Results 1 to 10 of 26

Thread: Infected - Smart Fortress 2012

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default Infected - Smart Fortress 2012

    .


    Hello......please help with possible multiple infection.

    I was browsing through some Google results when Avast started firing multiple warnings (bad urls / files)

    I shut down the computer and restarted.....at which point Smart Fortress 2012 was installed and started scanning.

    It also disabled my internet (WIND Mobile)

    I restarted in safe mode......couldn't update Malwarebytes but scanned anyways.....found this:

    Files Detected: 1 ...... C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\temp\ms0cfg32.exe (Exploit.Drop.CFG)

    Then ran Avast scan......see attached screen capture.

    It appears that Spybot may have been removed but not sure....Safe Mode prevents me from seeing full screen.

    Not sure how to procede with required scans.

    Everything will need to be done via an 8GB SD card jump drive as I am now posting from another computer.

    Please help as I am dead in the water with this one.......Best Regards


    .

  2. #2
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton, welcome to the forum.

    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


    Let's see if we can get you back on the internet. This tool will not restore your connection but should show us the problem.

    Please download Farbar Service Scanner, transfer it to the effected computer.
    • double click the file to run it
    • make sure Internet Service is checked (RpcSs and PlugPlay should be checked by default and greyed out)
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    Member of UNITE and ASAP

  3. #3
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Hello......Thanks for the quick reply.....

    Here is the Farbar log as requested......

    -----------------------------------------------------------------------

    Farbar Service Scanner Version: 24-04-2012
    Ran by Gooderham (administrator) on 29-04-2012 at 13:46:41
    Running from "E:\"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Nerwork
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(8) aswTdi(1) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(9) NwlnkNb(10) Tcpip(3) Tcpip6(2)
    0x09000000040000000300000001000000050000000600000008000000090000000A00000002000000
    IpSec Tag value is correct.

    **** End of log ****


    .

  4. #4
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    Everything looks in order so the problem lies elsewhere.

    Download OTL to your jumpdrive.

    Create this text file and save it to the jumpdrive as well. Copy and paste all the text in hte codebox into a notepad. Save it as scan.txt

    Code:
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.līk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.* 
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s > 
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    ipsec.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    /md5stop
    Transfer OTL to the infected computer's desktop.

    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • Double click inside the Custom Scan box at the bottom
    • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
    • Click the OK button and navigate to the file scan.txt which we just saved to your jumpdrive
    • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Member of UNITE and ASAP

  5. #5
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .



    Hello.......here are the results from the OTL scan (in Safe Mode)

    ----------------------------------------------------------------------

    OTL logfile created on: 29/04/2012 5:18:51 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 84.32% Memory free
    4.83 Gb Paging File | 4.73 Gb Available in Paging File | 97.90% Paging File free
    Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.21 Gb Total Space | 5.75 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
    Drive E: | 7.19 Gb Total Space | 7.19 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

    Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (HWDeviceService.exe) -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe ()
    SRV - (BackupService) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe (ArcSoft, Inc.)
    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
    DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- system32\DRIVERS\swumx20.sys File not found
    DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- system32\DRIVERS\SWNC5E00.sys File not found
    DRV - (SWMX00) Sierra Wireless USB MUX Driver (#00) -- system32\DRIVERS\swmx00.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
    DRV - (dwshd) -- C:\WINDOWS\System32\drivers\dwshd.sys File not found
    DRV - (Changer) -- File not found
    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
    DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
    DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
    DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
    DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKCU\..\SearchScopes\{995F004B-3A93-445F-9A34-4E2521724E49}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 17:07:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/20 11:37:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/20 11:37:35 | 000,000,000 | ---D | M]

    [2011/02/16 01:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions
    [2009/08/09 20:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/04/27 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions
    [2012/01/09 08:49:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/24 13:28:15 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
    [2010/03/28 12:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\searchplugins\askcom.xml
    [2011/02/16 01:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 11:37:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/29 15:23:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2012/04/20 11:37:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 11:37:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/01/29 20:00:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\WIND\WIND.exe ()
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\RunOnce: [529C50A800717D320000205BD151FC84] C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84\529C50A800717D320000205BD151FC84.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/30 11:19:15 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
    O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\nwprovau.dll File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} Reg Error: Value error. (Reg Error: Key error.)
    O18 - Protocol\Filter\x-sdch - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 10

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/29 17:09:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    [2012/04/29 09:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
    [2012/04/29 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    [2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magellan Content Manager
    [2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
    [2012/04/21 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\407 ETR
    [2012/04/16 11:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\TD Statements
    [2012/04/10 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\MoneyBookers
    [2012/04/05 21:57:20 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/04 12:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\9TM Arizona
    [2012/04/02 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
    [2011/10/21 07:37:42 | 004,752,189 | ---- | C] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe

    ========== Files - Modified Within 30 Days ==========

    [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    [2012/04/29 13:40:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/29 13:39:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/29 11:28:24 | 000,028,058 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scan Result.jpg
    [2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    [2012/04/29 09:42:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/29 09:40:05 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
    [2012/04/29 09:23:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/29 09:05:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/27 10:40:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
    [2012/04/27 09:10:23 | 000,086,044 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
    [2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/04/23 11:27:28 | 001,249,432 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
    [2012/04/23 11:06:17 | 000,036,473 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
    [2012/04/15 08:23:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/15 08:23:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/04/12 03:18:40 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/12 03:18:40 | 000,103,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/12 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/04/09 11:01:27 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
    [2012/04/04 10:51:40 | 000,031,050 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
    [2012/04/04 09:47:19 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
    [2012/04/04 09:38:31 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
    [2012/04/04 08:50:43 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/04/29 11:28:20 | 000,028,058 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scan Result.jpg
    [2012/04/29 09:43:32 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    [2012/04/27 09:10:21 | 000,086,044 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
    [2012/04/23 11:27:24 | 001,249,432 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
    [2012/04/23 11:06:15 | 000,036,473 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
    [2012/04/20 11:37:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/04/09 11:01:27 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
    [2012/04/05 21:57:22 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/04 10:51:39 | 000,031,050 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
    [2012/04/04 09:47:19 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
    [2012/02/15 15:34:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/06 11:48:52 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
    [2011/12/06 16:50:28 | 000,001,314 | ---- | C] () -- C:\WINDOWS\COCR2.INI
    [2011/12/06 16:28:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
    [2011/11/01 08:32:46 | 000,573,100 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2011/05/07 17:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2011/05/06 15:56:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2011/05/06 15:56:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2011/05/06 15:54:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
    [2010/08/22 08:57:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/07/06 08:25:40 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\keyfile3.drm

    ========== LOP Check ==========

    [2012/04/29 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    [2012/02/01 12:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/01/29 20:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2011/05/06 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/01/30 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2012/03/13 12:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2010/04/27 11:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2009/12/25 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
    [2011/05/10 06:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor(2)
    [2008/06/21 20:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2008/01/11 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
    [2012/02/06 13:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2006/09/11 06:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2008/03/18 00:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
    [2011/12/30 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WIND
    [2011/04/27 08:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Amazon
    [2012/02/07 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\asoftech
    [2010/04/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Downloaded Installations
    [2011/05/25 08:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\EPSON
    [2009/03/02 08:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit
    [2011/03/29 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit Software
    [2008/01/25 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GameHouse
    [2010/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HTNetMeter
    [2008/12/09 04:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\IObit
    [2011/05/06 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leader Technologies
    [2006/06/17 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leadertech
    [2012/03/13 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp
    [2008/01/12 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\MSNInstaller
    [2010/10/05 08:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Nitro PDF
    [2011/05/09 23:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\OnlineArmor(2)
    [2011/12/23 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sierra Wireless
    [2006/10/28 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\SmartDraw
    [2007/11/15 04:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TrojanHunter
    [2008/09/16 05:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TweakNow RegCleaner Professional
    [2010/09/29 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue
    [2006/12/19 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\WholeSecurity
    [2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job



    .

  6. #6
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .



    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2012/01/24 22:00:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/01/29 19:45:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/12/19 20:24:32 | 000,004,688 | RH-- | M] () -- C:\dell.sdr
    [2006/09/12 16:42:13 | 000,000,004 | -HS- | M] () -- C:\dllimp_regmsft985
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2006/01/21 16:31:45 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2010/06/14 13:37:07 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/12/01 18:03:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2006/10/28 16:11:24 | 000,000,533 | -H-- | M] () -- C:\os062307.bin
    [2012/04/29 13:39:36 | 3206,545,408 | -HS- | M] () -- C:\pagefile.sys
    [2008/01/12 10:50:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/01/28 19:39:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/01/30 10:18:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008/01/30 16:38:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008/02/03 12:54:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2008/02/18 15:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/02/18 20:05:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/02/20 07:47:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008/02/28 02:53:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/02/28 03:31:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008/03/04 10:34:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008/03/04 16:28:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2008/03/14 18:56:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2008/03/17 07:24:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2008/03/18 00:04:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2008/03/18 00:12:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2008/01/12 10:50:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/01/28 19:39:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/01/30 10:18:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008/01/30 16:38:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008/02/03 12:54:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2008/02/18 15:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/02/18 20:05:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/02/20 07:47:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008/02/28 02:53:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008/02/28 03:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008/03/04 10:34:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008/03/04 16:28:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2008/03/14 18:56:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2008/03/17 07:24:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2008/03/18 00:04:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2008/03/18 00:12:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 15:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2012/01/16 22:44:49 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2011/10/21 07:37:42 | 004,752,189 | ---- | M] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.līk /x >
    [2010/12/01 18:11:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
    [2006/03/21 13:36:31 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
    [2008/10/15 06:26:10 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\PokerStars.net.lnk
    [2005/12/19 20:54:15 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Program Updates.lnk
    [2010/12/01 18:11:18 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    [2004/08/10 15:04:12 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
    [2006/01/25 19:40:57 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
    [2006/01/25 19:26:51 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\WordPerfect OfficeReady.lnk

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-27 15:57:01

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.EX_ >
    [2004/08/04 07:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    < MD5 for: EXPLORER.EXE-02121B1A.PF >
    [2012/04/12 05:34:45 | 000,037,846 | ---- | M] () MD5=E177790A11E4E7F88B6F2ADDBE1FA98F -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

    < MD5 for: EXPLORER.SC_ >
    [2004/08/04 07:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_

    < MD5 for: EXPLORER.SCF >
    [2004/08/04 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

    < MD5 for: EXPLORER.ZIP >
    [2006/03/06 23:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

    < MD5 for: IEXPLORE.CHM >
    [2009/02/21 02:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
    [2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
    [2004/08/04 07:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
    [2006/09/01 09:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

    < MD5 for: IEXPLORE.CHW >
    [2010/03/27 21:29:28 | 000,153,185 | ---- | M] () MD5=AC06021D4E0B1D4D044EDEFC7BF7E903 -- C:\WINDOWS\Help\iexplore.chw

    < MD5 for: IEXPLORE.EX_ >
    [2004/08/04 07:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_

    < MD5 for: IEXPLORE.EXE >
    [2009/06/29 03:25:31 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=02E2754D3E566C11A4934825920C47DD -- C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
    [2008/12/19 01:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB972260-IE7\iexplore.exe
    [2008/10/15 02:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
    [2007/04/24 10:26:26 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=10BDB55982586A432A3951EB19A26009 -- C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe
    [2008/12/19 01:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
    [2008/08/23 01:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
    [2007/12/06 07:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
    [2007/06/27 04:27:30 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=275CEE268B9E5D82474C43D5D249D111 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
    [2007/08/17 06:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
    [2009/06/29 04:35:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=3CFC56F73D494FC1AA2B6E981DF15ACD -- C:\WINDOWS\ie8\iexplore.exe
    [2006/10/17 14:04:40 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=5334D4461AA92A7B008755FE6D13C5F2 -- C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
    [2009/12/18 09:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\iexplore.exe
    [2007/08/17 06:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
    [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
    [2007/10/10 04:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
    [2007/02/21 04:00:58 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=683DDE71BCF03B501B912D20CB93B549 -- C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe
    [2007/12/06 04:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
    [2007/01/08 19:08:42 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=93A6A4F5293AE19E3B37021AABCF0902 -- C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe
    [2007/04/24 10:20:41 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=9B3516C1F30DA17ADD3818573047D63C -- C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe
    [2008/10/15 03:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
    [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
    [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
    [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
    [2007/06/27 05:16:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=BD8502DFD53FC24FB8D6929DC46B8C2C -- C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
    [2009/12/18 03:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
    [2009/12/18 03:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\iexplore.exe
    [2007/02/28 02:51:34 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=D321092F8529CDAE843D6E24E3CAC6CB -- C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe
    [2004/08/04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
    [2008/08/23 01:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
    [2007/10/10 06:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2009/03/08 15:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2009/03/08 15:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
    [2006/10/17 14:04:26 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=E83C9C1F9DD9D47BB44871BFC7E69DDD -- C:\WINDOWS\ie8\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
    [2012/04/29 09:38:38 | 000,083,058 | ---- | M] () MD5=9B9296F6B5A5C55133BB36F5914DCFA7 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

    < MD5 for: IEXPLORE.HLP >
    [2004/08/04 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

    < MD5 for: IPSEC.SYS >
    [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ERDNT\cache\ipsec.sys
    [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
    [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
    [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
    [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB54679$] -> Error: Cannot create file handle -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences

    < End of report >



    .

  7. #7
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    Wind.exe was targeted because of the location.

    Please rescan with OTL and we'll clean up the left overs. This time check the box beside "scan all users" and click Quick Scan. There will only be a OTL.txt this time.
    Member of UNITE and ASAP

  8. #8
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Hello......here is the new OTL scan

    --------------------------------------------------------------------

    OTL logfile created on: 30/04/2012 8:59:05 PM - Run 2
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.97% Memory free
    4.83 Gb Paging File | 4.54 Gb Available in Paging File | 93.94% Paging File free
    Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.21 Gb Total Space | 3.32 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
    Drive F: | 35.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/30 12:58:13 | 000,514,048 | ---- | M] () -- C:\Program Files\WIND\WIND.exe
    PRC - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
    PRC - [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/05/26 15:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
    PRC - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/30 14:00:32 | 001,771,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12043001\algo.dll
    MOD - [2012/04/30 12:58:13 | 000,514,048 | ---- | M] () -- C:\Program Files\WIND\WIND.exe
    MOD - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
    MOD - [2012/04/30 12:57:50 | 000,185,856 | ---- | M] () -- C:\Program Files\WIND\XFramePlugin.dll
    MOD - [2012/04/30 12:57:50 | 000,159,232 | ---- | M] () -- C:\Program Files\WIND\XCodec.dll
    MOD - [2012/04/30 12:57:50 | 000,142,336 | ---- | M] () -- C:\Program Files\WIND\USSDSrvPlugin.dll
    MOD - [2012/04/30 12:57:50 | 000,135,168 | ---- | M] () -- C:\Program Files\WIND\Trace.dll
    MOD - [2012/04/30 12:57:50 | 000,106,496 | ---- | M] () -- C:\Program Files\WIND\Win7Support.dll
    MOD - [2012/04/30 12:57:49 | 001,148,416 | ---- | M] () -- C:\Program Files\WIND\QtNetwork4.dll
    MOD - [2012/04/30 12:57:49 | 000,781,824 | ---- | M] () -- C:\Program Files\WIND\SMSUIPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,670,720 | ---- | M] () -- C:\Program Files\WIND\SmsAppPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,370,176 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qtiff4.dll
    MOD - [2012/04/30 12:57:49 | 000,320,512 | ---- | M] () -- C:\Program Files\WIND\StatusBarMgrPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,258,560 | ---- | M] () -- C:\Program Files\WIND\sdk.dll
    MOD - [2012/04/30 12:57:49 | 000,229,376 | ---- | M] () -- C:\Program Files\WIND\ToolBarMgrPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,217,600 | ---- | M] () -- C:\Program Files\WIND\SmsSrvPlugin.dll
    MOD - [2012/04/30 12:57:49 | 000,156,672 | ---- | M] () -- C:\Program Files\WIND\STKSrvPlugin.dll
    MOD - [2012/04/30 12:57:48 | 009,515,520 | ---- | M] () -- C:\Program Files\WIND\QtGui4.dll
    MOD - [2012/04/30 12:57:46 | 002,415,104 | ---- | M] () -- C:\Program Files\WIND\QtCore4.dll
    MOD - [2012/04/30 12:57:46 | 000,545,280 | ---- | M] () -- C:\Program Files\WIND\PluginContainer.dll
    MOD - [2012/04/30 12:57:46 | 000,379,392 | ---- | M] () -- C:\Program Files\WIND\Proxy.dll
    MOD - [2012/04/30 12:57:46 | 000,350,720 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qmng4.dll
    MOD - [2012/04/30 12:57:46 | 000,225,280 | ---- | M] () -- C:\Program Files\WIND\NetSrvPlugin.dll
    MOD - [2012/04/30 12:57:46 | 000,192,000 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qjpeg4.dll
    MOD - [2012/04/30 12:57:46 | 000,133,120 | ---- | M] () -- C:\Program Files\WIND\OSDialup.dll
    MOD - [2012/04/30 12:57:46 | 000,131,072 | ---- | M] () -- C:\Program Files\WIND\OSNDIS.dll
    MOD - [2012/04/30 12:57:46 | 000,101,376 | ---- | M] () -- C:\Program Files\WIND\OSAdapt.dll
    MOD - [2012/04/30 12:57:46 | 000,093,184 | ---- | M] () -- C:\Program Files\WIND\NotifyServicePlugin.dll
    MOD - [2012/04/30 12:57:46 | 000,082,944 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qgif4.dll
    MOD - [2012/04/30 12:57:46 | 000,081,920 | ---- | M] () -- C:\Program Files\WIND\plugins\imageformats\qico4.dll
    MOD - [2012/04/30 12:57:46 | 000,065,536 | ---- | M] () -- C:\Program Files\WIND\OSPowerMgr.dll
    MOD - [2012/04/30 12:57:46 | 000,062,976 | ---- | M] () -- C:\Program Files\WIND\OSCall.dll
    MOD - [2012/04/30 12:57:45 | 001,101,824 | ---- | M] () -- C:\Program Files\WIND\NDISAPI.dll
    MOD - [2012/04/30 12:57:45 | 000,449,536 | ---- | M] () -- C:\Program Files\WIND\NetInfoUIExPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,331,776 | ---- | M] () -- C:\Program Files\WIND\NetConnectPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,275,456 | ---- | M] () -- C:\Program Files\WIND\NetInfoSrvPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,269,824 | ---- | M] () -- C:\Program Files\WIND\LiveUpdateInterface.dll
    MOD - [2012/04/30 12:57:45 | 000,245,760 | ---- | M] () -- C:\Program Files\WIND\MenuMgrPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,179,712 | ---- | M] () -- C:\Program Files\WIND\NDISPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,158,720 | ---- | M] () -- C:\Program Files\WIND\NetConnectSrvPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,117,760 | ---- | M] () -- C:\Program Files\WIND\LayoutPlugin.dll
    MOD - [2012/04/30 12:57:45 | 000,043,008 | ---- | M] () -- C:\Program Files\WIND\libgcc_s_dw2-1.dll
    MOD - [2012/04/30 12:57:45 | 000,011,362 | ---- | M] () -- C:\Program Files\WIND\mingwm10.dll
    MOD - [2012/04/30 12:57:44 | 000,495,104 | ---- | M] () -- C:\Program Files\WIND\DeviceMgrUIPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,414,720 | ---- | M] () -- C:\Program Files\WIND\DialupUIPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,356,352 | ---- | M] () -- C:\Program Files\WIND\core.dll
    MOD - [2012/04/30 12:57:44 | 000,337,408 | ---- | M] () -- C:\Program Files\WIND\DeviceAppPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,300,544 | ---- | M] () -- C:\Program Files\WIND\DeviceSrvPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,218,112 | ---- | M] () -- C:\Program Files\WIND\Common.dll
    MOD - [2012/04/30 12:57:44 | 000,211,456 | ---- | M] () -- C:\Program Files\WIND\DialUpPlugin.dll
    MOD - [2012/04/30 12:57:44 | 000,157,184 | ---- | M] () -- C:\Program Files\WIND\DataServicePlugin.dll
    MOD - [2012/04/30 12:57:43 | 000,547,840 | ---- | M] () -- C:\Program Files\WIND\CallLogSrvPlugin.dll
    MOD - [2012/04/30 12:57:43 | 000,175,104 | ---- | M] () -- C:\Program Files\WIND\CallSrvPlugin.dll
    MOD - [2012/04/30 12:57:42 | 001,077,248 | ---- | M] () -- C:\Program Files\WIND\AddrBookPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,739,840 | ---- | M] () -- C:\Program Files\WIND\AddrBookUIPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,550,400 | ---- | M] () -- C:\Program Files\WIND\CallAppPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,264,704 | ---- | M] () -- C:\Program Files\WIND\AddrBookSrvPlugin.dll
    MOD - [2012/04/30 12:57:42 | 000,238,592 | ---- | M] () -- C:\Program Files\WIND\AtCodec.dll
    MOD - [2012/04/30 12:57:42 | 000,123,392 | ---- | M] () -- C:\Program Files\WIND\ATR2SMgr.dll
    MOD - [2011/12/30 15:51:11 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtNetwork4.dll
    MOD - [2011/12/30 15:51:11 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtXml4.dll
    MOD - [2011/12/30 15:51:11 | 000,384,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QueryStrategy.dll
    MOD - [2011/12/30 15:51:10 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\QtCore4.dll
    MOD - [2011/12/30 15:51:09 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\libgcc_s_dw2-1.dll
    MOD - [2011/12/30 15:51:09 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\mingwm10.dll
    MOD - [2011/05/26 15:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
    MOD - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
    MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2001/10/29 02:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/04/30 12:57:51 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WIND\UpdateDog\ouc.exe -- (WIND. RunOuc)
    SRV - [2012/04/15 08:23:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/03/14 11:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
    SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\GOODER~1.LAP\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - File not found [Kernel | Disabled | Unknown] -- C:\WINDOWS\System32\drivers\dwshd.sys -- (dwshd)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/04/30 12:57:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2012/04/30 12:57:52 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2012/04/30 12:57:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV - [2012/04/30 12:57:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2012/04/30 12:57:51 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/10/03 08:25:03 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/10/03 08:24:33 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2010/10/03 08:24:01 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2010/10/03 08:18:32 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2008/09/16 15:18:32 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2007/10/12 17:04:38 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/12/19 20:46:28 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
    DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\SearchScopes\{995F004B-3A93-445F-9A34-4E2521724E49}: "URL" = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
    IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 17:07:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/20 11:37:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/20 11:37:35 | 000,000,000 | ---D | M]

    [2011/02/16 01:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions
    [2009/08/09 20:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/04/27 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions
    [2012/01/09 08:49:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/24 13:28:15 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
    [2010/03/28 12:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\searchplugins\askcom.xml
    [2011/02/16 01:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 11:37:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/29 15:23:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2012/04/20 11:37:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 11:37:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/30 12:44:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/30 11:19:15 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
    O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6F85E-CD3A-420A-9EA1-18EB04C811FE}: NameServer = 74.115.197.69 74.115.197.68
    O18 - Protocol\Filter\x-sdch - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/03/16 11:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/11/30 13:53:56 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/30 20:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Scans
    [2012/04/30 16:03:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/04/30 12:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WIND
    [2012/04/30 12:58:20 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
    [2012/04/30 12:58:20 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
    [2012/04/30 12:58:20 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
    [2012/04/30 12:58:20 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
    [2012/04/30 12:58:19 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
    [2012/04/30 12:58:19 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
    [2012/04/30 12:58:19 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
    [2012/04/30 12:58:19 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
    [2012/04/30 12:58:19 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
    [2012/04/30 12:58:19 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
    [2012/04/30 12:58:19 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
    [2012/04/30 12:58:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012/04/30 12:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/04/30 10:45:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/30 10:45:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/30 10:45:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/30 10:45:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/30 10:42:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/29 17:09:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    [2012/04/29 09:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/04/29 09:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Smart Fortress 2012
    [2012/04/29 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    [2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magellan Content Manager
    [2012/04/26 10:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
    [2012/04/21 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\407 ETR
    [2012/04/16 11:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\TD Statements
    [2012/04/10 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\MoneyBookers
    [2012/04/04 12:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\9TM Arizona
    [2012/04/02 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
    [2011/10/21 07:37:42 | 004,752,189 | ---- | C] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe

    ========== Files - Modified Within 30 Days ==========

    [2012/04/30 21:05:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/30 20:40:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
    [2012/04/30 20:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/30 19:48:28 | 000,017,172 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Popup.jpg
    [2012/04/30 12:59:05 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
    [2012/04/30 12:57:52 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
    [2012/04/30 12:57:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
    [2012/04/30 12:57:52 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
    [2012/04/30 12:57:52 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
    [2012/04/30 12:57:52 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
    [2012/04/30 12:57:52 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
    [2012/04/30 12:57:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
    [2012/04/30 12:57:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
    [2012/04/30 12:57:51 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
    [2012/04/30 12:57:51 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
    [2012/04/30 12:57:51 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
    [2012/04/30 12:44:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/30 12:44:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/04/30 12:43:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/30 12:43:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/30 12:43:04 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/29 16:59:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
    [2012/04/29 09:49:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/04/29 09:43:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    [2012/04/27 10:40:01 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
    [2012/04/27 09:10:23 | 000,086,044 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
    [2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/04/23 11:27:28 | 001,249,432 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
    [2012/04/23 11:06:17 | 000,036,473 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
    [2012/04/12 03:18:40 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/12 03:18:40 | 000,103,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/12 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/04/09 11:01:27 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
    [2012/04/04 10:51:40 | 000,031,050 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
    [2012/04/04 09:47:19 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
    [2012/04/04 09:38:31 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
    [2012/04/04 08:50:43 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/04/30 19:48:26 | 000,017,172 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Popup.jpg
    [2012/04/30 12:59:05 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
    [2012/04/30 12:43:04 | 2138,505,216 | -HS- | C] () -- C:\hiberfil.sys
    [2012/04/30 10:45:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/30 10:45:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/30 10:45:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/30 10:45:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/30 10:45:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/29 09:43:32 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Smart Fortress 2012.lnk
    [2012/04/27 09:10:21 | 000,086,044 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Magellan Map Order.jpg
    [2012/04/23 11:27:24 | 001,249,432 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Hydro Bill.pdf
    [2012/04/23 11:06:15 | 000,036,473 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Allan-Rob.jpg
    [2012/04/20 11:37:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/04/09 11:01:27 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Crusaders Who-is.bmp
    [2012/04/05 21:57:22 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/04 10:51:39 | 000,031,050 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Hair.jpg
    [2012/04/04 09:47:19 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Registry Booster.lnk
    [2012/02/15 15:34:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/06 11:48:52 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
    [2011/12/06 16:50:28 | 000,001,314 | ---- | C] () -- C:\WINDOWS\COCR2.INI
    [2011/12/06 16:28:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
    [2011/11/01 08:32:46 | 000,573,100 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2011/05/07 17:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2011/05/06 15:56:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2011/05/06 15:56:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2011/05/06 15:54:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
    [2010/08/22 08:57:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/07/06 08:25:40 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\keyfile3.drm

    ========== LOP Check ==========

    [2012/04/29 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C50A800717D320000205BD151FC84
    [2012/02/01 12:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/04/30 13:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2011/05/06 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/01/30 17:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2012/03/13 12:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2010/04/27 11:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2009/12/25 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
    [2011/05/10 06:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor(2)
    [2008/06/21 20:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2008/01/11 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
    [2012/02/06 13:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2006/09/11 06:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2008/03/18 00:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
    [2011/12/30 15:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WIND
    [2011/04/27 08:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Amazon
    [2012/02/07 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\asoftech
    [2010/04/27 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Downloaded Installations
    [2011/05/25 08:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\EPSON
    [2009/03/02 08:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit
    [2011/03/29 15:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit Software
    [2008/01/25 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GameHouse
    [2010/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HTNetMeter
    [2008/12/09 04:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\IObit
    [2011/05/06 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leader Technologies
    [2006/06/17 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leadertech
    [2012/03/13 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp
    [2008/01/12 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\MSNInstaller
    [2010/10/05 08:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Nitro PDF
    [2011/05/09 23:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\OnlineArmor(2)
    [2011/12/23 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sierra Wireless
    [2006/10/28 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\SmartDraw
    [2007/11/15 04:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TrojanHunter
    [2008/09/16 05:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TweakNow RegCleaner Professional
    [2010/09/29 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue
    [2006/12/19 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\WholeSecurity
    [2012/04/24 07:34:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    < End of report >



    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •