Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Price Verification" Sidebar malware (i can't get rid of it)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Price Verification" Sidebar malware (i can't get rid of it)

Unread postby redrock14 » September 8th, 2010, 12:06 pm

when i'm in FireFox on on amazon.com or other shopping websites a side bar on the left side pops up saying "Price verification searching +20,000 online stores" it has an orange UI with a bear logo. It does not show up in any virus/mal ware scan by adaware, spybot s&d, etc...

Below is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:36 AM, on 9/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
C:\PROGRA~1\Sony\SMARTW~1\Phoenix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Streets & Trips 2009\StreetsOlkShim.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperSnap Toolbar\tbcore3.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prometheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Prometheus\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 1.8\IExifCom.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca17b4e376db50) (gupdate1ca17b4e376db50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SmartWiService - Sony Electronics, Inc - C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 14060 bytes
redrock14
Active Member
 
Posts: 4
Joined: September 8th, 2010, 11:41 am
Advertisement
Register to Remove

Re: "Price Verification" Sidebar malware (i can't get rid of

Unread postby askey127 » September 8th, 2010, 5:08 pm

Hi redrock14,
-----------------------------------------------------------
There are some Issues with infections in relation to PunkBuster:
Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help with the following instructions, but if you so choose, understand there is NO assurance you will be able to do games afterwards.

-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperSnap Toolbar\tbcore3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prometheus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------
Download Antivir Free
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

HitmanPro35
RegistryMechanic

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT(RESTART) Your Machine
-----------------------------------------------
Run, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop, Install the program, Have it update itself, and run a full scan.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Price Verification" Sidebar malware (i can't get rid of

Unread postby redrock14 » September 8th, 2010, 10:38 pm

Avira AntiVir Personal
Report file date: Wednesday, September 08, 2010 20:32

Scanning for 2794161 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Prometheus
Computer name : VALUED-474CCF39

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 19:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 01:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:29:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 02:29:56
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 02:30:21
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 02:30:21
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 02:30:21
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 02:30:22
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 02:30:22
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 02:30:22
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 02:30:23
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 02:30:31
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 02:30:32
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 02:30:33
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 02:30:34
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 02:30:35
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 02:30:36
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 02:30:37
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 02:30:37
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 02:30:38
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 02:30:38
VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 02:30:39
VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 02:30:40
VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 02:30:40
VBASE027.VDF : 7.10.11.75 124928 Bytes 9/3/2010 02:30:41
VBASE028.VDF : 7.10.11.92 137728 Bytes 9/6/2010 02:30:42
VBASE029.VDF : 7.10.11.107 166400 Bytes 9/8/2010 02:30:42
VBASE030.VDF : 7.10.11.108 2048 Bytes 9/8/2010 02:30:43
VBASE031.VDF : 7.10.11.112 20480 Bytes 9/8/2010 02:30:43
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/9/2010 02:31:03
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/9/2010 02:31:02
AESCN.DLL : 8.1.6.1 127347 Bytes 9/9/2010 02:31:00
AESBX.DLL : 8.1.3.1 254324 Bytes 9/9/2010 02:31:03
AERDL.DLL : 8.1.8.2 614772 Bytes 9/9/2010 02:31:00
AEPACK.DLL : 8.2.3.5 471412 Bytes 9/9/2010 02:30:57
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/9/2010 02:30:55
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/9/2010 02:30:54
AEHELP.DLL : 8.1.13.3 242038 Bytes 9/9/2010 02:30:47
AEGEN.DLL : 8.1.3.20 397684 Bytes 9/9/2010 02:30:47
AEEMU.DLL : 8.1.2.0 393588 Bytes 9/9/2010 02:30:46
AECORE.DLL : 8.1.16.2 192887 Bytes 9/9/2010 02:30:45
AEBB.DLL : 8.1.1.0 53618 Bytes 9/9/2010 02:30:45
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 19:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 19:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 19:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 21:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Wednesday, September 08, 2010 20:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'StreetsOlkShim.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'mswinext.exe' - '1' Module(s) have been scanned
Scan process 'SCServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Phoenix.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'SmartWi.exe' - '1' Module(s) have been scanned
Scan process 'g2mlauncher.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Apntex.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'g2mcomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'g2mstart.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'psqltray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'WCULauncher.exe' - '1' Module(s) have been scanned
Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'SmartWiService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '2344' files ).



End of the scan: Wednesday, September 08, 2010 20:32
Used time: 00:30 Minute(s)

The scan has been done completely.

0 Scanned directories
3409 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3409 Files not concerned
7 Archives were scanned
0 Warnings
0 Notes

Let me know what you think? thx
redrock14
Active Member
 
Posts: 4
Joined: September 8th, 2010, 11:41 am

Re: "Price Verification" Sidebar malware (i can't get rid of

Unread postby askey127 » September 9th, 2010, 6:49 am

redrock14,
Good so far.
That first entry you removed with HiJackThis may have been causing some of your trouble.

You do need to keep Antivir on there so your machine doesn't become infected with common viruses.

It's important for the Health of your machine you don't ever use any Registry Optimizer or Registry Cleaner
At best they don't really provide any improvement; at worst they can make your machine unbootable.

Let's have a look at some details in the rest of the machine.
---------------------------------------------
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it.
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box.
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Price Verification" Sidebar malware (i can't get rid of

Unread postby redrock14 » September 9th, 2010, 2:36 pm

I haven't seen any more sidebars but i ran the OTL scan below. thx for your help!


OTL logfile created on: 9/9/2010 12:33:50 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Prometheus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.23 Gb Total Space | 9.39 Gb Free Space | 7.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-474CCF39
Current User Name: Prometheus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 12:31:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prometheus\Desktop\OTL.exe
PRC - [2010/09/08 10:18:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/24 14:38:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/07/24 14:38:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/07/24 14:38:15 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/07/09 19:26:44 | 000,090,112 | ---- | M] (Sony Electronics Corporation) -- C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
PRC - [2008/07/09 15:04:02 | 000,712,704 | ---- | M] (Sony Electronics Corporation) -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2008/07/07 17:24:04 | 000,110,592 | ---- | M] (Sony Electronics, Inc) -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
PRC - [2008/06/16 19:21:36 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/06/16 19:21:15 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/06/12 13:54:57 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/21 09:57:23 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/05/21 09:57:23 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/05/21 09:57:22 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2008/05/15 18:31:00 | 000,315,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/04/30 20:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 20:27:12 | 001,347,584 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/04/30 20:20:38 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/04/30 20:11:20 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/04/30 20:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 20:04:42 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/03/25 13:53:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/06 14:39:12 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/09/26 18:05:02 | 000,524,367 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Sony\SmartWi Connection Utility\Phoenix.exe
PRC - [2007/06/05 23:46:52 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2007/02/05 12:22:08 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 12:31:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prometheus\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/12/06 11:54:44 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/15 14:32:49 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/07/07 17:24:04 | 000,110,592 | ---- | M] (Sony Electronics, Inc) [Auto | Running] -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe -- (SmartWiService)
SRV - [2008/06/16 19:21:36 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/06/16 19:21:15 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008/04/30 20:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 20:20:38 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/04/30 20:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/25 13:53:46 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PROMET~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/15 14:32:54 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/06 11:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/09/08 21:58:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/08/25 19:52:46 | 004,742,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 19:27:48 | 006,551,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/12 13:55:09 | 006,018,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/21 14:03:47 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/05/21 09:57:23 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/19 12:21:48 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2008/05/16 13:51:10 | 000,072,448 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U875.sys -- (5U875UVC)
DRV - [2008/05/16 13:26:52 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/05/16 13:13:04 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/05/16 13:07:11 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/05/16 12:46:19 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/05/16 12:46:19 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/05/16 12:46:19 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/09 13:07:57 | 000,022,560 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2008/05/06 00:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/05/01 13:09:34 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2008/04/28 07:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/20 13:32:24 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/03/10 18:21:28 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/10 18:21:27 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/03/10 18:21:27 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/03/10 18:21:27 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/03/10 18:21:27 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/03/10 18:21:26 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/11/05 19:55:14 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/09/17 16:16:46 | 000,066,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/09/05 17:24:00 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/08/16 11:28:40 | 000,047,120 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/11/07 10:32:32 | 000,196,096 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWVNdis.sys -- (NWVNDIS)
DRV - [2006/11/07 10:32:32 | 000,166,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/11/07 10:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2006/11/07 10:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2006/11/07 10:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/08/17 16:56:52 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2000/12/05 17:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://online.wsj.com/home/us"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/08/25 11:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/25 11:28:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 10:18:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 10:18:17 | 000,000,000 | ---D | M]

[2010/04/13 15:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Extensions
[2010/04/13 15:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2010/09/09 07:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Firefox\Profiles\bkpoco85.default\extensions
[2010/05/11 16:41:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Firefox\Profiles\bkpoco85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/11 14:16:40 | 000,000,000 | ---D | M] (HyperSnap Toolbar) -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Firefox\Profiles\bkpoco85.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2009/03/24 10:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Firefox\Profiles\bkpoco85.default\extensions\moveplayer@movenetworks.com
[2010/08/25 19:44:03 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Mozilla\Firefox\Profiles\bkpoco85.default\searchplugins\bing.xml
[2010/09/09 07:07:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 15:24:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 19:54:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/19 03:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 03:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/24 16:57:27 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Prometheus\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Prometheus\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 1.8\IExifCom.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: etrade.com ([us] https in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Prometheus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Prometheus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/24 16:18:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a47d984-a5ba-11df-8eb8-00215d7046a2}\Shell - "" = AutoRun
O33 - MountPoints2\{5a47d984-a5ba-11df-8eb8-00215d7046a2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9172cb8-2d39-11df-aff6-00215d7046a2}\Shell\AutoRun\command - "" = I:\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 12:31:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prometheus\Desktop\OTL.exe
[2010/09/08 20:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Application Data\Avira
[2010/09/08 20:27:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/08 20:27:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/08 20:27:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/08 20:27:58 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/08 20:27:57 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/08 20:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/08 20:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/09/02 23:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/02 23:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/02 23:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/02 16:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Desktop\Unused Desktop Shortcuts
[2010/08/26 20:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Desktop\iPhone Pics
[2010/08/25 11:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Application Data\Canon
[2010/08/25 11:31:39 | 000,389,180 | ---- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL
[2010/08/25 11:31:39 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2010/08/25 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/08/25 11:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/08/25 11:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/25 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/08/22 23:14:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Prometheus\My Documents\My Dropbox
[2010/08/22 23:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Application Data\Dropbox
[2010/08/21 08:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\My Documents\Cliff Hike
[2010/08/17 23:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\WMA-MP3.com
[2010/08/12 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips 2009
[2010/08/12 21:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/08/11 22:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\My Documents\VholdR Videos
[2010/08/11 22:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\Easy Edit Software
[2010/07/16 12:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/15 20:50:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Prometheus\IECompatCache
[2010/07/15 20:49:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Prometheus\PrivacIE
[2010/07/15 17:00:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Prometheus\IETldCache
[2010/07/15 16:53:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/15 16:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/07/15 16:23:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/15 16:18:57 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/15 16:18:57 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/15 16:18:57 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/07/15 16:17:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/15 09:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2010/07/13 22:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\nyksfmwdn
[2010/07/13 15:40:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/13 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/13 14:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/13 14:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Application Data\Malwarebytes
[2010/07/13 14:32:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/13 14:32:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/13 14:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 14:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/13 13:54:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/13 13:50:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/13 13:50:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/13 13:50:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/13 13:50:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/13 13:50:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/13 13:50:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/13 13:49:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/13 08:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Desktop\SL Examples
[2010/07/12 22:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\hwqdmkxpw
[2010/07/09 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/09 07:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/08 18:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 18:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/08 17:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/07/08 17:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/07/08 14:19:41 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/08 14:19:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/08 14:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\Sunbelt Software
[2010/07/08 14:15:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/08 14:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/08 14:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/08 14:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 10:59:24 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/07/08 10:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/07/07 21:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 21:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/17 13:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[42 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/09 12:31:57 | 000,078,056 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Weston Cost Breakdown 2March10 working copy.xlsx
[2010/09/09 12:31:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prometheus\Desktop\OTL.exe
[2010/09/09 12:20:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-758190093-4228296445-146539222-1008UA.job
[2010/09/09 11:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/09 11:20:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-758190093-4228296445-146539222-1008Core.job
[2010/09/09 10:59:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/09 10:45:40 | 000,095,033 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Builder Fusion Select Health Comparison 09-08-10.pdf
[2010/09/09 07:05:00 | 000,563,887 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\TBA_FUSION PUBLISHING CONTRACT.pdf
[2010/09/08 20:43:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/08 20:42:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/08 20:42:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 20:42:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 20:42:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 20:42:23 | 3148,759,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 20:41:51 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Prometheus\NTUSER.DAT
[2010/09/08 20:41:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Prometheus\ntuser.ini
[2010/09/08 20:26:08 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\avira_antivir_personal_en.exe
[2010/09/07 20:40:19 | 000,049,011 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\2010-11_seasonpass-agreement.pdf
[2010/09/06 22:12:11 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/05 19:43:10 | 000,243,562 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\IBS LaLinda Design.pdf
[2010/09/05 07:41:28 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/04 23:26:02 | 000,011,309 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Siding and Rooding Quantities.xlsx
[2010/09/04 14:50:03 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Diet Tracking 30 Aug 10.xls
[2010/09/04 13:33:25 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 16:18:35 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\follow up list-1.xls
[2010/09/02 13:33:55 | 000,065,356 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\https___stmts.chase.com_Stmt2.pdf
[2010/09/02 12:05:04 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\EOC 2010 Leads.xls
[2010/09/02 12:01:14 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Parade of Homes App Market List.xls
[2010/08/30 18:47:12 | 000,081,045 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\Kari's Lenovo Order.pdf
[2010/08/30 11:12:00 | 000,798,720 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\BF Cash budget Jan-Dec 10.xls
[2010/08/29 20:26:45 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\Diet Tracking.xls
[2010/08/29 13:17:05 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2009.lnk
[2010/08/29 13:16:38 | 008,393,216 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\CURRENT.est
[2010/08/28 17:12:14 | 000,083,075 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Kari's Sony VAIO Receipt.pdf
[2010/08/25 13:10:36 | 000,018,073 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010/08/24 18:00:00 | 004,119,577 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\eco venetian.pdf
[2010/08/24 12:10:23 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Exibitor List.xls
[2010/08/23 19:50:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/23 10:28:12 | 000,259,072 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\HBA of Greater Tulsa Contract and Invoice (rev 082310a).doc
[2010/08/22 23:14:26 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Prometheus\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/19 21:47:46 | 000,001,635 | ---- | M] () -- C:\WINDOWS\option.dat
[2010/08/19 17:14:00 | 000,406,884 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Anchor_Highland_CM134v6[1].pdf
[2010/08/17 12:10:12 | 000,158,697 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\WCG_PriceList.pdf
[2010/08/13 09:53:51 | 000,058,294 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\Questar Gas Payment.pdf
[2010/08/11 13:09:52 | 000,391,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 13:09:01 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Copy of AR report 8 11 10.xls
[2010/08/11 12:41:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 12:40:28 | 000,606,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 12:40:28 | 000,515,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 12:40:28 | 000,098,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 10:26:32 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\Kohler Additional Order.xls
[2010/08/05 20:19:29 | 003,023,620 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\FM21-76_SurvivalManual.pdf
[2010/07/25 22:55:21 | 000,428,949 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\GCSR_maps.pdf
[2010/07/24 16:57:27 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 12:47:34 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/07/15 20:15:03 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/15 16:46:40 | 000,000,356 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/07/15 16:24:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Enalujoxumugeya.bin
[2010/07/15 16:24:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rjuvi.dat
[2010/07/15 16:20:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/15 16:16:38 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/15 16:16:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/15 16:16:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/15 16:16:33 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/15 16:16:02 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/15 16:16:02 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/15 16:15:54 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/15 16:14:52 | 000,023,444 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/15 16:13:02 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010/07/15 16:12:45 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/07/15 16:05:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/13 19:51:05 | 000,643,058 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/07/13 14:50:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/10 17:08:21 | 000,083,086 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\Alpine School Year.pdf
[2010/07/08 16:30:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2010/07/08 16:30:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/07/08 14:19:34 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/08 14:14:55 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/06 11:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 11:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/15 11:50:34 | 000,077,602 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\iPhone 4 receipt.pdf
[2010/06/15 07:55:03 | 001,656,832 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\BFSalesPowerPointJuly09.ppt
[2010/06/13 09:19:19 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Prometheus\My Documents\2 Nephi 31.doc
[42 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/09 10:45:45 | 000,095,033 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Builder Fusion Select Health Comparison 09-08-10.pdf
[2010/09/09 07:05:00 | 000,563,887 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\TBA_FUSION PUBLISHING CONTRACT.pdf
[2010/09/08 20:23:40 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\avira_antivir_personal_en.exe
[2010/09/07 20:40:19 | 000,049,011 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\2010-11_seasonpass-agreement.pdf
[2010/09/05 19:43:10 | 000,243,562 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\IBS LaLinda Design.pdf
[2010/09/04 15:04:58 | 000,011,309 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Siding and Rooding Quantities.xlsx
[2010/09/02 13:33:55 | 000,065,356 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\https___stmts.chase.com_Stmt2.pdf
[2010/09/02 12:01:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Parade of Homes App Market List.xls
[2010/08/30 18:47:11 | 000,081,045 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\Kari's Lenovo Order.pdf
[2010/08/30 11:12:00 | 000,798,720 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\BF Cash budget Jan-Dec 10.xls
[2010/08/29 20:27:05 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Diet Tracking 30 Aug 10.xls
[2010/08/29 20:26:45 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\Diet Tracking.xls
[2010/08/28 17:12:13 | 000,083,075 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Kari's Sony VAIO Receipt.pdf
[2010/08/25 11:37:06 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/08/25 11:31:39 | 000,393,225 | ---- | C] () -- C:\WINDOWS\System32\CNQ1209F.PLG
[2010/08/25 11:31:39 | 000,393,225 | ---- | C] () -- C:\WINDOWS\System32\CNQ1209B.PLG
[2010/08/25 11:31:39 | 000,393,225 | ---- | C] () -- C:\WINDOWS\System32\CNQ12091.PLG
[2010/08/24 18:00:00 | 004,119,577 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\eco venetian.pdf
[2010/08/24 12:10:23 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Exibitor List.xls
[2010/08/23 10:28:11 | 000,259,072 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\HBA of Greater Tulsa Contract and Invoice (rev 082310a).doc
[2010/08/22 23:14:26 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Prometheus\Start Menu\Programs\Startup\Dropbox.lnk
[2010/08/19 17:14:00 | 000,406,884 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Anchor_Highland_CM134v6[1].pdf
[2010/08/17 12:10:12 | 000,158,697 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\WCG_PriceList.pdf
[2010/08/13 09:53:44 | 000,058,294 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\Questar Gas Payment.pdf
[2010/08/12 21:29:42 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2009.lnk
[2010/08/11 13:09:01 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Copy of AR report 8 11 10.xls
[2010/08/08 22:28:13 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\Kohler Additional Order.xls
[2010/08/08 22:26:11 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Prometheus\Desktop\EOC 2010 Leads.xls
[2010/08/05 21:24:25 | 003,023,620 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\FM21-76_SurvivalManual.pdf
[2010/07/26 10:51:56 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/25 22:55:21 | 000,428,949 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\GCSR_maps.pdf
[2010/07/16 12:47:34 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2010/07/15 16:46:40 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/07/15 16:22:51 | 3148,759,040 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/15 16:19:34 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/15 16:18:51 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/15 16:18:51 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/15 16:18:50 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/15 16:18:16 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/15 16:18:15 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/15 16:18:09 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/15 16:18:08 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/15 16:18:07 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/15 16:17:54 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/15 16:17:49 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/15 16:17:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/07/15 16:17:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/15 16:17:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/15 16:17:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/15 16:17:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/15 16:17:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/15 16:17:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/15 16:17:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/15 16:17:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/15 16:17:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/15 16:17:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/15 16:17:21 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/15 16:17:21 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/15 16:17:21 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/15 16:17:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/15 16:17:20 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/15 16:17:20 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/15 16:17:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/15 16:17:19 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/15 16:17:19 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/15 16:17:19 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/15 16:17:19 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/15 16:17:19 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/15 16:17:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/15 16:17:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/15 16:17:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/15 16:17:17 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/15 16:17:17 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/15 16:17:17 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/15 16:17:17 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/15 16:17:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/15 16:17:16 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/15 16:16:02 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/15 16:15:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/15 16:04:43 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/07/15 16:04:43 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/07/15 16:04:43 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/07/15 16:04:43 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/07/15 16:04:43 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/07/15 16:04:43 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/07/15 16:04:43 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/15 16:04:43 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/15 16:04:42 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/07/15 16:04:42 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/15 16:04:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/15 16:04:42 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/15 16:04:42 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/07/15 16:04:42 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/07/15 16:04:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/15 16:04:42 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/07/15 16:04:42 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/07/15 16:04:41 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/07/15 16:04:41 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/07/13 14:50:28 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/13 13:54:12 | 000,000,213 | -HS- | C] () -- C:\Boot.bak
[2010/07/13 13:54:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/13 13:50:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/13 13:50:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/13 13:50:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/13 13:50:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/13 13:50:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/12 22:31:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rjuvi.dat
[2010/07/12 22:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Enalujoxumugeya.bin
[2010/07/10 17:08:21 | 000,083,086 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\Alpine School Year.pdf
[2010/07/09 07:15:45 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/08 18:09:00 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/08 16:30:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2010/07/08 16:30:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/07/08 14:20:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/08 14:14:55 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/30 21:14:45 | 000,666,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/15 11:50:33 | 000,077,602 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\iPhone 4 receipt.pdf
[2010/06/13 09:19:19 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Prometheus\My Documents\2 Nephi 31.doc
[2010/06/04 14:56:59 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Hewlett-PackardHP Officejet 5600 series1252703931_UI.log
[2010/06/04 14:56:59 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Hewlett-PackardHP Officejet 5600 series1252703931_PROTOCOL.log
[2010/06/04 14:56:59 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Hewlett-PackardHP Officejet 5600 series1252703931_API.log
[2010/06/04 14:56:59 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/04/21 23:24:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\lZJoYI4Nl0eqQ3j+wCKUIry3uRhdsn5SdheWTZPOlw==.trl
[2009/10/28 12:48:51 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/28 12:48:51 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\PnkBstrK.sys
[2009/09/14 10:51:07 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2009/09/14 10:51:07 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/09/14 10:51:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2009/09/14 10:50:42 | 000,002,936 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\PatchUpdate_InstantShareJPG.log
[2009/09/14 10:50:42 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/09/14 10:50:21 | 000,003,750 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\PatchUpdate_IZClosingDiscError.log
[2009/09/14 10:50:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/09/14 10:50:06 | 000,002,141 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\HPSU_48BitScanUpdate.log
[2009/09/14 10:50:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/09/14 10:48:24 | 000,160,903 | ---- | C] () -- C:\Documents and Settings\Prometheus\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/09/14 10:48:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/21 14:43:37 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/04 19:14:19 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/02/04 17:40:00 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/04 16:18:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/04 15:49:25 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Prometheus\Local Settings\Application Data\fusioncache.dat
[2008/07/24 19:59:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/24 19:09:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2008/07/24 18:49:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/07/24 18:49:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/07/24 18:49:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/07/24 18:49:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/07/24 18:49:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/07/24 18:49:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/24 16:48:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008/07/24 16:24:03 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/07/24 16:07:52 | 000,000,764 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/13 23:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/12/06 11:55:12 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/10/18 18:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/10/18 15:47:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 13:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/02/26 12:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/12/02 01:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/09 07:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/02/17 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2010/08/25 11:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pixela
[2010/03/24 10:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/05 07:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/24 18:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/04/06 22:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/16 10:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/07 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/08 14:15:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/09/09 15:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/22 14:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Amazon
[2009/06/16 07:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Autodesk
[2009/11/10 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Blitware
[2010/08/25 13:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Canon
[2009/02/04 19:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\deskPDF
[2010/09/08 20:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Dropbox
[2009/02/07 11:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\InterVideo
[2009/05/03 00:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\OpenOffice.org
[2010/04/13 15:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Scendix Software
[2010/05/11 14:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Toolbar4
[2009/02/20 13:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Windows Desktop Search
[2009/02/22 23:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Windows Search
[2010/04/21 21:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Xilisoft
[2009/02/07 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prometheus\Application Data\Xilisoft Corporation
[2010/09/08 20:43:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/11/10 17:39:48 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/08 20:42:21 | 000,020,156 | ---- | M] () -- C:\aaw7boot.log
[2010/03/13 17:02:12 | 000,222,485 | ---- | M] () -- C:\acadminidump.dmp
[2008/07/24 16:18:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/04 15:49:14 | 000,000,213 | -HS- | M] () -- C:\Boot.bak
[2010/07/15 16:13:02 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/13 14:05:28 | 000,033,142 | ---- | M] () -- C:\ComboFix.txt
[2008/07/24 16:18:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/17 16:50:08 | 000,000,050 | ---- | M] () -- C:\DVDPATH.TXT
[2010/09/08 20:42:23 | 3148,759,040 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/24 16:18:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/24 16:18:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/08 20:42:21 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/06/16 07:27:13 | 000,002,606 | ---- | M] () -- C:\PlotandPublishLog.CSV
[2009/02/04 19:46:57 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/07/15 16:28:02 | 000,000,365 | ---- | M] () -- C:\rkill.log
[2009/02/04 19:49:40 | 000,000,087 | ---- | M] () -- C:\setup.log
[2010/07/09 07:25:45 | 000,043,648 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_07.25.39_log.txt
[2010/07/09 07:34:12 | 000,042,472 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_07.33.58_log.txt
[2010/07/09 16:33:00 | 000,042,472 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_16.32.54_log.txt
[2010/07/10 15:25:24 | 000,042,472 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_10.07.2010_15.25.16_log.txt
[2010/07/10 17:18:20 | 000,042,472 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_10.07.2010_17.18.14_log.txt
[2010/07/10 21:27:22 | 000,042,472 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_10.07.2010_21.27.17_log.txt
[2010/07/12 22:33:40 | 000,042,472 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_12.07.2010_22.33.34_log.txt
[2010/07/13 09:52:27 | 000,002,426 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_13.07.2010_09.52.26_log.txt
[2010/07/13 09:59:13 | 000,003,068 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_13.07.2010_09.59.13_log.txt
[2010/07/13 10:10:28 | 000,003,068 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_13.07.2010_10.10.27_log.txt
[2010/07/13 10:15:42 | 000,001,560 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_13.07.2010_10.15.42_log.txt
[2010/07/24 17:00:17 | 000,041,606 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_24.07.2010_17.00.13_log.txt
[2010/07/25 22:35:42 | 000,041,146 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_25.07.2010_22.35.37_log.txt
[2010/07/24 16:47:42 | 000,044,512 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_24.07.2010_16.47.24_log.txt
[2010/07/24 16:59:16 | 000,044,758 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_24.07.2010_16.59.02_log.txt
[2009/02/07 11:52:24 | 000,000,648 | ---- | M] () -- C:\temp.txt
[2009/10/14 18:32:35 | 000,000,409 | ---- | M] () -- C:\WSC_PROFILE.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2010/07/15 16:16:17 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/07/15 10:02:26 | 000,339,968 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/13 15:51:19 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/07/15 10:02:26 | 044,273,664 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/15 10:02:26 | 007,340,032 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/15 16:16:39 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/22 07:33:34 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/07/24 16:23:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Prometheus\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/08 20:26:08 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Prometheus\Desktop\avira_antivir_personal_en.exe
[2010/09/09 12:31:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prometheus\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 18:41:26

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7
< End of report >
redrock14
Active Member
 
Posts: 4
Joined: September 8th, 2010, 11:41 am

Re: "Price Verification" Sidebar malware (i can't get rid of

Unread postby askey127 » September 10th, 2010, 8:35 am

redrock14,
About this:
Drive C: | 119.23 Gb Total Space | 9.39 Gb Free Space | 7.88% Space Free | Partition Type: NTFS

Windows needs 15% of the drive free to run properly.
You need to remove some files by burning them to CD/DVD, transferring to another storage device, and/or just deleting them.
If you have a large music or photo collection stored on there, consider trimming it down or storing some of the collection elsewhere.

Let's take a look at the complete list of installed programs. There may be some help there:
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Price Verification" Sidebar malware (i can't get rid of

Unread postby askey127 » September 13th, 2010, 12:54 pm

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware