/05/03 12:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/24 12:09:55 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
    [2010/05/02 13:19:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    File not found (No name found) --
    () (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DON5C7D.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    () (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DON5C7D.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
    [2011/05/04 01:59:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/05/04 01:59:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/05/07 22:06:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4 - HKCU..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
    O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
    O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - State: "startup" - 0
    MsConfig - State: "services" - 0


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/07 22:31:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/05/07 22:13:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/07 22:11:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/07 22:06:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Service
    [2011/05/07 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
    [2011/05/07 21:54:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/07 16:26:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/07 16:26:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/07 16:26:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/07 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/07 16:24:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/07 12:07:21 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\tdsskiller.exe
    [2011/05/05 12:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
    [2011/05/05 12:38:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/05/05 12:26:47 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/05/05 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/05/05 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/05/05 12:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/05/03 12:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/05/03 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes
    [2011/05/03 12:22:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/03 12:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/03 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/03 12:21:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/03 12:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/03 12:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/05/03 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    [2011/05/03 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/05/03 12:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/05/03 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/05/03 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/05/02 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\.VirtualBox
    [2011/05/02 12:53:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\New folder (2)
    [2011/05/02 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AllToAVI
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    [2011/05/02 01:36:02 | 000,000,000 | ---D | C] -- C:\Users\Scott\VirtualBox VMs
    [2011/05/02 01:33:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Safer Networking
    [2011/05/02 01:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
    [2011/05/02 01:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
    [2011/05/02 01:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/02 01:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/05/02 01:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/05/02 01:10:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\uTorrent
    [2011/05/02 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/02 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2011/05/02 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2011/05/02 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\QuickenOld

    ========== Files - Modified Within 30 Days ==========

    [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/05/07 22:08:35 | 000,006,510 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
    [2011/05/07 22:08:35 | 000,001,083 | ---- | M] () -- C:\Windows\System32\bscs.ini
    [2011/05/07 22:06:47 | 000,000,101 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
    [2011/05/07 22:06:29 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/05/07 22:06:17 | 000,000,452 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/05/07 22:06:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/07 22:05:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/07 22:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/07 22:04:58 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/07 21:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    [2011/05/07 21:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/07 18:30:15 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/07 18:30:15 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/07 17:43:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2011/05/07 17:43:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2011/05/07 16:40:40 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/07 16:40:40 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/07 16:25:51 | 004,343,224 | R--- | M] () -- C:\Users\Scott\Desktop\ComboFix.exe
    [2011/05/07 13:22:26 | 000,000,272 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
    [2011/05/07 12:07:33 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\tdsskiller.exe
    [2011/05/07 12:07:18 | 000,294,400 | ---- | M] () -- C:\Users\Scott\Desktop\exeHelper.com
    [2011/05/07 01:54:27 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    [2011/05/06 19:50:14 | 000,002,398 | ---- | M] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
    [2011/05/06 14:02:17 | 000,000,680 | ---- | M] () -- C:\Users\Scott\Desktop\PortableRoboForm.exe - Shortcut.lnk
    [2011/05/05 12:39:36 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\GoodSync.lnk
    [2011/05/05 12:38:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/05/05 12:26:54 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/05/04 02:31:12 | 000,001,998 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/05/03 12:22:29 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 12:20:09 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/05/03 12:10:58 | 000,002,963 | ---- | M] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
    [2011/05/02 21:14:00 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
    [2011/05/02 20:15:56 | 002,468,632 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
    [2011/05/02 13:03:44 | 000,151,762 | ---- | M] () -- C:\Users\Scott\Documents\Wisconsin Birth Certificate Application.pdf
    [2011/05/02 13:03:34 | 000,166,480 | ---- | M] () -- C:\Users\Scott\Documents\viewStatemen2t.pdf
    [2011/05/02 13:03:25 | 000,149,504 | ---- | M] () -- C:\Users\Scott\Documents\TransUnion.pdf
    [2011/05/02 13:03:24 | 000,016,515 | ---- | M] () -- C:\Users\Scott\Documents\Signature2_Page_2.jpg
    [2011/05/02 13:03:24 | 000,008,628 | ---- | M] () -- C:\Users\Scott\Documents\Signature.pdf
    [2011/05/02 13:03:24 | 000,006,354 | ---- | M] () -- C:\Users\Scott\Documents\Signature.jpg
    [2011/05/02 13:03:06 | 000,139,264 | ---- | M] () -- C:\Users\Scott\Documents\Scott's Dream Diary.lok
    [2011/05/02 13:03:06 | 000,021,454 | ---- | M] () -- C:\Users\Scott\Documents\Scott E. Falk.asc
    [2011/05/02 13:03:03 | 000,036,782 | ---- | M] () -- C:\Users\Scott\Documents\Savings Account Transaction Register.html
    [2011/05/02 13:02:39 | 000,073,641 | ---- | M] () -- C:\Users\Scott\Documents\Print Listing.pdf
    [2011/05/02 13:02:39 | 000,016,640 | ---- | M] () -- C:\Users\Scott\Documents\Pre-2009 Documents of Scott Eric Falk.pfl
    [2011/05/02 13:02:39 | 000,000,232 | ---- | M] () -- C:\Users\Scott\Documents\Play With Kristina.puz
    [2011/05/02 13:02:37 | 000,024,222 | ---- | M] () -- C:\Users\Scott\Documents\Patriot_reb_83709_022805.pdf
    [2011/05/02 13:01:46 | 001,513,834 | ---- | M] () -- C:\Users\Scott\Documents\mskc_poster.pdf
    [2011/05/02 13:01:43 | 009,277,440 | ---- | M] () -- C:\Users\Scott\Documents\Movie Audio and Book Library.mdb
    [2011/05/02 13:01:39 | 000,667,220 | ---- | M] () -- C:\Users\Scott\Documents\Microtek Scanner Direct Scan Controller.mdi
    [2011/05/02 13:01:39 | 000,033,160 | ---- | M] () -- C:\Users\Scott\Documents\Melaleuca Mortgage Application.pdf
    [2011/05/02 13:01:34 | 000,002,032 | ---- | M] () -- C:\Users\Scott\Documents\Itunes fix.reg
    [2011/05/02 13:01:33 | 004,727,883 | ---- | M] () -- C:\Users\Scott\Documents\HPIPAQRX3115.pdf
    [2011/05/02 13:01:33 | 000,020,685 | ---- | M] () -- C:\Users\Scott\Documents\invoice.pdf
    [2011/05/02 13:01:28 | 000,908,524 | ---- | M] () -- C:\Users\Scott\Documents\FSX Keyboard Commands Pamphlet.pdf
    [2011/05/02 12:59:05 | 000,097,620 | ---- | M] () -- C:\Users\Scott\Documents\Equifax FACT Act.pdf
    [2011/05/02 12:59:05 | 000,050,053 | ---- | M] () -- C:\Users\Scott\Documents\enq.pdf
    [2011/05/02 12:59:04 | 003,756,072 | ---- | M] () -- C:\Users\Scott\Documents\EcoSense08_US.pdf
    [2011/05/02 12:58:59 | 006,742,187 | ---- | M] () -- C:\Users\Scott\Documents\dir625_manual_101.pdf
    [2011/05/02 12:58:59 | 000,021,664 | ---- | M] () -- C:\Users\Scott\Documents\Documents of Scott Eric Falk.pfl
    [2011/05/02 12:58:58 | 000,002,034 | -H-- | M] () -- C:\Users\Scott\Documents\Default.rdp
    [2011/05/02 12:58:57 | 000,205,598 | ---- | M] () -- C:\Users\Scott\Documents\cc_20100905_191131.reg
    [2011/05/02 12:58:57 | 000,057,828 | ---- | M] () -- C:\Users\Scott\Documents\Creativity_Pack_ReadMe.htm
    [2011/05/02 12:58:47 | 002,899,742 | ---- | M] () -- C:\Users\Scott\Documents\1999-GMC-Sonoma.pdf
    [2011/05/02 12:58:46 | 635,040,046 | ---- | M] () -- C:\Users\Scott\Desktop\sleep60.wav
    [2011/05/02 12:57:10 | 317,520,046 | ---- | M] () -- C:\Users\Scott\Desktop\sleep30.wav
    [2011/05/02 12:56:33 | 000,013,021 | ---- | M] () -- C:\Users\Scott\Desktop\haha2.jpg
    [2011/05/02 12:56:32 | 000,175,734 | ---- | M] () -- C:\Users\Scott\Desktop\haha.jpg
    [2011/05/02 12:51:49 | 000,002,053 | ---- | M] () -- C:\Users\Scott\Desktop\TVersity.lnk
    [2011/05/02 12:51:49 | 000,001,823 | ---- | M] () -- C:\Users\Scott\Desktop\Rosetta Stone.lnk
    [2011/05/02 12:51:49 | 000,000,939 | ---- | M] () -- C:\Users\Scott\Desktop\Wildcat! Navigator.lnk
    [2011/05/02 12:51:49 | 000,000,821 | ---- | M] () -- C:\Users\Scott\Desktop\RPTools - Shortcut.lnk
    [2011/05/02 12:51:48 | 002,009,430 | ---- | M] () -- C:\Users\Scott\Desktop\MAN3550B_RFX9100-9400_MAN.pdf
    [2011/05/02 12:51:48 | 000,002,358 | ---- | M] () -- C:\Users\Scott\Desktop\Movie Audio and Book Library.mdb - Shortcut.lnk
    [2011/05/02 12:51:48 | 000,000,665 | ---- | M] () -- C:\Users\Scott\Desktop\RPG PDF's - Shortcut.lnk
    [2011/05/02 12:51:48 | 000,000,073 | ---- | M] () -- C:\Users\Scott\Desktop\Might and Magic Heroes Kingdoms - The Gathered Archers.URL
    [2011/05/02 12:51:47 | 000,001,644 | ---- | M] () -- C:\Users\Scott\Desktop\Firefox Sync Key.html
    [2011/05/02 12:51:47 | 000,000,086 | ---- | M] () -- C:\Users\Scott\Desktop\Dynamic Drive DHTML Scripts- PHP Photo Album script v2.0.URL
    [2011/05/02 12:51:46 | 000,081,678 | ---- | M] () -- C:\Users\Scott\Desktop\C-5(R307) - Copy.pdf
    [2011/05/02 12:51:46 | 000,068,590 | ---- | M] () -- C:\Users\Scott\Desktop\20100716124528061.pdf
    [2011/05/02 12:51:46 | 000,001,398 | ---- | M] () -- C:\Users\Scott\Desktop\Bluetooth Advanced Audio.lnk
    [2011/05/02 12:51:33 | 000,000,012 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\userdic.tlx
    [2011/05/02 12:49:32 | 000,000,897 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
    [2011/05/02 12:49:32 | 000,000,272 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/05/02 12:49:31 | 000,002,663 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2011/05/02 12:49:31 | 000,002,565 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
    [2011/05/02 12:49:31 | 000,001,367 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/02 12:49:31 | 000,001,063 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2011/05/02 12:49:31 | 000,000,290 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/05/02 12:48:11 | 000,000,141 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\default.pls
    [2011/05/02 12:27:08 | 000,000,036 | ---- | M] () -- C:\Users\Scott\AppData\Local\housecall.guid.cache
    [2011/05/02 12:26:43 | 000,008,704 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/02 12:24:18 | 000,001,024 | ---- | M] () -- C:\Users\Scott\.rnd
    [2011/05/02 01:13:34 | 000,001,176 | ---- | M] () -- C:\Users\Scott\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/02 00:35:19 | 000,001,040 | ---- | M] () -- C:\Users\Scott\Desktop\Dropbox.lnk
    [2011/05/02 00:34:07 | 000,001,020 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

    ========== Files Created - No Company Name ==========

    [2011/05/07 22:06:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/05/07 17:43:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/05/07 17:43:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011/05/07 16:26:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/07 16:26:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/07 16:26:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/07 16:26:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/07 16:26:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/07 12:08:36 | 004,343,224 | R--- | C] () -- C:\Users\Scott\Desktop\ComboFix.exe
    [2011/05/07 12:07:14 | 000,294,400 | ---- | C] () -- C:\Users\Scott\Desktop\exeHelper.com
    [2011/05/06 14:02:17 | 000,000,680 | ---- | C] () -- C:\Users\Scott\Desktop\PortableRoboForm.exe - Shortcut.lnk
    [2011/05/05 12:39:36 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\GoodSync.lnk
    [2011/05/05 12:26:54 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/05/04 01:59:35 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/03 12:22:29 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 12:20:09 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/05/03 12:10:58 | 000,002,963 | ---- | C] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
    [2011/05/03 01:44:56 | 000,002,398 | ---- | C] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
    [2011/05/03 01:43:36 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    [2011/05/03 01:43:36 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    [2011/05/02 12:57:10 | 635,040,046 | ---- | C] () -- C:\Users\Scott\Desktop\sleep60.wav
    [2011/05/02 12:56:33 | 317,520,046 | ---- | C] () -- C:\Users\Scott\Desktop\sleep30.wav
    [2011/05/02 12:56:32 | 000,175,734 | ---- | C] () -- C:\Users\Scott\Desktop\haha.jpg
    [2011/05/02 12:56:32 | 000,013,021 | ---- | C] () -- C:\Users\Scott\Desktop\haha2.jpg
    [2011/05/02 12:51:46 | 000,081,678 | ---- | C] () -- C:\Users\Scott\Desktop\C-5(R307) - Copy.pdf
    [2011/05/02 12:50:17 | 000,001,373 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/05/02 01:13:34 | 000,001,176 | ---- | C] () -- C:\Users\Scott\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/02 00:35:19 | 000,001,040 | ---- | C] () -- C:\Users\Scott\Desktop\Dropbox.lnk
    [2011/05/02 00:34:07 | 000,001,020 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/05/10 17:54:39 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
    [2010/04/17 14:03:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/03/24 14:28:08 | 000,000,036 | ---- | C] () -- C:\Users\Scott\AppData\Local\housecall.guid.cache
    [2010/03/18 19:27:35 | 000,000,073 | ---- | C] () -- C:\Windows\WCGUI.INI
    [2010/03/13 13:45:16 | 000,000,122 | ---- | C] () -- C:\Windows\WHO.INI
    [2010/03/12 19:39:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/03/05 09:51:18 | 000,008,704 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/03 14:11:29 | 000,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2010/02/25 23:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
    [2010/02/25 15:26:02 | 000,000,452 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/02/25 10:32:04 | 000,000,141 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\default.pls
    [2010/02/25 10:31:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/02/24 18:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/02/24 14:48:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2010/02/24 13:29:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010/02/24 12:18:36 | 000,001,370 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
    [2010/02/24 12:13:07 | 000,000,272 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
    [2010/02/24 12:10:57 | 000,006,510 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
    [2010/02/24 12:10:56 | 000,000,101 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
    [2010/02/24 12:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
    [2010/02/23 23:13:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI
    [2010/02/23 23:03:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/02/23 22:31:57 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2010/02/23 21:46:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/02/23 21:43:40 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/02/23 21:43:40 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,414,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,618,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,104,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 18:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
    [2009/06/15 10:38:54 | 000,000,129 | ---- | C] () -- C:\Windows\System32\GamesConfiguration.ini
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/02/27 18:04:46 | 000,001,083 | ---- | C] () -- C:\Windows\System32\bscs.ini
    [2009/02/27 17:45:16 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
    [2009/02/27 17:44:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
    [2009/02/27 17:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
    [2009/02/27 17:44:10 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
    [2009/02/27 17:41:38 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
    [2009/02/27 17:41:02 | 000,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
    [2009/02/27 17:40:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
    [2008/12/07 13:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
    [2008/10/22 16:30:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
    [2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\userdic.tlx
    [2008/03/07 14:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
    [2007/08/10 16:29:12 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
    [2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2010/02/24 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ACD Systems
    [2010/02/24 13:49:17 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Acronis
    [2010/02/26 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AutoSync for Yahoo
    [2010/02/24 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Canon
    [2010/02/26 00:38:19 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\CompanionLink
    [2011/05/07 22:07:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2010/03/31 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GARMIN
    [2011/05/06 00:02:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GoodSync
    [2011/05/02 13:32:55 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\iolo
    [2011/05/07 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MailWasherPro
    [2011/05/02 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mp3tag
    [2010/04/14 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Musicmatch
    [2010/02/24 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PGP Corporation
    [2010/02/23 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Quicken WillMaker
    [2011/05/02 01:33:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Safer Networking
    [2010/02/26 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Smith Micro
    [2011/05/07 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\uTorrent
    [2011/05/07 22:06:29 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011/03/17 01:27:13 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2010/04/19 13:11:58 | 000,013,505 | ---- | M] () -- C:\fl.exe


    < MD5 for: AGP440.SYS >
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
    [2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
    [2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
    [2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
    [2009/07/13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
    [2009/07/13 20:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >





    Extras log

    OTL Extras logfile created on: 5/7/2011 10:33:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 266.01 Gb Total Space | 113.04 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 1.29 Gb Free Space | 21.33% Space Free | Partition Type: FAT32
    Drive E: | 292.01 Gb Total Space | 40.40 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
    Drive F: | 32.03 Gb Total Space | 26.61 Gb Free Space | 83.08% Space Free | Partition Type: NTFS

    Computer Name: SHADOWOLF | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20ACA1B0-8043-11D4-AEB1-00C04F590412}" = MapSource
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
    "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4C8EA3DB-0851-4676-8A67-C4BB71BD743F}" = Garmin BlueChart Americas v9.5
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
    "{519529EB-BCE3-417E-9637-09A075545D51}" = CompanionLink
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
    "{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = Dell WUSB
    "{882025A7-7599-4989-8FCD-7604FB90D6A9}" = PGP Desktop
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8D015A2F-4D85-419E-8E1D-93B0C246D491}" = Diskeeper 2010 Pro Premier
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
    "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5ED1586-DF14-4A2E-A5D8-6E50708CC7AA}" = SecureNetTerm
    "{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
    "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "AMIP_iTunes" = AMIP for iTunes (remove only)
    "AMIPConfigurator" = AMIPConfigurator (remove only)
    "BioWIN_is1" = BioWIN 5.11
    "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "DELL Webcam Center" = DELL Webcam Center
    "DELL Webcam Manager" = DELL Webcam Manager
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Family Tree Maker 2009" = Family Tree Maker 2009
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "MailWasher Pro_is1" = MailWasher Pro
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "Mp3tag" = Mp3tag v2.46a
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PowerISO" = PowerISO
    "Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
    "RealPlayer 12.0" = RealPlayer
    "SpeedFan" = SpeedFan (remove only)
    "SUPER " = SUPER Version 2010.bld.37 (Jan 2, 2010)
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.3
    "uTorrent" = Torrent
    "Wildcat! Navigator_is1" = Wildcat! Navigator
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "xReminder Pro_is1" = xReminder Pro
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Advanced PDF Password Recovery" = Advanced PDF Password Recovery
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "uTorrent" = Torrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/7/2011 1:19:06 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 1:49:56 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 2:08:04 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 3:44:13 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 5:41:48 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 6:29:41 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 6:40:36 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 7:23:28 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 7:37:19 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 11:05:39 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ OSession Events ]
    Error - 2/24/2010 3:48:34 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 167
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 2/24/2010 4:07:56 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 421
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 2/25/2010 11:06:47 AM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47519
    seconds with 1920 seconds of active time. This session ended with a crash.

    Error - 3/4/2010 5:58:22 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94844
    seconds with 3840 seconds of active time. This session ended with a crash.

    Error - 3/18/2010 4:00:58 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141572
    seconds with 7800 seconds of active time. This session ended with a crash.

    Error - 3/24/2010 5:04:21 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102103
    seconds with 2100 seconds of active time. This session ended with a crash.

    Error - 4/22/2010 12:15:08 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3771
    seconds with 2280 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/2/2011 5:18:25 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =

    Error - 5/2/2011 10:15:25 PM | Computer Name = Shadowolf | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:11:23 PM on ?5/?2/?2011 was unexpected.

    Error - 5/2/2011 10:15:29 PM | Computer Name = Shadowolf | Source = BugCheck | ID = 1001
    Description =

    Error - 5/2/2011 10:17:35 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHelp20

    Error - 5/2/2011 10:18:34 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Defender service to connect.

    Error - 5/2/2011 10:18:41 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7000
    Description = The Windows Defender service failed to start due to the following
    error: %%1053

    Error - 5/3/2011 1:20:41 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =

    Error - 5/3/2011 1:53:36 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10010
    Description =

    Error - 5/3/2011 1:57:02 AM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHelp20

    Error - 5/3/2011 2:01:43 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =


    < End of report >

  7. #7
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again

    Let's continue with your fix:

    Step 1.

    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2010/04/19 13:11:58 | 000,013,505 | ---- | M] () -- C:\fl.exe
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles


    Step 2.

    Update Software

    Please follow these steps to remove older version Java components and update:

    Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    Look for "Java Platform, Standard Edition".
    Click the "Download JRE" button to the right.
    Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
    Select your Language: "Multi-language".
    Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
    Click Continue and the page will refresh.
    Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    Close any programs you may have running - especially your web browser.


    Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

    Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
    If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    When the Java Setup - Welcome window opens, click the Install > button.
    If offered to install a Toolbar, just uncheck the box before continuing unless you want it.


    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:

    Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    Click Ok and reboot your computer.

    Step 3.

    * ESET Online Scan

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~
    Note:
    *If you are running a 64bit system:
    The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!


    Please copy and paste the report log of Eset online scan along with the OTL report log.

    Also let me know how is your computer is reacting after each step that we accomplish

    Kind Regards
    Net_Surfer
    Last edited by Net_Surfer; 05-08-2011 at 03:19 PM.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  8. #8
    Member
    Join Date
    May 2011
    Posts
    11
    Points
    0

    Default

    Here are the new logs.


    ComboFix 11-05-07.01 - Scott 05/07/2011 21:55:52.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1775 [GMT -5:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    Command switches used :: c:\users\Scott\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Scott\AppData\Local\Temp\sfamcc00001.dll
    c:\users\Scott\AppData\Local\Temp\sfareca00001.dll
    c:\windows\system32\midas.dll
    c:\windows\system32\win.ini
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-08 03:06 . 2011-05-08 03:06 -------- d-----w- c:\windows\system32\Service
    2011-05-08 03:03 . 2011-05-08 03:07 -------- d-----w- c:\users\Scott\AppData\Local\temp
    2011-05-08 03:03 . 2011-05-08 03:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-05-08 03:03 . 2011-05-08 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-05 17:38 . 2011-05-05 17:38 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-05 17:26 . 2011-04-29 17:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\program files\Lavasoft
    2011-05-05 17:26 . 2011-05-05 17:26 -------- d-----w- c:\programdata\Lavasoft
    2011-05-04 06:59 . 2011-05-04 06:59 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-04 06:59 . 2011-05-04 06:59 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-04 06:59 . 2011-05-04 06:59 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-04 06:59 . 2011-05-04 06:59 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-03 17:23 . 2011-05-03 17:23 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
    2011-05-03 17:22 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-03 17:22 . 2011-05-03 17:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-03 17:21 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-03 17:21 . 2011-05-03 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-03 17:20 . 2011-05-03 17:20 -------- d-----w- c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-03 17:19 . 2011-05-03 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-03 17:10 . 2011-05-03 17:10 388096 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-02 18:14 . 2011-05-02 18:14 -------- d-----w- c:\users\Scott\.VirtualBox
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    2011-05-02 17:45 . 2011-05-02 17:45 -------- d-----w- c:\users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    2011-05-02 06:36 . 2011-05-02 06:36 -------- d-----w- c:\users\Scott\VirtualBox VMs
    2011-05-02 06:33 . 2011-05-02 06:33 -------- d-----w- c:\users\Scott\AppData\Roaming\Safer Networking
    2011-05-02 06:32 . 2011-05-02 06:32 -------- d-----w- c:\program files\Safer Networking
    2011-05-02 06:13 . 2011-05-07 18:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-02 06:13 . 2011-05-02 06:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-02 06:10 . 2011-05-08 02:50 -------- d-----w- c:\users\Scott\AppData\Roaming\uTorrent
    2011-05-02 05:46 . 2011-05-02 05:46 -------- d-----w- c:\program files\ESET
    2011-05-02 05:33 . 2011-05-08 03:07 -------- d-----w- c:\users\Scott\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-03 01:15 . 2011-03-13 22:35 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe
    2011-03-17 06:45 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-19 05:33 . 2011-03-17 08:13 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32 . 2011-03-17 08:13 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32 . 2011-03-17 08:13 739840 ----a-w- c:\windows\system32\d2d1.dll
    2006-06-16 02:33 . 2010-02-24 03:31 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-26 00:43 . 2010-02-24 03:31 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 20:41 . 2010-02-24 03:31 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 19:10 . 2010-02-24 03:31 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 18:19 . 2010-02-24 03:31 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-11 00:35 . 2010-02-24 03:31 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 17:10 . 2010-02-24 03:31 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 17:42 . 2010-02-24 03:31 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 17:22 . 2010-02-24 03:31 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 17:21 . 2010-02-24 03:31 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2011-05-04 06:59 . 2011-05-04 06:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-05-02 17:48 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2007-08-10 21:27 598016 ----a-w- c:\windows\System32\PGPfsshl.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    "CompanionLink"="c:\program files\companionlink\companionlink.exe" [2010-03-12 15663104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 55824]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2009-11-06 58112]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-11-06 4793088]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
    .
    c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-2 23360040]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-23 50688]
    PGPtray.exe.lnk - c:\windows\Installer\{882025A7-7599-4989-8FCD-7604FB90D6A9}\Icon6560581611.exe [2010-2-24 55296]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-2-24 813584]
    SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll c:\windows\System32\PGPmapih.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
    R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-02-24 497008]
    R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-24 689416]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
    R3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\DRIVERS\WQ_ldr.sys [2007-08-05 33464]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-08 20744]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2007-08-10 97792]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-03-02 902432]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-02-24 146448]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-02 2326920]
    S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-02-24 283152]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-02 159168]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-21 45232]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\DRIVERS\WQ_hwa.sys [2007-08-05 157752]
    S3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\DRIVERS\WQ_rci.sys [2007-08-05 75448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 15:14]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 04:28]
    .
    2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    - c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 00:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
    IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
    FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.triplebotch.com/
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(772)
    c:\windows\system32\PGPhk.dll
    c:\program files\SetPoint\lgscroll.dll
    c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\pgpfsshl.dll
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    c:\windows\system32\BsHelpCSps.dll
    c:\windows\system32\BlueSoleilCSps.dll
    c:\windows\system32\BsMobileCSps.dll
    c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\PGPserv.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\BOINC\boinc.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
    c:\windows\system32\conhost.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\programdata\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\PGP Corporation\PGP Desktop\PGPfsd.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\programdata\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-07 22:13:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-08 03:13
    ComboFix2.txt 2011-05-07 23:32
    .
    Pre-Run: 121,387,806,720 bytes free
    Post-Run: 121,294,725,120 bytes free
    .
    - - End Of File - - 341DF882DD945D500AD1B8EB19BA343E






    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6529

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/7/2011 10:30:23 PM
    mbam-log-2011-05-07 (22-30-23).txt

    Scan type: Quick scan
    Objects scanned: 168890
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)






    OTL Log (Sorry, I forgot to check Minimal Output, this is Standard Output)


    OTL logfile created on: 5/7/2011 10:33:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 266.01 Gb Total Space | 113.04 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 1.29 Gb Free Space | 21.33% Space Free | Partition Type: FAT32
    Drive E: | 292.01 Gb Total Space | 40.40 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
    Drive F: | 32.03 Gb Total Space | 26.61 Gb Free Space | 83.08% Space Free | Partition Type: NTFS

    Computer Name: SHADOWOLF | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    PRC - [2011/05/02 12:48:16 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/05/02 10:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/12/29 02:52:49 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    PRC - [2010/03/30 00:23:05 | 008,419,840 | ---- | M] () -- C:\ProgramData\BOINC\projects\qah.uni-muenster.de\qasinoAlpha_5.01_windows_intelx86.exe
    PRC - [2010/03/12 15:17:20 | 015,663,104 | ---- | M] (CompanionLink Software, Inc.) -- C:\Program Files\CompanionLink\CompanionLink.exe
    PRC - [2010/03/02 09:55:14 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2010/02/24 00:07:47 | 002,490,880 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
    PRC - [2009/11/25 08:24:14 | 004,009,592 | ---- | M] (Almico Software (Almico's Home Page)) -- C:\Program Files\SpeedFan\speedfan.exe
    PRC - [2009/11/06 17:58:02 | 004,793,088 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
    PRC - [2009/11/06 17:58:02 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
    PRC - [2009/11/06 17:58:00 | 000,783,104 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/23 20:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2009/09/12 17:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2009/09/12 17:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/06/18 11:32:26 | 019,121,072 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    PRC - [2009/05/26 18:49:12 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
    PRC - [2009/05/22 13:33:00 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2009/02/27 18:04:38 | 000,850,432 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    PRC - [2009/02/27 18:04:34 | 000,278,016 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    PRC - [2009/02/27 17:42:20 | 000,098,407 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    PRC - [2009/02/27 17:40:48 | 000,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/08/10 16:27:44 | 000,315,392 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe
    PRC - [2007/08/10 16:21:56 | 000,092,672 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe
    PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/06/07 12:14:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/05/21 09:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/06/10 16:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
    MOD - [2009/05/26 18:47:28 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\lgscroll.dll
    MOD - [2008/02/22 17:55:54 | 000,103,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2007/08/10 16:20:02 | 000,043,520 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPhk.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/02 10:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/11/08 11:40:56 | 000,715,440 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
    SRV - [2010/03/02 09:55:14 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/02/24 16:07:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/23 20:16:09 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/23 19:27:43 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
    SRV - [2010/02/23 19:27:43 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
    SRV - [2010/02/23 19:27:43 | 000,345,352 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2009/10/23 20:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/02/27 18:04:38 | 000,850,432 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
    SRV - [2009/02/27 17:42:20 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
    SRV - [2009/02/27 17:40:48 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
    SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/08/10 16:21:56 | 000,092,672 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)
    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/07/30 12:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
    DRV - [2010/07/30 12:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
    DRV - [2010/07/30 12:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
    DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/02 09:55:16 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/03/02 09:55:12 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
    DRV - [2010/03/02 09:55:11 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/03/02 09:54:55 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/02/26 12:45:25 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV - [2010/02/26 12:45:24 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2010/02/26 12:45:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2010/02/26 12:45:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2010/02/23 19:27:43 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
    DRV - [2010/02/23 19:27:43 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
    DRV - [2010/02/23 19:27:43 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2010/02/23 18:27:38 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/11/20 21:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/10/21 02:04:34 | 000,045,232 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\DKRtWrt.sys -- (DKRtWrt)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/04/22 18:13:36 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/04/22 18:13:28 | 000,035,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/01/08 03:20:04 | 000,031,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
    DRV - [2009/01/08 00:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
    DRV - [2009/01/03 17:40:12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2008/12/22 14:18:58 | 000,017,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
    DRV - [2008/12/09 16:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2008/12/07 13:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
    DRV - [2008/11/25 16:23:38 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2008/11/25 16:23:30 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
    DRV - [2008/07/02 15:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV - [2008/01/21 20:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
    DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/08/10 16:21:44 | 000,224,256 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
    DRV - [2007/08/10 16:21:28 | 000,097,792 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\PGPfsfd.sys -- (pgpfs)
    DRV - [2007/08/10 16:21:20 | 000,033,792 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
    DRV - [2007/08/10 16:21:04 | 000,168,960 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
    DRV - [2007/08/04 19:45:48 | 000,075,448 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WQ_rci.sys -- (WQ_USBRCI)
    DRV - [2007/08/04 19:45:44 | 000,157,752 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WQ_hwa.sys -- (WQ_USBHWA)
    DRV - [2007/08/04 19:45:44 | 000,033,464 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WQ_ldr.sys -- (WQ_USBLOAD)
    DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/22 14:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
    DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
    DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 A3 C0 16 84 08 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.triplebotch.com/"
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
    FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
    FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/04 21:03:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 01:59:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/04 01:59:33 | 000,000,000 | ---D | M]

    [2010/02/23 21:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
    [2011/05/07 20:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions
    [2011/05/02 13:31:29 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2011/05/02 13:31:29 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2011/05/03 00:37:25 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
    [2010/02/23 21:57:17 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2011/05/02 13:31:24 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2011/05/02 13:31:23 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2011/05/03 00:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/05/02 13:31:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/05/02 13:31:38 | 000,000,000 | ---D | M] (شرŠط أدˆات فŠس بˆƒ) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\extensions\firefox@facebook.com
    [2011/05/02 12:51:19 | 000,000,675 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\5don5c7d.default\searchplugins\dd-wiki-en.xml
    [2011/05/03 12:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/24 12:09:55 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
    [2010/05/02 13:19:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    File not found (No name found) --
    () (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DON5C7D.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    () (No name found) -- C:\USERS\SCOTT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DON5C7D.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
    [2011/05/04 01:59:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/05/04 01:59:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/05/07 22:06:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4 - HKCU..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
    O4 - HKCU..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
    O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - State: "startup" - 0
    MsConfig - State: "services" - 0


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/07 22:31:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/05/07 22:13:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/07 22:11:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/07 22:06:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Service
    [2011/05/07 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\temp
    [2011/05/07 21:54:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/07 16:26:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/07 16:26:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/07 16:26:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/07 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/07 16:24:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/07 12:07:21 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\tdsskiller.exe
    [2011/05/05 12:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
    [2011/05/05 12:38:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/05/05 12:26:47 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/05/05 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/05/05 12:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/05/05 12:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/05/03 12:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/05/03 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes
    [2011/05/03 12:22:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/03 12:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/03 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/03 12:21:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/03 12:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/03 12:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/05/03 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
    [2011/05/03 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/05/03 12:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/05/03 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/05/03 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/05/02 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\.VirtualBox
    [2011/05/02 12:53:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\New folder (2)
    [2011/05/02 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AllToAVI
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{DBF1BAF0-8B9A-4A2F-BF66-FECE711C7F3A}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{B966489E-4EBE-434E-8905-AC175959B1F4}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{ACBEEE96-0724-41FD-9E79-D0B5043A1A8A}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{94DB65A6-5444-4141-BB1D-2C93819589AA}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{7843A14E-68EA-41F1-9258-3635B7C57A7C}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{74FC0AE8-AF80-4C49-8EA9-870AA984BE7F}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{5552CDDE-BF12-47AA-8EE5-29A8CC6A1B92}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0F50BFB3-1533-47A9-8EA5-56C146352542}
    [2011/05/02 12:45:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0839F024-89EB-417E-AFAB-BE524BB44E4B}
    [2011/05/02 01:36:02 | 000,000,000 | ---D | C] -- C:\Users\Scott\VirtualBox VMs
    [2011/05/02 01:33:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Safer Networking
    [2011/05/02 01:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
    [2011/05/02 01:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
    [2011/05/02 01:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/02 01:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/05/02 01:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/05/02 01:10:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\uTorrent
    [2011/05/02 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/02 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2011/05/02 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2011/05/02 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\QuickenOld

    ========== Files - Modified Within 30 Days ==========

    [2011/05/07 22:31:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
    [2011/05/07 22:08:35 | 000,006,510 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
    [2011/05/07 22:08:35 | 000,001,083 | ---- | M] () -- C:\Windows\System32\bscs.ini
    [2011/05/07 22:06:47 | 000,000,101 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
    [2011/05/07 22:06:29 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/05/07 22:06:17 | 000,000,452 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/05/07 22:06:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/07 22:05:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/07 22:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/07 22:04:58 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/07 21:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    [2011/05/07 21:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/07 18:30:15 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/07 18:30:15 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/07 17:43:54 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2011/05/07 17:43:54 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2011/05/07 16:40:40 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/07 16:40:40 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/07 16:25:51 | 004,343,224 | R--- | M] () -- C:\Users\Scott\Desktop\ComboFix.exe
    [2011/05/07 13:22:26 | 000,000,272 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
    [2011/05/07 12:07:33 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\tdsskiller.exe
    [2011/05/07 12:07:18 | 000,294,400 | ---- | M] () -- C:\Users\Scott\Desktop\exeHelper.com
    [2011/05/07 01:54:27 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    [2011/05/06 19:50:14 | 000,002,398 | ---- | M] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
    [2011/05/06 14:02:17 | 000,000,680 | ---- | M] () -- C:\Users\Scott\Desktop\PortableRoboForm.exe - Shortcut.lnk
    [2011/05/05 12:39:36 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\GoodSync.lnk
    [2011/05/05 12:38:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/05/05 12:26:54 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/05/04 02:31:12 | 000,001,998 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/05/03 12:22:29 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 12:20:09 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/05/03 12:10:58 | 000,002,963 | ---- | M] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
    [2011/05/02 21:14:00 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
    [2011/05/02 20:15:56 | 002,468,632 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
    [2011/05/02 13:03:44 | 000,151,762 | ---- | M] () -- C:\Users\Scott\Documents\Wisconsin Birth Certificate Application.pdf
    [2011/05/02 13:03:34 | 000,166,480 | ---- | M] () -- C:\Users\Scott\Documents\viewStatemen2t.pdf
    [2011/05/02 13:03:25 | 000,149,504 | ---- | M] () -- C:\Users\Scott\Documents\TransUnion.pdf
    [2011/05/02 13:03:24 | 000,016,515 | ---- | M] () -- C:\Users\Scott\Documents\Signature2_Page_2.jpg
    [2011/05/02 13:03:24 | 000,008,628 | ---- | M] () -- C:\Users\Scott\Documents\Signature.pdf
    [2011/05/02 13:03:24 | 000,006,354 | ---- | M] () -- C:\Users\Scott\Documents\Signature.jpg
    [2011/05/02 13:03:06 | 000,139,264 | ---- | M] () -- C:\Users\Scott\Documents\Scott's Dream Diary.lok
    [2011/05/02 13:03:06 | 000,021,454 | ---- | M] () -- C:\Users\Scott\Documents\Scott E. Falk.asc
    [2011/05/02 13:03:03 | 000,036,782 | ---- | M] () -- C:\Users\Scott\Documents\Savings Account Transaction Register.html
    [2011/05/02 13:02:39 | 000,073,641 | ---- | M] () -- C:\Users\Scott\Documents\Print Listing.pdf
    [2011/05/02 13:02:39 | 000,016,640 | ---- | M] () -- C:\Users\Scott\Documents\Pre-2009 Documents of Scott Eric Falk.pfl
    [2011/05/02 13:02:39 | 000,000,232 | ---- | M] () -- C:\Users\Scott\Documents\Play With Kristina.puz
    [2011/05/02 13:02:37 | 000,024,222 | ---- | M] () -- C:\Users\Scott\Documents\Patriot_reb_83709_022805.pdf
    [2011/05/02 13:01:46 | 001,513,834 | ---- | M] () -- C:\Users\Scott\Documents\mskc_poster.pdf
    [2011/05/02 13:01:43 | 009,277,440 | ---- | M] () -- C:\Users\Scott\Documents\Movie Audio and Book Library.mdb
    [2011/05/02 13:01:39 | 000,667,220 | ---- | M] () -- C:\Users\Scott\Documents\Microtek Scanner Direct Scan Controller.mdi
    [2011/05/02 13:01:39 | 000,033,160 | ---- | M] () -- C:\Users\Scott\Documents\Melaleuca Mortgage Application.pdf
    [2011/05/02 13:01:34 | 000,002,032 | ---- | M] () -- C:\Users\Scott\Documents\Itunes fix.reg
    [2011/05/02 13:01:33 | 004,727,883 | ---- | M] () -- C:\Users\Scott\Documents\HPIPAQRX3115.pdf
    [2011/05/02 13:01:33 | 000,020,685 | ---- | M] () -- C:\Users\Scott\Documents\invoice.pdf
    [2011/05/02 13:01:28 | 000,908,524 | ---- | M] () -- C:\Users\Scott\Documents\FSX Keyboard Commands Pamphlet.pdf
    [2011/05/02 12:59:05 | 000,097,620 | ---- | M] () -- C:\Users\Scott\Documents\Equifax FACT Act.pdf
    [2011/05/02 12:59:05 | 000,050,053 | ---- | M] () -- C:\Users\Scott\Documents\enq.pdf
    [2011/05/02 12:59:04 | 003,756,072 | ---- | M] () -- C:\Users\Scott\Documents\EcoSense08_US.pdf
    [2011/05/02 12:58:59 | 006,742,187 | ---- | M] () -- C:\Users\Scott\Documents\dir625_manual_101.pdf
    [2011/05/02 12:58:59 | 000,021,664 | ---- | M] () -- C:\Users\Scott\Documents\Documents of Scott Eric Falk.pfl
    [2011/05/02 12:58:58 | 000,002,034 | -H-- | M] () -- C:\Users\Scott\Documents\Default.rdp
    [2011/05/02 12:58:57 | 000,205,598 | ---- | M] () -- C:\Users\Scott\Documents\cc_20100905_191131.reg
    [2011/05/02 12:58:57 | 000,057,828 | ---- | M] () -- C:\Users\Scott\Documents\Creativity_Pack_ReadMe.htm
    [2011/05/02 12:58:47 | 002,899,742 | ---- | M] () -- C:\Users\Scott\Documents\1999-GMC-Sonoma.pdf
    [2011/05/02 12:58:46 | 635,040,046 | ---- | M] () -- C:\Users\Scott\Desktop\sleep60.wav
    [2011/05/02 12:57:10 | 317,520,046 | ---- | M] () -- C:\Users\Scott\Desktop\sleep30.wav
    [2011/05/02 12:56:33 | 000,013,021 | ---- | M] () -- C:\Users\Scott\Desktop\haha2.jpg
    [2011/05/02 12:56:32 | 000,175,734 | ---- | M] () -- C:\Users\Scott\Desktop\haha.jpg
    [2011/05/02 12:51:49 | 000,002,053 | ---- | M] () -- C:\Users\Scott\Desktop\TVersity.lnk
    [2011/05/02 12:51:49 | 000,001,823 | ---- | M] () -- C:\Users\Scott\Desktop\Rosetta Stone.lnk
    [2011/05/02 12:51:49 | 000,000,939 | ---- | M] () -- C:\Users\Scott\Desktop\Wildcat! Navigator.lnk
    [2011/05/02 12:51:49 | 000,000,821 | ---- | M] () -- C:\Users\Scott\Desktop\RPTools - Shortcut.lnk
    [2011/05/02 12:51:48 | 002,009,430 | ---- | M] () -- C:\Users\Scott\Desktop\MAN3550B_RFX9100-9400_MAN.pdf
    [2011/05/02 12:51:48 | 000,002,358 | ---- | M] () -- C:\Users\Scott\Desktop\Movie Audio and Book Library.mdb - Shortcut.lnk
    [2011/05/02 12:51:48 | 000,000,665 | ---- | M] () -- C:\Users\Scott\Desktop\RPG PDF's - Shortcut.lnk
    [2011/05/02 12:51:48 | 000,000,073 | ---- | M] () -- C:\Users\Scott\Desktop\Might and Magic Heroes Kingdoms - The Gathered Archers.URL
    [2011/05/02 12:51:47 | 000,001,644 | ---- | M] () -- C:\Users\Scott\Desktop\Firefox Sync Key.html
    [2011/05/02 12:51:47 | 000,000,086 | ---- | M] () -- C:\Users\Scott\Desktop\Dynamic Drive DHTML Scripts- PHP Photo Album script v2.0.URL
    [2011/05/02 12:51:46 | 000,081,678 | ---- | M] () -- C:\Users\Scott\Desktop\C-5(R307) - Copy.pdf
    [2011/05/02 12:51:46 | 000,068,590 | ---- | M] () -- C:\Users\Scott\Desktop\20100716124528061.pdf
    [2011/05/02 12:51:46 | 000,001,398 | ---- | M] () -- C:\Users\Scott\Desktop\Bluetooth Advanced Audio.lnk
    [2011/05/02 12:51:33 | 000,000,012 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\userdic.tlx
    [2011/05/02 12:49:32 | 000,000,897 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
    [2011/05/02 12:49:32 | 000,000,272 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/05/02 12:49:31 | 000,002,663 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2011/05/02 12:49:31 | 000,002,565 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
    [2011/05/02 12:49:31 | 000,001,367 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/02 12:49:31 | 000,001,063 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2011/05/02 12:49:31 | 000,000,290 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/05/02 12:48:11 | 000,000,141 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\default.pls
    [2011/05/02 12:27:08 | 000,000,036 | ---- | M] () -- C:\Users\Scott\AppData\Local\housecall.guid.cache
    [2011/05/02 12:26:43 | 000,008,704 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/02 12:24:18 | 000,001,024 | ---- | M] () -- C:\Users\Scott\.rnd
    [2011/05/02 01:13:34 | 000,001,176 | ---- | M] () -- C:\Users\Scott\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/02 00:35:19 | 000,001,040 | ---- | M] () -- C:\Users\Scott\Desktop\Dropbox.lnk
    [2011/05/02 00:34:07 | 000,001,020 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

    ========== Files Created - No Company Name ==========

    [2011/05/07 22:06:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/05/07 17:43:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/05/07 17:43:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011/05/07 16:26:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/07 16:26:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/07 16:26:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/07 16:26:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/07 16:26:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/07 12:08:36 | 004,343,224 | R--- | C] () -- C:\Users\Scott\Desktop\ComboFix.exe
    [2011/05/07 12:07:14 | 000,294,400 | ---- | C] () -- C:\Users\Scott\Desktop\exeHelper.com
    [2011/05/06 14:02:17 | 000,000,680 | ---- | C] () -- C:\Users\Scott\Desktop\PortableRoboForm.exe - Shortcut.lnk
    [2011/05/05 12:39:36 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\GoodSync.lnk
    [2011/05/05 12:26:54 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/05/04 01:59:35 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/03 12:22:29 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/03 12:20:09 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/05/03 12:10:58 | 000,002,963 | ---- | C] () -- C:\Users\Scott\Desktop\HiJackThis.lnk
    [2011/05/03 01:44:56 | 000,002,398 | ---- | C] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
    [2011/05/03 01:43:36 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000UA.job
    [2011/05/03 01:43:36 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3998851370-4095316126-641813265-1000Core.job
    [2011/05/02 12:57:10 | 635,040,046 | ---- | C] () -- C:\Users\Scott\Desktop\sleep60.wav
    [2011/05/02 12:56:33 | 317,520,046 | ---- | C] () -- C:\Users\Scott\Desktop\sleep30.wav
    [2011/05/02 12:56:32 | 000,175,734 | ---- | C] () -- C:\Users\Scott\Desktop\haha.jpg
    [2011/05/02 12:56:32 | 000,013,021 | ---- | C] () -- C:\Users\Scott\Desktop\haha2.jpg
    [2011/05/02 12:51:46 | 000,081,678 | ---- | C] () -- C:\Users\Scott\Desktop\C-5(R307) - Copy.pdf
    [2011/05/02 12:50:17 | 000,001,373 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/05/02 01:13:34 | 000,001,176 | ---- | C] () -- C:\Users\Scott\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/02 00:35:19 | 000,001,040 | ---- | C] () -- C:\Users\Scott\Desktop\Dropbox.lnk
    [2011/05/02 00:34:07 | 000,001,020 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2010/05/10 17:54:39 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
    [2010/04/17 14:03:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/03/24 14:28:08 | 000,000,036 | ---- | C] () -- C:\Users\Scott\AppData\Local\housecall.guid.cache
    [2010/03/18 19:27:35 | 000,000,073 | ---- | C] () -- C:\Windows\WCGUI.INI
    [2010/03/13 13:45:16 | 000,000,122 | ---- | C] () -- C:\Windows\WHO.INI
    [2010/03/12 19:39:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/03/05 09:51:18 | 000,008,704 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/03 14:11:29 | 000,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2010/02/25 23:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
    [2010/02/25 15:26:02 | 000,000,452 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/02/25 10:32:04 | 000,000,141 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\default.pls
    [2010/02/25 10:31:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/02/24 18:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/02/24 14:48:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2010/02/24 13:29:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010/02/24 12:18:36 | 000,001,370 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
    [2010/02/24 12:13:07 | 000,000,272 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
    [2010/02/24 12:10:57 | 000,006,510 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
    [2010/02/24 12:10:56 | 000,000,101 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
    [2010/02/24 12:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
    [2010/02/23 23:13:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI
    [2010/02/23 23:03:14 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/02/23 22:31:57 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2010/02/23 21:46:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/02/23 21:43:40 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/02/23 21:43:40 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,414,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,618,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,104,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 18:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
    [2009/06/15 10:38:54 | 000,000,129 | ---- | C] () -- C:\Windows\System32\GamesConfiguration.ini
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/02/27 18:04:46 | 000,001,083 | ---- | C] () -- C:\Windows\System32\bscs.ini
    [2009/02/27 17:45:16 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
    [2009/02/27 17:44:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
    [2009/02/27 17:44:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
    [2009/02/27 17:44:10 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
    [2009/02/27 17:41:38 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
    [2009/02/27 17:41:02 | 000,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
    [2009/02/27 17:40:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
    [2008/12/07 13:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
    [2008/10/22 16:30:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
    [2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\userdic.tlx
    [2008/03/07 14:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
    [2007/08/10 16:29:12 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
    [2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2010/02/24 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ACD Systems
    [2010/02/24 13:49:17 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Acronis
    [2010/02/26 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AutoSync for Yahoo
    [2010/02/24 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Canon
    [2010/02/26 00:38:19 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\CompanionLink
    [2011/05/07 22:07:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Dropbox
    [2010/03/31 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GARMIN
    [2011/05/06 00:02:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GoodSync
    [2011/05/02 13:32:55 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\iolo
    [2011/05/07 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MailWasherPro
    [2011/05/02 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mp3tag
    [2010/04/14 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Musicmatch
    [2010/02/24 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PGP Corporation
    [2010/02/23 22:05:53 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Quicken WillMaker
    [2011/05/02 01:33:27 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Safer Networking
    [2010/02/26 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Smith Micro
    [2011/05/07 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\uTorrent
    [2011/05/07 22:06:29 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011/03/17 01:27:13 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2010/04/19 13:11:58 | 000,013,505 | ---- | M] () -- C:\fl.exe


    < MD5 for: AGP440.SYS >
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
    [2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
    [2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
    [2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
    [2009/07/13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
    [2009/07/13 20:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >





    Extras log

    OTL Extras logfile created on: 5/7/2011 10:33:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 266.01 Gb Total Space | 113.04 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
    Drive D: | 6.07 Gb Total Space | 1.29 Gb Free Space | 21.33% Space Free | Partition Type: FAT32
    Drive E: | 292.01 Gb Total Space | 40.40 Gb Free Space | 13.83% Space Free | Partition Type: NTFS
    Drive F: | 32.03 Gb Total Space | 26.61 Gb Free Space | 83.08% Space Free | Partition Type: NTFS

    Computer Name: SHADOWOLF | User Name: Scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP980_series" = Canon MP980 series MP Drivers
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20ACA1B0-8043-11D4-AEB1-00C04F590412}" = MapSource
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
    "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4C8EA3DB-0851-4676-8A67-C4BB71BD743F}" = Garmin BlueChart Americas v9.5
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
    "{519529EB-BCE3-417E-9637-09A075545D51}" = CompanionLink
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
    "{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = Dell WUSB
    "{882025A7-7599-4989-8FCD-7604FB90D6A9}" = PGP Desktop
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8D015A2F-4D85-419E-8E1D-93B0C246D491}" = Diskeeper 2010 Pro Premier
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
    "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5ED1586-DF14-4A2E-A5D8-6E50708CC7AA}" = SecureNetTerm
    "{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
    "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "AMIP_iTunes" = AMIP for iTunes (remove only)
    "AMIPConfigurator" = AMIPConfigurator (remove only)
    "BioWIN_is1" = BioWIN 5.11
    "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "DELL Webcam Center" = DELL Webcam Center
    "DELL Webcam Manager" = DELL Webcam Manager
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Family Tree Maker 2009" = Family Tree Maker 2009
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
    "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
    "MailWasher Pro_is1" = MailWasher Pro
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "Mp3tag" = Mp3tag v2.46a
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PowerISO" = PowerISO
    "Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
    "RealPlayer 12.0" = RealPlayer
    "SpeedFan" = SpeedFan (remove only)
    "SUPER " = SUPER Version 2010.bld.37 (Jan 2, 2010)
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.3
    "uTorrent" = Torrent
    "Wildcat! Navigator_is1" = Wildcat! Navigator
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "xReminder Pro_is1" = xReminder Pro
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Advanced PDF Password Recovery" = Advanced PDF Password Recovery
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "uTorrent" = Torrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/7/2011 1:19:06 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 1:49:56 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 2:08:04 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 3:44:13 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 5:41:48 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 6:29:41 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 6:40:36 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 7:23:28 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 7:37:19 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 5/7/2011 11:05:39 PM | Computer Name = Shadowolf | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ OSession Events ]
    Error - 2/24/2010 3:48:34 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 167
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 2/24/2010 4:07:56 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 421
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 2/25/2010 11:06:47 AM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47519
    seconds with 1920 seconds of active time. This session ended with a crash.

    Error - 3/4/2010 5:58:22 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94844
    seconds with 3840 seconds of active time. This session ended with a crash.

    Error - 3/18/2010 4:00:58 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 141572
    seconds with 7800 seconds of active time. This session ended with a crash.

    Error - 3/24/2010 5:04:21 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102103
    seconds with 2100 seconds of active time. This session ended with a crash.

    Error - 4/22/2010 12:15:08 PM | Computer Name = Shadowolf | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3771
    seconds with 2280 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/2/2011 5:18:25 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =

    Error - 5/2/2011 10:15:25 PM | Computer Name = Shadowolf | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:11:23 PM on ?5/?2/?2011 was unexpected.

    Error - 5/2/2011 10:15:29 PM | Computer Name = Shadowolf | Source = BugCheck | ID = 1001
    Description =

    Error - 5/2/2011 10:17:35 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHelp20

    Error - 5/2/2011 10:18:34 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Defender service to connect.

    Error - 5/2/2011 10:18:41 PM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7000
    Description = The Windows Defender service failed to start due to the following
    error: %%1053

    Error - 5/3/2011 1:20:41 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =

    Error - 5/3/2011 1:53:36 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10010
    Description =

    Error - 5/3/2011 1:57:02 AM | Computer Name = Shadowolf | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHelp20

    Error - 5/3/2011 2:01:43 AM | Computer Name = Shadowolf | Source = DCOM | ID = 10001
    Description =


    < End of report >







    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=41eff08ae22373448cc4668fdd7fedab
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-02 06:23:27
    # local_time=2011-05-02 01:23:27 (-0600, Central Daylight Time)
    # country="United States"
    # lang=9
    # osver=6.1.7600 NT
    # compatibility_mode=513 16777149 100 100 0 38905682 0 0
    # compatibility_mode=5893 16776574 100 94 36569652 55860105 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=122102
    # found=2
    # cleaned=2
    # scan_time=2093
    C:\4.exe Win32/TrojanClicker.VB.NRF trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Keygen.exe Win32/TrojanClicker.VB.NRF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=41eff08ae22373448cc4668fdd7fedab
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-08 08:20:03
    # local_time=2011-05-08 03:20:03 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=513 16777086 100 100 0 39422936 0 0
    # compatibility_mode=5893 16776574 100 94 37086906 56377359 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=568130
    # found=2
    # cleaned=2
    # scan_time=10238
    C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro Patcher.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Scott\Downloads\Droid Updates\SuperOneClickv1.5.5-ShortFuse.rar Android/Exploit.RageCage.A trojan (deleted - quarantined) 00000000000000000000000000000000 C

  9. #9
    Member
    Join Date
    May 2011
    Posts
    11
    Points
    0

    Default

    So far my computer seems to be acting normal. Although, after reading more about what rootkits do, after all this I'm probably going to do a hard drive wipe and reinstall everything from scratch again. But, we'll see how this all turns out first.

  10. #10
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Quote Originally Posted by Lonewolf147 View Post
    So far my computer seems to be acting normal. Although, after reading more about what rootkits do, after all this I'm probably going to do a hard drive wipe and reinstall everything from scratch again. But, we'll see how this all turns out first.
    TDSS, or TDL3, TDL4, is the name of a family of rootkits for the Windows operating system that downloads and execute other malware, delivers advertisements to your computer, and block programs from running. This rootkit infects your computer in various ways that include replacing hard disk drivers with malicious versions. Once a computer is infected, TDSS will be invisible to Windows and anti-malware programs while downloading and executing further malware and delivering advertisements to your computer. This particular infections is detected under various names depending on the particular anti-virus vendor. A list of vendors and their detection names for TDSS can be found below.


    Definition Name

    Anti-virus Vendor
    Packed.Win32.TDSS, Rootkit.Win32.TDSS Kaspersky Lab
    Mal/TDSSPack, Mal/TDSSPk Sophos
    Trojan:Win32/Alureon Microsoft
    Packed.Win32.Tdss Ikarus
    W32.Tidserv, Backdoor.Tidserv Symantec
    Trojan.TDSS MalwareBytes’
    Backdoor:W32/TDSS F-Secure
    BKDR_TDSS Trend Micro
    Rootkit.TDss BitDefender
    Generic Rootkit.d McAfee



    While infected, the files and services associated with TDSS will be invisible, but there are symptoms that the TDSS infection may display. These symptoms include:

    Google search result links will be redirected to unrelated sites. When you search through Google and click on one of the search results, instead of going to the correct page you will instead be redirected to an advertisement. It should be noted that some of the domains you are redirected to are legitimate companies, but that may have affiliates that promote their products in a dubious manner.

    The inability to run various programs. When you attempt to run certain programs, you will not receive an error, but they simply will not start. TDSS has a configuration setting called disallowed that contains a large list of programs that it will not allow to execute. It does this so that you cannot launch anti-virus and anti-malware programs that may help you remove this infection.

    The inability to access various sites. For example, at the time of this writing TDSS is blocking access to other computer help and security sites.

    Web browsing is slower than normal. When starting your web browser or browsing the web, you may find that web pages load slower.

    As you can see, the TDSS rootkit is an intrusive infection that takes over your machine and is very difficult to remove. Thankfully, Kaspersky Labs has released a tool called TDSSKiller that can be used to remove most variants of TDSS from your computer. We do, though, need to perform some steps in order to get the program to work.

    Hi Lonewolf147

    Your computer should be ok after we remove all traces of malware.

    You skipped the step #1 from my post #7 ....and I need you to do it and copy and paste the log when you done...If you have done the step number three of the same post with Java...please let me know in your next reply.

    Carefully read my next set instructions that I had in my post number 7 ...I will put them here again for you:

    Step 1.

    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2010/04/19 13:11:58 | 000,013,505 | ---- | M] () -- C:\fl.exe
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles


    Step 2.

    Update Software

    Please follow these steps to remove older version Java components and update:

    Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    Look for "Java Platform, Standard Edition".
    Click the "Download JRE" button to the right.
    Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
    Select your Language: "Multi-language".
    Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
    Click Continue and the page will refresh.
    Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    Close any programs you may have running - especially your web browser.


    Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

    Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
    If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    When the Java Setup - Welcome window opens, click the Install > button.
    If offered to install a Toolbar, just uncheck the box before continuing unless you want it.


    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:

    Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    Click Ok and reboot your computer.
    Last edited by Net_Surfer; 05-08-2011 at 03:31 PM.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

Page 1 of 2 12 LastLast