can't run spybot, redirects spybot webpage. Email,skype, messenger don't work

Status
Not open for further replies.
L

LilPengy

New member
Pretty desperate, please help

Email and all messenger/skype done work
web does work but redirects any kind of helpful page
I can't run my spybot
The norton isn't working correctly
when i try to visit spybot or any other place like it I'm redirected to ad site
tried to reload new version of spybot, won't work
I believe my problem is with csrss.exe, lsass.exe and smss.exe, when I try to run in safe mode those are still there and they will not allow me to stop the processes. Also even in safe mode I cannot run spybot.

here are my logs as requested

DDS (Ver_10-10-21.02) - NTFSx86
Run by Bo at 20:02:08.96 on 10/27/10
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.809 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Evernote\Evernote3.5\evernote.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Trendnet\USBKVM Switcher\USBKVM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
R:\blazeweb\dds.scr
svchost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Evernote] "c:\program files\evernote\evernote3.5\evernote.exe"
uRun: [AppVodBurner]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\bo\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Gamma Loader.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Gamma.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\America Online 9.0 Tray Icon.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\usbkvm~1.lnk - c:\program files\trendnet\usbkvm switcher\USBKVM.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Search.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Yahoo! Autosync.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ymetray.lnk.disabled
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172462097015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: NameServer = 93.188.162.242,93.188.160.52
TCP: {5030B3CA-3CDB-4111-81E5-2A91EF44C739} = 93.188.162.242,93.188.160.52
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - r:\eudora files\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bo\applic~1\mozilla\firefox\profiles\d18038a5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={B789E32C-BD71-BC1C-68A5-91BBB6557905}&q=
FF - component: c:\documents and settings\bo\application data\mozilla\firefox\profiles\d18038a5.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-4 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-4 47640]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2000-12-22 7888]
R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2000-12-22 430080]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-6-19 189064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-2 24652]
R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2000-12-22 171872]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\NAVENG.sys [2010-10-27 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\NAVEX15.sys [2010-10-27 1371184]
S3 SM_SUGO1_FUService;SUGO1 Status Monitor Service;"c:\program files\samsung\samsung ml-3050 series\spanel\ssmsrvc /service --> c:\program files\samsung\samsung ml-3050 series\spanel\ssmsrvc [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-10-27 19:40:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-10-19 02:21:59 175104 --sh--r- c:\windows\system32\CoreAAC.ax
2010-10-19 02:21:59 123904 --sh--r- c:\windows\system32\AVCDX.ax
2010-10-19 02:21:58 81920 --sh--r- c:\windows\system32\aac_parser.ax
2010-10-19 02:21:58 227328 --sh--r- c:\windows\system32\ac3DX.ax
2010-10-19 02:20:42 -------- d-----w- c:\program files\eRightSoft
2010-10-18 14:40:03 -------- d-----w- c:\program files\TweetDeck
2010-10-11 18:16:32 -------- d-----w- C:\mp3s
2010-10-07 21:08:51 -------- d-----w- c:\program files\CherryPicker

==================== Find3M ====================

2010-09-29 07:12:21 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 07:12:21 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 07:12:20 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-29 07:12:20 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-09 19:48:11 89680 ----a-w- c:\documents and settings\bo\MSSSerif120.fon
2010-08-19 17:12:30 72080 ----a-w- c:\documents and settings\bo\g2mdlhlpx.exe
2006-07-31 14:36:33 352256 ----a-w- c:\program files\common files\ParseEngineTest.dll
2006-07-29 17:04:18 610304 ----a-w- c:\program files\common files\ezUpdaterVb6.dll
2006-04-27 15:09:26 53248 ----a-w- c:\program files\common files\cjDebug.dll
2006-04-27 15:09:06 32768 ----a-w- c:\program files\common files\cjErrHandler.dll
2006-03-29 18:32:42 118784 ----a-w- c:\program files\common files\CJTimePicker.ocx
2005-12-24 18:08:40 258048 ----a-w- c:\program files\common files\eDropShadow.ocx
2006-05-02 23:00:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-20 23:00:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-15 23:00:00 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 20:12:24.31 ===============

it seems to be adding this to my "real" browser...

res://ieframe.dll/dnserrordiagoff_webOC.htm#
 
Last edited by a moderator:
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay but we have been very busy.


Your system has been hijacked by the lovely people in the uKraine. Lets do this.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2


CF_download_FF.gif



CF_download_rename.gif


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Hi
thanks very much for your help

when I followed the instructions all went well except that I got a blue screen of death right at the end so now TXT file

also, it wasn't able to find the internet connection to load the recovery console

BUT

the good news is, after it blue screened I rebooted and at LEAST my email started working again!!! yay!!!

so just wanted to give you an update and I'm going to try to run it again now and see if it works this time and give me the info you need.

THANK YOU!!!!
 
ken545 said:
Hi,

C:\ComboFix.txt <-- You can find the log file here
Click to expand...


The only thing I found was in c:\combo-fix\combofix.txt
and it doesnt say much
obviously things are much better now... but not sure if it's all gone?

I ran the program twice, first time got blue screen of death. when I logged back in, I ran it again and it had me reboot.
--------------------------------------------------

ComboFix 10-11-02.05 - Bo 11/03/10 12:09:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1570 [GMT -4:00]
Running from: C:\Documents and Settings\Bo\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
 
I may be confusing it with something else
I just ran it again and it's adding the console... get back to you shortly

bo
 
it did install the console this time, but after it finished, it blue screen of death again. I also forgot to mention that I was able to run spybot and my virus program and they each found 1 thing and fixed it.
 
Try and run this program, you can run it in Safemode.


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode




Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
ok thanks, I will try that

also this is the virus that norton found 2 days in a row
I see now that Quarantine FAILED

Scan type: Scheduled Scan
Event: Virus Found!
Virus name: Backdoor.Tidserv.I!inf
File: C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir
Location: C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers
Computer: DELLWITHRAID
User: Bo
Action taken: Clean failed : Quarantine failed :
Date found: Fri Nov 05 07:34:54 2010
 
That bad file that was detected is in Qoobox which is the backup folder of what Combofix removed.

Lets see what Malwarebytes finds
 
It found 2 things and I removed them
BUT, when I ran the program, it would not update.
I kept getting the error
"an error has occurred. Please report this error code to our suupport tieam."
MBAM_ERROR_UPDATING(12007,0,WinHttpSendRequest)

I will try to update again later after I reboot... but here is the log so far

Once again, I just want to thank you for your help
it is really appreciated

regards

-----------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/06/10 12:17:52 PM
mbam-log-2010-11-06 (12-17-52).txt

Scan type: Quick scan
Objects scanned: 142437
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window

s\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8b

f420dd31d} (Rogue.DeusCleaner) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window

s\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-10

0009000004} (Trojan.Agent) -> Quarantined and deleted

successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
There have been some problems with updating MBAM, but it did remove some bad junk.

Run this one and see what it finds

Please download SuperAntiSpyware Free
Install the program
  • Run SuperAntiSpyware and click: Check for updates
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply
 
here is the log

everything is much better... the only thing I still see is that installer is still trying to load twice at start up
------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2010 at 01:36 AM

Application Version : 4.45.1000

Core Rules Database Version : 5821
Trace Rules Database Version: 3633

Scan type : Complete Scan
Total Scan Time : 00:18:03

Memory items scanned : 778
Memory threats detected : 0
Registry items scanned : 9872
Registry threats detected : 0
File items scanned : 50740
File threats detected : 88

Adware.Tracking Cookie
C:\Documents and Settings\Bo\Cookies\bo@click.tigeronline[3].txt
C:\Documents and Settings\Bo\Cookies\bo@ar.atwola[3].txt
C:\Documents and Settings\Bo\Cookies\bo@invitemedia[2].txt
C:\Documents and Settings\Bo\Cookies\bo@cdn.at.atwola[2].txt
C:\Documents and Settings\Bo\Cookies\bo@click.affinityperks[3].txt
C:\Documents and Settings\Bo\Cookies\bo@atwola[3].txt
C:\Documents and Settings\Bo\Cookies\bo@2o7[3].txt
C:\Documents and Settings\Bo\Cookies\bo@1nfoclicks[3].txt
C:\Documents and Settings\Bo\Cookies\bo@specificclick[3].txt
C:\Documents and Settings\Bo\Cookies\bo@ar.atwola[4].txt
C:\Documents and Settings\Bo\Cookies\bo@tacoda[3].txt
C:\Documents and Settings\Bo\Cookies\bo@at.atwola[1].txt
C:\Documents and Settings\Bo\Cookies\bo@www.investorsinsight[2].txt
C:\Documents and Settings\Bo\Cookies\bo@server.iad.liveperson[4].txt
C:\Documents and Settings\Bo\Cookies\bo@www.uniquetracks[1].txt
C:\Documents and Settings\Bo\Cookies\bo@www.trafficvoodoo[1].txt
C:\Documents and Settings\Bo\Cookies\bo@tracking.foxnews[2].txt
C:\Documents and Settings\Bo\Cookies\bo@1nfoclicks[2].txt
C:\Documents and Settings\Bo\Cookies\bo@247realmedia[2].txt
C:\Documents and Settings\Bo\Cookies\bo@2o7[2].txt
C:\Documents and Settings\Bo\Cookies\bo@ad.wsod[2].txt
C:\Documents and Settings\Bo\Cookies\bo@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Bo\Cookies\bo@adinterax[1].txt
C:\Documents and Settings\Bo\Cookies\bo@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Bo\Cookies\bo@ads.bridgetrack[1].txt
C:\Documents and Settings\Bo\Cookies\bo@ads.nascar[1].txt
C:\Documents and Settings\Bo\Cookies\bo@ads.pointroll[2].txt
C:\Documents and Settings\Bo\Cookies\bo@adserver.globaltravelerusa[1].txt
C:\Documents and Settings\Bo\Cookies\bo@analytics.ientry[2].txt
C:\Documents and Settings\Bo\Cookies\bo@ar.atwola[1].txt
C:\Documents and Settings\Bo\Cookies\bo@ar.atwola[2].txt
C:\Documents and Settings\Bo\Cookies\bo@at.atwola[2].txt
C:\Documents and Settings\Bo\Cookies\bo@atwola[1].txt
C:\Documents and Settings\Bo\Cookies\bo@b377rclicks[2].txt
C:\Documents and Settings\Bo\Cookies\bo@bs.serving-sys[2].txt
C:\Documents and Settings\Bo\Cookies\bo@cdn.at.atwola[1].txt
C:\Documents and Settings\Bo\Cookies\bo@cdn4.specificclick[1].txt
C:\Documents and Settings\Bo\Cookies\bo@click.affinityperks[2].txt
C:\Documents and Settings\Bo\Cookies\bo@click.tigeronline[1].txt
C:\Documents and Settings\Bo\Cookies\bo@collective-media[1].txt
C:\Documents and Settings\Bo\Cookies\bo@cxolyris.cxomedia[2].txt
C:\Documents and Settings\Bo\Cookies\bo@data.adultcentro[1].txt
C:\Documents and Settings\Bo\Cookies\bo@dmtracker[1].txt
C:\Documents and Settings\Bo\Cookies\bo@epictrafficsystems[1].txt
C:\Documents and Settings\Bo\Cookies\bo@iacas.adbureau[2].txt
C:\Documents and Settings\Bo\Cookies\bo@image.nexustracking[1].txt
C:\Documents and Settings\Bo\Cookies\bo@in.getclicky[1].txt
C:\Documents and Settings\Bo\Cookies\bo@interclick[2].txt
C:\Documents and Settings\Bo\Cookies\bo@insightexpressai[2].txt
C:\Documents and Settings\Bo\Cookies\bo@invitemedia[1].txt
C:\Documents and Settings\Bo\Cookies\bo@kontera[1].txt
C:\Documents and Settings\Bo\Cookies\bo@ldproducts.122.2o7[1].txt
C:\Documents and Settings\Bo\Cookies\bo@lfstmedia[1].txt
C:\Documents and Settings\Bo\Cookies\bo@liveperson[1].txt
C:\Documents and Settings\Bo\Cookies\bo@media6degrees[1].txt
C:\Documents and Settings\Bo\Cookies\bo@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Bo\Cookies\bo@naiadsystems[1].txt
C:\Documents and Settings\Bo\Cookies\bo@oasn04.247realmedia[1].txt
C:\Documents and Settings\Bo\Cookies\bo@overture[1].txt
C:\Documents and Settings\Bo\Cookies\bo@pointroll[1].txt
C:\Documents and Settings\Bo\Cookies\bo@perf.overture[1].txt
C:\Documents and Settings\Bo\Cookies\bo@perpetualtrafficformula[2].txt
C:\Documents and Settings\Bo\Cookies\bo@pu34clicks[2].txt
C:\Documents and Settings\Bo\Cookies\bo@questionmarket[1].txt
C:\Documents and Settings\Bo\Cookies\bo@realmedia[1].txt
C:\Documents and Settings\Bo\Cookies\bo@revsci[2].txt
C:\Documents and Settings\Bo\Cookies\bo@richmedia.yahoo[1].txt
C:\Documents and Settings\Bo\Cookies\bo@server.iad.liveperson[3].txt
C:\Documents and Settings\Bo\Cookies\bo@selection.sexy.easy-rencontre[1].txt
C:\Documents and Settings\Bo\Cookies\bo@server.iad.liveperson[1].txt
C:\Documents and Settings\Bo\Cookies\bo@serving-sys[2].txt
C:\Documents and Settings\Bo\Cookies\bo@specificclick[2].txt
C:\Documents and Settings\Bo\Cookies\bo@specificmedia[2].txt
C:\Documents and Settings\Bo\Cookies\bo@stat.onestat[1].txt
C:\Documents and Settings\Bo\Cookies\bo@tacoda[1].txt
C:\Documents and Settings\Bo\Cookies\bo@tacoda[2].txt
C:\Documents and Settings\Bo\Cookies\bo@tracking.dolenutritionnews[2].txt
C:\Documents and Settings\Bo\Cookies\bo@tracking.nesox[1].txt
C:\Documents and Settings\Bo\Cookies\bo@trafficmp[2].txt
C:\Documents and Settings\Bo\Cookies\bo@trafficvoodoo[1].txt
C:\Documents and Settings\Bo\Cookies\bo@tribalfusion[2].txt
C:\Documents and Settings\Bo\Cookies\bo@videoegg.adbureau[2].txt
C:\Documents and Settings\Bo\Cookies\bo@wolf.adbureau[1].txt
C:\Documents and Settings\Bo\Cookies\bo@www.socialtrack[2].txt
C:\Documents and Settings\Bo\Cookies\bo@yieldmanager[1].txt

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\BO\LOCAL SETTINGS\TEMP\1C.TMP\MBR.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000009.EXE
C:\WINDOWS\MBR.EXE
 
Hi,

What program is the installer trying to load ?

Lets see if we can spot anymore bad stuff including the installer.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean





  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
 
Last edited:
The installer is trying to run "SolutionCenter" it does this twice. When I hit cancel the first time, it comes back and tries again.

TFC did not find anything

here is OTL log

OTL logfile created on: 11/10/10 10:42:15 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Bo\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 2038 2238 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 25.83 Gb Free Space | 36.23% Space Free | Partition Type: NTFS
Drive D: | 74.55 Gb Total Space | 32.76 Gb Free Space | 43.95% Space Free | Partition Type: NTFS
Drive R: | 74.50 Gb Total Space | 35.70 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 276.69 Gb Free Space | 29.70% Space Free | Partition Type: NTFS
Drive V: | 465.75 Gb Total Space | 329.04 Gb Free Space | 70.65% Space Free | Partition Type: NTFS

Computer Name: DELLWITHRAID | User Name: Bo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Evernote\Evernote3.5\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SPAMfighter\sfus.exe (SPAMfighter ApS)
PRC - C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Trendnet\USBKVM Switcher\USBKVM.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- C:\Combo-Fix\PEV.cfx File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SPAMfighter Update Service) -- C:\Program Files\SPAMfighter\sfus.exe (SPAMfighter ApS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Bo\LOCALS~1\Temp\catchme.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101026.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101026.002\NAVENG.SYS (Symantec Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (NAVAP) -- C:\Program Files\NavNT\navap.sys ()
DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: dropio@dropio:2.0.1
FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.106602
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={B789E32C-BD71-BC1C-68A5-91BBB6557905}&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/10/03 00:04:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/20 14:16:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/27 18:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 19:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 12:36:16 | 000,000,000 | ---D | M]

[2009/10/19 14:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Extensions
[2008/09/05 20:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/19 14:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/10 01:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions
[2010/04/27 15:05:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/23 20:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/09/23 20:08:50 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/09/23 20:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}-trash
[2010/02/24 11:57:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/30 14:42:05 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/08/18 14:33:20 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/10/27 11:41:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/23 20:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/10/27 11:41:54 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2009/03/09 14:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2010/01/30 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\add-to-searchbox@maltekraus.de
[2010/01/30 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\add-to-searchbox@maltekraus.de-trash
[2009/07/29 02:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\dropio@dropio
[2010/09/07 16:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\firefox1@myibay.com
[2010/07/29 17:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\IncredibleBookmarks@visibotech.com
[2009/08/18 18:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\extensions\smartbookmarksbar@remy.juteau
[2009/08/08 18:33:11 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\searchplugins\community-help-adobe-dreamweaver.xml
[2009/08/18 14:43:34 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\Bo\Application Data\Mozilla\Firefox\Profiles\d18038a5.default\searchplugins\youtube-video-search.xml
[2010/11/10 01:36:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/08 11:52:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/03 18:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010/03/27 18:56:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/09/08 11:51:56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/08 11:51:57 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/03/27 18:56:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/09/08 11:52:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/06/19 14:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/03 00:04:14 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/22 20:36:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/03 00:04:41 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/10/03 00:03:41 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/03/11 17:44:54 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/11 17:44:54 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/11 17:44:54 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/11 17:44:54 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/26 13:30:57 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/26 13:30:59 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2010/03/11 17:44:54 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/24 15:55:11 | 000,015,360 | -HS- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Thumbs.db
[2010/03/11 17:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/11 17:44:54 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/03 11:15:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [AppVodBurner] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Evernote] C:\Program Files\Evernote\Evernote3.5\evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USBKVM Switcher.lnk = C:\Program Files\Trendnet\USBKVM Switcher\USBKVM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Yahoo! Autosync.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Bo\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Bo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwebbooks.com/reader/dbplugin.cab (dnlplayer Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172462097015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.68.118
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - R:\eudora files\EuShlExt.dll (Qualcomm Inc.)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 02:06:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/10 02:05:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bo\Desktop\OTL.exe
[2010/11/10 02:05:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bo\Desktop\TFC(2).exe
[2010/11/10 01:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/10 01:06:15 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/11/07 00:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo\Application Data\SUPERAntiSpyware.com
[2010/11/07 00:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/07 00:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/06 23:59:49 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Bo\Desktop\SUPERAntiSpyware.exe
[2010/11/06 11:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo\Application Data\Malwarebytes
[2010/11/06 11:09:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/06 11:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/06 11:09:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/06 11:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/06 11:03:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bo\Desktop\mbam-setup.exe
[2010/11/05 10:58:23 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bo\Desktop\mbam-setup-1.46.exe
[2010/11/04 17:22:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/03 10:40:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/03 10:40:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/03 10:40:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/03 10:40:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/03 10:38:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/02 00:03:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bo\Desktop\TFC.exe
[2010/11/01 23:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/28 10:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/27 19:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo\Desktop\10-27-10
[2010/10/27 19:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/27 14:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/10/27 14:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/10/27 13:33:42 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bo\Desktop\spybotsd162.exe
[2010/10/26 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bo\Desktop\flags
[2010/10/18 21:22:51 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/10/18 21:22:50 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/10/18 21:22:48 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/10/18 21:22:48 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/10/18 21:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/10/18 21:22:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/10/18 21:22:05 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/10/18 21:22:05 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/10/18 21:22:04 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/10/18 21:22:04 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/10/18 21:22:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/10/18 21:22:02 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/10/18 21:22:02 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/10/18 21:22:01 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/10/18 21:22:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/10/18 21:22:00 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/10/18 21:21:59 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/10/18 21:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/10/18 09:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/10/15 21:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/10/11 13:16:32 | 000,000,000 | ---D | C] -- C:\mp3s
[2006/07/31 09:36:33 | 000,352,256 | ---- | C] (Eccles Enterprises) -- C:\Program Files\Common Files\ParseEngineTest.dll
[2006/07/29 12:04:18 | 000,610,304 | ---- | C] (Eccles Enterprises) -- C:\Program Files\Common Files\ezUpdaterVb6.dll
[2006/04/27 10:09:26 | 000,053,248 | ---- | C] (Eccles Enterprises) -- C:\Program Files\Common Files\cjDebug.dll
[2006/04/27 10:09:06 | 000,032,768 | ---- | C] (Eccles Enterprises) -- C:\Program Files\Common Files\cjErrHandler.dll
[2006/03/29 13:32:42 | 000,118,784 | ---- | C] (HomeSoft) -- C:\Program Files\Common Files\CJTimePicker.ocx
[2005/12/24 13:08:40 | 000,258,048 | ---- | C] (Eccles Enterprises) -- C:\Program Files\Common Files\eDropShadow.ocx

========== Files - Modified Within 30 Days ==========

[2010/11/10 10:27:46 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Bo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2010/11/10 03:00:33 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job
[2010/11/10 02:09:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 02:09:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Bo-Startup.job
[2010/11/10 02:08:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 02:05:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bo\Desktop\OTL.exe
[2010/11/10 02:05:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bo\Desktop\TFC(2).exe
[2010/11/10 01:29:19 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Bo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/09 17:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/11/09 14:56:22 | 001,480,676 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\The Perpetual Traffic Report.pdf
[2010/11/08 14:16:12 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Bo\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/08 06:00:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\ABF OB backup.job
[2010/11/07 20:42:37 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Bo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk
[2010/11/07 14:39:04 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 14:39:04 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 04:25:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/11/07 00:00:38 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/06 23:59:53 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Bo\Desktop\SUPERAntiSpyware.exe
[2010/11/06 23:36:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/06 11:09:52 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/06 11:03:39 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bo\Desktop\mbam-setup.exe
[2010/11/05 21:16:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/05 17:30:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D6T6MX91-Bo).job
[2010/11/05 10:58:24 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bo\Desktop\mbam-setup-1.46.exe
[2010/11/04 17:49:40 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\dds.scr
[2010/11/04 17:22:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/04 04:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/11/04 04:00:21 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Data Collection.job
[2010/11/04 00:22:00 | 000,387,568 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\lenny info.wav
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 15:07:18 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\Bo\My Documents\Default.rdp
[2010/11/03 12:55:10 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Bo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007 (2).lnk
[2010/11/03 11:15:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/03 10:34:14 | 003,901,948 | R--- | M] () -- C:\Documents and Settings\Bo\Desktop\Combo-Fix.exe
[2010/11/02 12:55:19 | 000,016,988 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\Restore Report 03-21-1970 11-29-40AM.html
[2010/11/02 00:22:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/02 00:03:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bo\Desktop\TFC.exe
[2010/10/29 14:39:43 | 000,550,400 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\creativetrademarkworkjeand.xls
[2010/10/29 14:21:33 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\ajammination - stanless steel - Stanley Pleskun.xls
[2010/10/27 19:01:00 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Bo\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/27 19:00:53 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\NTREGOPT.lnk
[2010/10/27 19:00:53 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\ERUNT.lnk
[2010/10/27 13:26:17 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bo\Desktop\spybotsd162.exe
[2010/10/27 12:52:19 | 099,425,928 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\symcdefsx86.exe
[2010/10/26 17:50:47 | 000,298,618 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\famfamfam_flag_icons.zip
[2010/10/24 20:46:09 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bo\Desktop\~$nducting_Trademark_Searches_draft2.doc
[2010/10/24 20:45:56 | 000,582,144 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\Conducting_Trademark_Searches_draft2.doc
[2010/10/24 12:15:08 | 1385,638,628 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\MasterVsafeavi.wmv
[2010/10/23 13:24:29 | 000,109,315 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\hologramphysics.pdf
[2010/10/18 21:22:08 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/10/18 21:19:14 | 001,252,550 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\FLVParser.zip
[2010/10/18 09:40:04 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2010/10/12 22:10:17 | 002,966,268 | ---- | M] () -- C:\Documents and Settings\Bo\Desktop\wordpress-3.0.1.zip
[2010/10/11 11:54:30 | 000,127,752 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

part 2 to follow
 
part 2 of log


========== Files Created - No Company Name ==========

[2010/11/10 01:06:31 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 14:56:15 | 001,480,676 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\The Perpetual Traffic Report.pdf
[2010/11/07 00:00:38 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/06 11:09:52 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/04 17:49:40 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\dds.scr
[2010/11/04 17:47:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/11/04 17:22:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/04 17:22:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/04 00:22:00 | 000,387,568 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\lenny info.wav
[2010/11/03 10:40:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/03 10:40:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/03 10:40:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/03 10:40:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/03 10:34:11 | 003,901,948 | R--- | C] () -- C:\Documents and Settings\Bo\Desktop\Combo-Fix.exe
[2010/11/02 00:21:38 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk.disabled
[2010/11/02 00:21:38 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled
[2010/11/02 00:21:38 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk.disabled
[2010/11/02 00:21:37 | 000,002,163 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled
[2010/11/02 00:21:37 | 000,002,163 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/11/02 00:21:37 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/02 00:21:37 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
[2010/11/02 00:21:37 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2010/11/02 00:21:37 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
[2010/11/02 00:21:37 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/11/02 00:21:37 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Bo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/11/02 00:21:37 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk.disabled
[2010/11/02 00:21:37 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USBKVM Switcher.lnk
[2010/11/02 00:21:37 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Yahoo! Autosync.lnk.disabled
[2010/11/02 00:21:37 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Bo\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/29 14:05:21 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\ajammination - stanless steel - Stanley Pleskun.xls
[2010/10/29 13:53:29 | 000,550,400 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\creativetrademarkworkjeand.xls
[2010/10/27 19:00:53 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\NTREGOPT.lnk
[2010/10/27 19:00:53 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\ERUNT.lnk
[2010/10/27 14:40:26 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/10/27 14:40:26 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/10/27 12:50:13 | 099,425,928 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\symcdefsx86.exe
[2010/10/26 17:50:47 | 000,298,618 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\famfamfam_flag_icons.zip
[2010/10/24 20:46:09 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bo\Desktop\~$nducting_Trademark_Searches_draft2.doc
[2010/10/24 20:45:55 | 000,582,144 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\Conducting_Trademark_Searches_draft2.doc
[2010/10/24 12:26:52 | 1385,638,628 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\MasterVsafeavi.wmv
[2010/10/23 13:24:28 | 000,109,315 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\hologramphysics.pdf
[2010/10/18 21:22:08 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/10/18 21:22:04 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/10/18 21:22:03 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/10/18 21:22:03 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/10/18 21:22:01 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/10/18 21:22:00 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/10/18 21:21:59 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/10/18 21:21:58 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/10/18 21:21:58 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/10/18 21:19:13 | 001,252,550 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\FLVParser.zip
[2010/10/12 22:10:04 | 002,966,268 | ---- | C] () -- C:\Documents and Settings\Bo\Desktop\wordpress-3.0.1.zip
[2010/10/11 11:54:30 | 000,127,752 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/28 15:55:12 | 001,209,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/29 14:17:49 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/05/28 23:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/05/25 01:51:06 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/05/24 00:40:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/06 00:15:55 | 000,003,634 | ---- | C] () -- C:\Documents and Settings\Bo\Application Data\SAS7_000.DAT
[2010/03/26 15:30:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/03/22 15:00:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/01/21 22:28:38 | 000,003,522 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/31 15:52:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PasswordsPlus.INI
[2009/01/30 17:36:23 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C8794DF6A0.sys
[2009/01/30 17:32:58 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/14 17:51:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bo\Local Settings\Application Data\PUTTY.RND
[2008/12/09 15:44:47 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/07/30 18:31:21 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Bo\Application Data\mcs.rma
[2008/07/30 18:31:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Bo\Application Data\618346
[2008/06/30 20:15:03 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\Bo\Application Data\mpdt294
[2008/06/30 20:14:54 | 000,000,258 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2008/03/15 14:07:50 | 004,073,984 | ---- | C] () -- C:\WINDOWS\System32\icvdll32.dll
[2008/03/15 14:07:50 | 000,171,520 | ---- | C] () -- C:\WINDOWS\System32\icvapi.dll
[2008/03/15 14:07:50 | 000,013,376 | ---- | C] () -- C:\WINDOWS\System32\icvdll16.dll
[2007/11/01 00:42:14 | 000,002,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/18 17:10:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Bo\Application Data\dvd.bmk
[2007/07/18 16:59:37 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Bo\Local Settings\Application Data\fusioncache.dat
[2007/06/02 16:11:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ml3050ci.dll
[2007/06/02 16:10:50 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2007/05/31 14:28:20 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/16 15:21:40 | 000,163,920 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2007/04/20 16:09:58 | 000,000,187 | ---- | C] () -- C:\WINDOWS\icsetup.INI
[2007/04/02 18:41:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/04/01 20:26:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/03/22 14:43:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ccsremark.ini
[2007/03/22 14:28:58 | 000,000,208 | ---- | C] () -- C:\WINDOWS\ccsop.ini
[2007/03/15 17:04:37 | 000,011,407 | ---- | C] () -- C:\Documents and Settings\Bo\Application Data\Comma Separated Values (Windows).TSK
[2007/03/15 17:03:30 | 000,037,172 | ---- | C] () -- C:\Documents and Settings\Bo\Application Data\Comma Separated Values (Windows).ADR
[2007/03/14 15:33:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/03/14 15:31:56 | 000,001,102 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/13 22:42:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/03/06 23:35:15 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Bo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/02 12:28:20 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/05/11 13:18:30 | 000,004,093 | ---- | C] () -- C:\Program Files\Common Files\cjpseng.dat
[2006/04/29 08:19:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/29 08:16:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/29 07:43:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/12/22 06:51:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 16:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/04/13 16:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/01/16 16:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2008/05/29 14:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/03/02 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JungleDisk
[2008/06/20 12:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/05/05 21:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/10/27 14:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/03/26 18:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/05/05 21:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/29 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/03/24 00:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/06/23 15:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/06/25 14:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/11/10 03:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/07 05:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/22 13:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/06/20 22:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/01/22 20:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/03/13 22:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\acccore
[2010/02/08 03:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\ACCM Software
[2008/03/23 16:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Auslogics
[2009/07/22 02:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\authorPOINT
[2008/05/12 17:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\AutoSync for Yahoo
[2008/06/30 20:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\BoutellDotCom
[2010/07/21 16:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\CherryPickerLive
[2008/12/21 01:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/30 02:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\DNA
[2010/11/06 11:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\FileZilla
[2007/07/02 14:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Flickr
[2009/02/01 22:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\GetRightToGo
[2010/05/31 16:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\HandBrake
[2007/06/20 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\IBP
[2010/03/02 15:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\JungleDisk
[2007/03/16 14:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Leadertech
[2009/03/27 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/02/17 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\NoteTab Light
[2010/06/22 15:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\ntr
[2010/05/05 21:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Nuance
[2007/04/13 17:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Opera
[2008/05/12 17:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\PushSyncData
[2009/05/31 14:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Safer Networking
[2008/01/23 17:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\SPAMfighter
[2010/07/07 20:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/03/20 16:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Viewpoint
[2009/06/07 23:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Windows Search
[2007/03/16 23:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bo\Application Data\Xanadu Tools
[2010/11/08 06:00:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\Tasks\ABF OB backup.job
[2010/11/04 04:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2010/11/04 04:00:21 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Data Collection.job
[2010/11/10 03:00:33 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job
[2010/11/09 17:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/11/07 04:25:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/11/10 02:09:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Bo-Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >
 
TFC is just a Temp File Cleaner, there is no log , this program is free and yours to keep, run it every week or so to clean out the clutter.

I believe SolutionCenter has to do with your HP Printer, you may want to uninstall it and then use your HP disk to reinstall the software.

You should also uninstall Viewpoint, it borders adware, it installed without your knowledge or consent, its not needed and uses system resources .

How things running now ?
 
there is still a browser window popping up ads in a foxfire screen. AND sometimes a small toolbar popup that says something about ads from "clickscr"

I'll check on the HP removal

again, MANY THANKS for your help... you guys are just awsome!!!!
by the way, how is best to help the cause? Donating to spyware? or something else??
 
actually looks like it says clicksor

and the url it's trying to reach is epoclick
 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top