Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected

Unread postby Carolyn » March 22nd, 2011, 7:48 pm

We still have some work to do here, but let's first download and install Service Pack 2 for XP (SP2 has to be installed before installing SP3).

Please print these instructions so that they will be available to you while the computer is disconnected from the internet.


Please download Service Pack 2 for Windows XP. The download is available HERE. Don't run it yet!

Before installing SP2, please disconnect from the internet and disable Avast. Many experts would advise that you also defrag the hard drive before installing a service pack.

After SP2 is installed, I would like you to reconnect to the internet and run ComboFix again. Remember to make certain that Avast is disabled before running ComboFix. Please allow ComboFix to install the Recovery Console before it scans this time.

Please post the ComboFix log for my review.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Re: Infected

Unread postby hubert » March 23rd, 2011, 5:49 am

Please allow ComboFix to install the Recovery Console before it scans this time.

This option did not appear.

ComboFix 11-03-22.08 - PATRICIA ANDERS 03/23/2011 3:56.4.1 - x86
Running from: c:\documents and settings\PATRICIA ANDERS\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 08:23 . 2011-03-23 08:23 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-03-23 08:12 . 2004-08-04 05:56 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2011-03-23 08:10 . 2011-03-23 08:10 -------- d-----w- c:\windows\ServicePackFiles
2011-03-23 08:05 . 2004-07-17 16:40 19528 ----a-w- c:\windows\002251_.tmp
2011-03-23 08:01 . 2011-03-23 08:01 -------- d-----w- c:\windows\EHome
2011-03-23 07:27 . 2011-03-23 07:27 -------- d-s---w- c:\documents and settings\PATRICIA ANDERS\UserData
2011-03-21 20:02 . 2011-03-21 20:02 -------- d-----w- c:\windows\system32\bits
2011-03-21 14:25 . 2004-08-04 05:56 351232 ----a-w- c:\windows\system32\winhttp.dll
2011-03-21 14:25 . 2004-08-04 05:56 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-03-21 14:25 . 2004-08-04 05:56 438784 ------w- c:\windows\system32\xpob2res.dll
2011-03-21 12:02 . 2011-03-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-03-20 16:08 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-20 16:08 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-20 16:08 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-20 16:08 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-20 16:08 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-20 16:08 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-20 16:08 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:08 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\program files\Alwil Software
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-03-19 18:31 . 2011-03-19 18:31 388096 ----a-r- c:\documents and settings\PATRICIA ANDERS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-19 18:31 . 2011-03-19 18:31 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:57 . 2011-03-18 20:57 -------- d-----w- c:\documents and settings\Administrator
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\PATRICIA ANDERS\Application Data\Malwarebytes
2011-03-18 20:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 20:08 . 2010-12-20 23:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35 . 2011-02-25 20:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HostManager"="c:\program files\Common Files\AOL\1189718484\ee\AOLSoftware.exe" [2006-09-26 50736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-03 00:46 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S1 aswSP;aswSP; [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DCOMLAUNCH
*NewlyCreated* - FLTMGR
*NewlyCreated* - HTTP
.
Contents of the 'Scheduled Tasks' folder
.
2004-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-dla - c:\windows\system32\dla\tfswctrl.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 04:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-03-23 04:31:31
ComboFix-quarantined-files.txt 2011-03-23 09:31
ComboFix2.txt 2011-03-22 00:53
ComboFix3.txt 2011-03-21 19:15
ComboFix4.txt 2011-03-19 23:04
.
Pre-Run: 71,499,321,344 bytes free
Post-Run: 71,590,522,880 bytes free
.
- - End Of File - - DAB3415E92DB5BC6DA59E77BB230B955
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 23rd, 2011, 7:28 am

That looks better...

We need to run a custom script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Killall::

Folder::
c:\documents and settings\All Users\Application Data\Spyware Terminator

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00

DDS::
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please post the following in your next reply:
  • The ComboFix log
  • A fresh set of DDS.txt and Attach.txt logs
  • A description of any problems running the script and the behavior of the computer
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 23rd, 2011, 9:32 am

That looks better...

That is a relief!
No problems running the script. System was super slow after the install of service pack 2. Since running the CFScript and a reboot it seems to be better.

ComboFix 11-03-22.09 - PATRICIA ANDERS 03/23/2011 7:34.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126.4 [GMT -5:00]
Running from: c:\documents and settings\PATRICIA ANDERS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PATRICIA ANDERS\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 08:23 . 2011-03-23 08:23 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-03-23 08:12 . 2004-08-04 05:56 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2011-03-23 08:10 . 2011-03-23 08:10 -------- d-----w- c:\windows\ServicePackFiles
2011-03-23 08:05 . 2004-07-17 16:40 19528 ----a-w- c:\windows\002251_.tmp
2011-03-23 08:01 . 2011-03-23 08:01 -------- d-----w- c:\windows\EHome
2011-03-23 07:27 . 2011-03-23 07:27 -------- d-s---w- c:\documents and settings\PATRICIA ANDERS\UserData
2011-03-21 20:02 . 2011-03-21 20:02 -------- d-----w- c:\windows\system32\bits
2011-03-21 14:25 . 2004-08-04 05:56 351232 ----a-w- c:\windows\system32\winhttp.dll
2011-03-21 14:25 . 2004-08-04 05:56 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-03-21 14:25 . 2004-08-04 05:56 438784 ------w- c:\windows\system32\xpob2res.dll
2011-03-21 12:02 . 2011-03-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-03-20 16:08 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-20 16:08 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-20 16:08 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-20 16:08 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-20 16:08 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-20 16:08 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-20 16:08 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:08 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\program files\Alwil Software
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-03-19 18:31 . 2011-03-19 18:31 388096 ----a-r- c:\documents and settings\PATRICIA ANDERS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-19 18:31 . 2011-03-19 18:31 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:57 . 2011-03-18 20:57 -------- d-----w- c:\documents and settings\Administrator
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\PATRICIA ANDERS\Application Data\Malwarebytes
2011-03-18 20:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 20:08 . 2010-12-20 23:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35 . 2011-02-25 20:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HostManager"="c:\program files\Common Files\AOL\1189718484\ee\AOLSoftware.exe" [2006-09-26 50736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0\0\0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-03 00:46 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S1 aswSP;aswSP; [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2004-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 07:46
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
.
**************************************************************************
.
Completion time: 2011-03-23 07:58:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 12:58
ComboFix2.txt 2011-03-23 09:31
ComboFix3.txt 2011-03-22 00:53
ComboFix4.txt 2011-03-21 19:15
ComboFix5.txt 2011-03-23 12:00
.
Pre-Run: 71,589,548,032 bytes free
Post-Run: 71,689,199,616 bytes free
.
- - End Of File - - 51B4EE921ECDF9300AFB7F3BE5E5BAA3


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PATRICIA ANDERS at 8:05:30.93 on Wed 03/23/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126.27 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\AOL\1189718484\ee\AOLSoftware.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\PATRICIA ANDERS\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HostManager] c:\program files\common files\aol\1189718484\ee\AOLSoftware.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 165584]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
.
=============== Created Last 30 ================
.
2011-03-23 08:23:43 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-03-23 08:12:59 870784 ------w- c:\windows\system32\ati3d1ag.dll
2011-03-23 08:10:06 -------- d-----w- c:\windows\ServicePackFiles
2011-03-23 08:05:57 19528 ----a-w- c:\windows\002251_.tmp
2011-03-23 08:01:56 -------- d-----w- c:\windows\EHome
2011-03-23 07:27:15 -------- d-s---w- c:\documents and settings\patricia anders\UserData
2011-03-21 20:02:12 -------- d-----w- c:\windows\system32\bits
2011-03-21 14:25:09 438784 ------w- c:\windows\system32\xpob2res.dll
2011-03-21 14:25:09 351232 ----a-w- c:\windows\system32\winhttp.dll
2011-03-21 14:25:09 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-03-21 14:25:08 8192 ------w- c:\windows\system32\bitsprx2.dll
2011-03-21 14:25:08 7168 ------w- c:\windows\system32\bitsprx3.dll
2011-03-20 16:08:06 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:07:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-03-19 19:28:54 -------- d-sha-r- C:\cmdcons
2011-03-19 19:21:02 89088 ----a-w- c:\windows\MBR.exe
2011-03-19 19:21:01 98816 ----a-w- c:\windows\sed.exe
2011-03-19 19:21:01 256512 ----a-w- c:\windows\PEV.exe
2011-03-19 19:21:01 161792 ----a-w- c:\windows\SWREG.exe
2011-03-19 18:31:29 388096 ----a-r- c:\docume~1\patric~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-19 18:31:26 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:08:36 -------- d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2011-03-18 20:08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-18 20:08:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 20:08:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
.
============= FINISH: 8:06:44.89 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2004 10:51:47 PM
System Uptime: 3/23/2011 7:42:46 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 66.786 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 2/25/2011 3:32:59 PM - Restore Operation
RP51: 3/3/2011 3:23:20 PM - System Checkpoint
RP52: 3/15/2011 9:37:20 PM - System Checkpoint
RP53: 3/18/2011 3:35:42 PM - System Checkpoint
RP54: 3/19/2011 3:42:52 AM - Removed Java 2 Runtime Environment, SE v1.4.2
RP55: 3/19/2011 12:44:42 PM - Spyware Terminator - restore point
RP56: 3/19/2011 1:31:24 PM - Installed HiJackThis
RP57: 3/20/2011 11:07:42 AM - avast! Free Antivirus Setup
RP58: 3/21/2011 2:36:44 PM - System Checkpoint
RP59: 3/21/2011 3:00:17 PM - Software Distribution Service 3.0
RP60: 3/21/2011 3:01:31 PM - Installed Windows Installer KB893803v2.
RP61: 3/21/2011 3:02:06 PM - Installed Windows XP KB842773.
RP62: 3/22/2011 3:40:47 PM - System Checkpoint
RP63: 3/22/2011 6:38:38 PM - Removed Sonic DLA
RP64: 3/22/2011 6:42:52 PM - Removed Sonic RecordNow!
RP65: 3/22/2011 6:43:30 PM - Removed Sonic Update Manager
RP66: 3/23/2011 3:06:07 AM - Installed Windows XP Service Pack 2.
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
avast! Free Antivirus
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Management Programs
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support
EarthLink Setup Files
Help and Support Customization
HiJackThis
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MUSICMATCH® Jukebox
Update for Windows XP (KB898461)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
3/23/2011 7:34:04 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
3/23/2011 7:34:04 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
3/23/2011 7:34:04 AM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
3/23/2011 7:34:04 AM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
3/23/2011 7:34:04 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2011 7:34:04 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 1:26:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
3/20/2011 9:17:31 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/20/2011 9:17:31 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
3/20/2011 9:17:31 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/20/2011 8:23:36 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
3/19/2011 5:48:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/19/2011 5:12:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/19/2011 4:35:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor sp_rsdrv2
3/19/2011 4:35:21 PM, error: Service Control Manager [7001] - The Spyware Terminator Realtime Shield Service service depends on the Spyware Terminator Driver 2 service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2011 3:28:24 AM, error: Service Control Manager [7000] - The WinTools for IE service service failed to start due to the following error: The system cannot find the file specified.
3/18/2011 3:59:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/18/2011 3:58:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sp_rsdrv2 Tcpip
3/18/2011 3:58:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 3:58:48 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2011 3:58:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 3:58:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 24th, 2011, 7:28 am

Hi hubert,

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

OTC

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You can now delete any tools we used if they remain on your Desktop.

Download and Install SP3
The download is available HERE. Don't run it yet!

Before installing SP3, please disconnect from the internet and disable Avast.

Windows Update
Go to the Windows Update web page, http://windows.microsoft.com/en-US/wind ... ows-update, and install any critical updates that were released after SP3.

Download and Install Internet Explorer 8
The download is available here


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Malwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.


  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article How to prevent Malware by miekiemoes.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 24th, 2011, 10:15 am

Hi Carolyn, and Good Morning! :D

I just want to say, Thank you! Thank you! And another great big "THANK YOU" from the fine folks who's system this belongs to. :love5: You and this site are truly AWESOME!!!! :salute: I could not have cleaned this machine without your guidance. :hiding: And, I will continue to help them keep their OS and programs updated.
But, I do have just one more question. Can you please explain to me the reason for this?
Check all items except items in the C:\System Volume Information folder

Oh, and besides the obvious, what exactly was going on here? :banghead: Sorry, that's 2 questions. ;)

I will be making a donation on behalf of myself and and this most grateful couple. :3some:
You can close this thread after you answer my questions please. :)

Respectfully,
Colleen H :wave:
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby hubert » March 24th, 2011, 3:41 pm

HI Carolyn,
I hate to say this, but since the install of service pack 3, the system has bogged way down and is unresponsive. Could this be because of the Ram? Does it really make that much of a difference? Hoping that's all it is.
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 25th, 2011, 7:14 am

Hi Colleen,

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

If the system is too bogged down to run OTL in Normal mode, then go ahead and run it in Safe mode.
Please post the following:
  • The OTL.txt logfile
  • The Extras.txt logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 25th, 2011, 8:52 am

Hi Carolyn,
I threw in some more ram and that seemed to help quite a bit.

OTL logfile created on: 3/25/2011 8:13:06 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\PATRICIA ANDERS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 53.00% Memory free
536.00 Mb Paging File | 308.00 Mb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 63.69 Gb Free Space | 85.53% Space Free | Partition Type: NTFS

Computer Name: D3ZJQG41 | User Name: PATRICIA ANDERS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 08:12:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\OTL.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/04/20 21:36:39 | 000,850,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB979909-x86.exe
PRC - [2010/02/25 00:14:40 | 000,318,816 | ---- | M] (Microsoft Corporation) -- c:\21c20571c0e0a3794f69\HotFixInstaller.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1189718484\ee\aolsoftware.exe
PRC - [2004/05/27 21:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2004/03/04 11:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe
PRC - [2003/10/07 17:20:18 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
PRC - [2003/08/06 16:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 08:12:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\OTL.exe
MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2003/08/06 16:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys -- (PSI)
DRV - [2004/08/03 23:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 23:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 17:02:34 | 000,017,613 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\ATWPkt2.sys -- (ATWPKT2)
DRV - [2003/05/23 14:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Assistant = http://www.seekseek.com/quicksearch.asp?keyphrase=


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 E5 36 F6 FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/03/24 13:25:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 13:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/24 13:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mozilla\Extensions
[2011/03/24 18:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mozilla\Firefox\Profiles\w0rp1ib6.default\extensions
[2011/03/24 18:08:45 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mozilla\Firefox\Profiles\w0rp1ib6.default\searchplugins\wot-safe-search.xml
[2011/03/24 21:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 21:57:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICIA ANDERS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W0RP1IB6.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICIA ANDERS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W0RP1IB6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICIA ANDERS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\W0RP1IB6.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
[2011/03/24 21:56:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/23 08:44:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189718484\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe (HP)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1361832622-2035837001-3103575040-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://www114.coolsavings.com/download/cscmv5X.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/22 16:51:04 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (a) - File not found
O34 - HKLM BootExecute: (u) - File not found
O34 - HKLM BootExecute: (t) - File not found
O34 - HKLM BootExecute: (o) - File not found
O34 - HKLM BootExecute: (c) - File not found
O34 - HKLM BootExecute: (h) - File not found
O34 - HKLM BootExecute: (e) - File not found
O34 - HKLM BootExecute: (c) - File not found
O34 - HKLM BootExecute: (k) - File not found
O34 - HKLM BootExecute: (a) - File not found
O34 - HKLM BootExecute: (u) - File not found
O34 - HKLM BootExecute: (t) - File not found
O34 - HKLM BootExecute: (o) - File not found
O34 - HKLM BootExecute: (c) - File not found
O34 - HKLM BootExecute: (h) - File not found
O34 - HKLM BootExecute: (k) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 08:11:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\OTL.exe
[2011/03/25 08:05:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/25 07:59:56 | 000,000,000 | ---D | C] -- C:\21c20571c0e0a3794f69
[2011/03/24 21:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/24 21:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/24 21:56:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/24 21:56:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/24 21:56:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/24 21:56:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/24 21:56:56 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/24 21:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/24 21:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/03/24 21:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/24 21:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/24 21:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/03/24 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/03/24 21:41:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/03/24 21:41:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/03/24 21:41:17 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/03/24 21:41:17 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/03/24 21:41:17 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/03/24 21:41:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/03/24 21:41:16 | 000,000,000 | ---D | C] -- C:\b01c81ac47d7c96996
[2011/03/24 21:30:32 | 000,000,000 | ---D | C] -- C:\bf73b5d938a4f08cb256683df793c58e
[2011/03/24 21:30:17 | 000,000,000 | ---D | C] -- C:\8f864ae8d48ce262231ede37bfd686ad
[2011/03/24 20:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/24 20:29:59 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/03/24 20:11:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\PATRICIA ANDERS\PrivacIE
[2011/03/24 19:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Adobe
[2011/03/24 19:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Local Settings\Application Data\Secunia PSI
[2011/03/24 19:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/03/24 19:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/24 19:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/03/24 19:09:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/03/24 19:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/03/24 18:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Downloads
[2011/03/24 17:12:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\PATRICIA ANDERS\IETldCache
[2011/03/24 16:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/03/24 16:22:37 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/03/24 16:22:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/03/24 16:22:36 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/03/24 16:22:35 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/03/24 16:22:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/03/24 16:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/03/24 16:19:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/24 14:01:15 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/03/24 14:00:43 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/03/24 14:00:43 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/03/24 14:00:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/03/24 14:00:04 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/03/24 13:59:18 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/03/24 13:59:10 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/03/24 13:58:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/03/24 13:56:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/03/24 13:54:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/03/24 13:51:22 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/03/24 13:51:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/03/24 13:45:07 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/03/24 13:45:02 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/03/24 13:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Local Settings\Application Data\Mozilla
[2011/03/24 13:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mozilla
[2011/03/24 13:43:37 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/03/24 13:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/24 13:28:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/03/24 13:26:43 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/24 13:25:59 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/24 13:25:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/03/24 13:23:43 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/03/24 13:23:43 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/03/24 13:23:40 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/03/24 13:23:39 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/03/24 13:22:55 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/03/24 13:17:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/03/24 13:17:23 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/03/24 11:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/24 11:26:28 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/03/24 11:26:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2011/03/24 11:26:28 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/03/24 11:26:27 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2011/03/24 11:26:27 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll
[2011/03/24 11:26:26 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2011/03/24 11:26:26 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2011/03/24 11:26:26 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2011/03/24 11:26:26 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/03/24 11:26:26 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/03/24 11:26:25 | 004,886,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2011/03/24 11:26:25 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2011/03/24 11:26:25 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2011/03/24 11:26:25 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2011/03/24 11:26:23 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2011/03/24 11:26:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2011/03/24 11:26:22 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/03/24 11:26:22 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2011/03/24 11:26:22 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/03/24 11:26:22 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2011/03/24 11:26:22 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2011/03/24 11:26:22 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2011/03/24 11:26:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2011/03/24 11:26:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/03/24 11:26:09 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/03/24 11:26:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/03/24 11:26:08 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/03/24 11:26:08 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/03/24 11:26:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/03/24 11:26:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/03/24 11:26:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/03/24 11:26:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/03/24 11:26:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/03/24 11:26:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/03/24 11:26:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/03/24 11:26:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/03/24 11:26:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/03/24 11:26:07 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/03/24 11:26:07 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/03/24 11:26:07 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/03/24 11:26:07 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/03/24 11:26:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/03/24 11:26:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/03/24 11:26:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/03/24 11:26:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/03/24 11:26:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/03/24 11:26:04 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/03/24 11:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/03/24 11:26:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/03/24 11:26:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/03/24 11:26:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/03/24 11:26:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/03/24 11:26:03 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/03/24 11:26:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/03/24 11:26:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/03/24 11:26:02 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2011/03/24 11:26:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/03/24 11:26:01 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/03/24 11:26:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/03/24 11:26:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/03/24 11:26:01 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/03/24 11:26:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/03/24 11:26:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/03/24 11:26:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/03/24 11:26:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/03/24 11:25:59 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2011/03/24 11:25:58 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2011/03/24 11:25:58 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/03/24 11:25:57 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2011/03/24 11:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/03/24 11:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/24 11:25:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/03/24 11:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/24 11:23:09 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2011/03/24 11:23:09 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll
[2011/03/24 11:23:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2011/03/24 11:23:08 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2011/03/24 11:23:08 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2011/03/24 11:23:08 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2011/03/24 11:23:08 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2011/03/24 11:23:08 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2011/03/24 11:23:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2011/03/24 11:23:08 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/03/24 11:23:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2011/03/24 11:23:08 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2011/03/24 11:23:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\laprxy.dll
[2011/03/24 11:23:08 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/03/24 11:23:07 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/03/24 11:23:07 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/03/24 11:23:07 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll
[2011/03/24 11:23:07 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2011/03/24 11:23:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll
[2011/03/24 11:23:07 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/03/24 11:23:07 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll
[2011/03/24 11:23:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2011/03/24 11:23:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/03/24 11:23:06 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMNetmgr.dll
[2011/03/24 11:23:06 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmoe.dll
[2011/03/24 11:23:06 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmod.dll
[2011/03/24 11:23:06 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2011/03/24 11:23:06 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2011/03/24 11:23:06 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2011/03/24 11:23:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2011/03/24 11:23:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/03/24 11:23:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll
[2011/03/24 11:23:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll
[2011/03/24 11:23:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2011/03/24 11:23:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2011/03/24 11:23:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2011/03/24 11:23:05 | 002,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2011/03/24 11:23:05 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2011/03/24 11:23:05 | 000,809,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2011/03/24 11:23:05 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2011/03/24 11:23:05 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2011/03/24 11:23:05 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2011/03/24 11:23:05 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2011/03/24 11:23:05 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2011/03/24 11:23:05 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2011/03/24 11:23:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2011/03/24 11:21:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/03/23 09:26:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/23 08:41:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/23 04:13:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2011/03/23 04:13:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2011/03/23 04:13:05 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/03/23 04:13:05 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/03/23 04:13:05 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/03/23 04:13:05 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/03/23 04:13:05 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/03/23 04:13:05 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/03/23 04:13:05 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/03/23 04:13:04 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/03/23 04:13:04 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/03/23 04:13:04 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/03/23 04:13:04 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/03/23 04:13:04 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/03/23 04:13:04 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/03/23 04:13:04 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/03/23 04:13:04 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/03/23 04:13:04 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/03/23 04:13:04 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/03/23 04:13:04 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/03/23 04:13:04 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/03/23 04:13:04 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/03/23 04:13:04 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/03/23 04:13:04 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/03/23 04:13:03 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/03/23 04:13:03 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/03/23 04:13:03 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/03/23 04:13:03 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/03/23 04:13:03 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/03/23 04:13:03 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/03/23 04:13:03 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/03/23 04:13:03 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/03/23 04:13:03 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/03/23 04:13:03 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/03/23 04:13:03 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/03/23 04:13:03 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/03/23 04:13:03 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/03/23 04:13:02 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/03/23 04:13:02 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/03/23 04:13:01 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/03/23 04:13:01 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/03/23 04:13:01 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/03/23 04:13:01 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/03/23 04:13:01 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/03/23 04:13:01 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/03/23 04:13:01 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/03/23 04:13:00 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/03/23 04:13:00 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/03/23 04:13:00 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/03/23 04:13:00 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/03/23 04:13:00 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/03/23 04:13:00 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/03/23 04:12:59 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/03/23 04:12:59 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/03/23 04:12:59 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/03/23 04:12:59 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/03/23 04:12:59 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/03/23 04:12:59 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/03/23 04:12:59 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/03/23 04:12:59 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/03/23 04:12:59 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/03/23 04:12:59 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/03/23 04:12:59 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/03/23 04:12:59 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/03/23 04:12:58 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/03/23 04:12:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl
[2011/03/23 04:12:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2011/03/23 04:12:58 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2011/03/23 04:12:58 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/03/23 04:12:58 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/03/23 04:12:58 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
[2011/03/23 04:12:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2011/03/23 04:12:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2011/03/23 04:12:58 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/03/23 04:12:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/03/23 04:12:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2011/03/23 04:12:56 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2011/03/23 04:12:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2011/03/23 04:12:56 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/03/23 04:12:56 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2011/03/23 04:12:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2011/03/23 04:12:55 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2011/03/23 04:12:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2011/03/23 04:12:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2011/03/23 04:12:54 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/03/23 04:12:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2011/03/23 04:12:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2011/03/23 04:12:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2011/03/23 04:12:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2011/03/23 04:12:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2011/03/23 04:12:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2011/03/23 04:12:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2011/03/23 04:12:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2011/03/23 04:12:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2011/03/23 04:12:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
[2011/03/23 04:12:52 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/03/23 04:12:52 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
[2011/03/23 04:12:52 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
[2011/03/23 04:12:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
[2011/03/23 04:12:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2011/03/23 04:12:51 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/03/23 04:12:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
[2011/03/23 04:12:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2011/03/23 04:12:50 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/03/23 04:12:50 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/03/23 04:12:50 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2011/03/23 04:12:50 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/03/23 04:12:50 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/03/23 04:12:50 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/03/23 04:12:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2011/03/23 04:12:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/03/23 04:12:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2011/03/23 04:12:49 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
[2011/03/23 04:12:49 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2011/03/23 04:12:48 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
[2011/03/23 04:12:47 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2011/03/23 04:12:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2011/03/23 04:12:45 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/03/23 04:12:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/03/23 04:12:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2011/03/23 04:10:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/03/23 04:02:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/03/23 04:01:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/03/23 03:27:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\PATRICIA ANDERS\UserData
[2011/03/22 16:51:04 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/03/21 16:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/03/21 16:01:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/03/21 10:25:09 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2011/03/21 10:25:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/03/21 10:25:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/03/21 10:25:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/03/21 08:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/03/21 08:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/03/20 12:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/20 12:08:52 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/20 12:08:51 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/20 12:08:50 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/20 12:08:48 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/20 12:08:48 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/20 12:08:48 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/20 12:08:06 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/20 12:08:05 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/20 12:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/03/20 12:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/19 15:28:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/19 15:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/19 15:20:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/19 14:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Start Menu\Programs\HiJackThis
[2011/03/19 14:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/18 16:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Malwarebytes
[2011/03/18 16:08:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/18 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/18 16:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/18 16:08:08 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/18 16:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/18 14:43:25 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2011/03/15 21:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\AOL Saved PFC
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 08:12:58 | 000,502,724 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/03/25 08:12:58 | 000,087,682 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/03/25 08:12:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\OTL.exe
[2011/03/25 07:45:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/03/25 07:45:17 | 400,625,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 07:45:17 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/24 22:01:26 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/03/24 21:55:56 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/24 21:55:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/24 21:55:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/24 21:55:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/24 21:55:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/24 20:17:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/24 19:13:02 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/24 19:09:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\SpywareBlaster.lnk
[2011/03/24 17:14:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/24 13:42:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 13:25:59 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/24 13:00:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 12:03:21 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/24 11:56:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/24 11:20:59 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/03/23 08:44:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/03/23 07:45:12 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\Internet Explorer.lnk
[2011/03/23 04:15:20 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/03/23 04:06:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/03/20 12:08:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/19 14:31:43 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\HiJackThis.lnk
[2011/03/18 16:08:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/15 23:33:01 | 000,000,818 | -H-- | M] () -- C:\IPH.PH
[2011/03/15 23:28:38 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6 Install.lnk
[2011/03/15 21:44:03 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/02/23 11:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 11:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 10:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 21:47:43 | 000,102,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/24 19:13:02 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/24 19:13:01 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/03/24 19:09:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\SpywareBlaster.lnk
[2011/03/24 17:14:15 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Start Menu\Programs\Internet Explorer.lnk
[2011/03/24 13:42:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 13:42:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/24 13:00:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 11:26:26 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/03/24 11:26:26 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/03/24 11:26:26 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/03/24 11:26:26 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/03/24 11:26:26 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/03/24 11:26:26 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/03/24 11:26:26 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/03/24 11:26:26 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/03/24 11:26:25 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/03/24 11:26:25 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/03/24 11:26:25 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/03/24 11:26:25 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/03/24 11:26:25 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/03/24 11:26:25 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/03/24 11:26:25 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/03/24 11:26:25 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/03/24 11:26:25 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/03/24 11:26:25 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/03/24 11:26:25 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/03/24 11:26:24 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/03/24 11:26:24 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/03/24 11:26:24 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/03/24 11:26:24 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/03/24 11:26:24 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/03/24 11:26:24 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/03/24 11:26:24 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/03/24 11:26:24 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/03/24 11:26:24 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/03/24 11:26:24 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/03/24 11:26:24 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/03/24 11:26:24 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/03/24 11:26:24 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/03/24 11:26:24 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/03/24 11:26:24 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/03/24 11:26:24 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/03/24 11:26:24 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/03/24 11:26:24 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/03/24 11:26:24 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/03/24 11:26:24 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/03/24 11:26:23 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/03/24 11:26:23 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/03/24 11:26:23 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/03/24 11:26:23 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/03/24 11:26:23 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/03/24 11:26:23 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/03/24 11:26:23 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/03/24 11:26:23 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/03/24 11:26:23 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/03/24 11:26:23 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/03/24 11:26:23 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/03/24 11:26:23 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/03/24 11:26:23 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/03/24 11:26:23 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/03/24 11:26:23 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/03/24 11:26:23 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/03/24 11:26:23 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/03/24 11:26:23 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/03/24 11:26:23 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/03/24 11:26:23 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/03/24 11:26:23 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/03/24 11:26:23 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/03/24 11:26:23 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/03/24 11:26:23 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/03/24 11:26:23 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/03/24 11:26:22 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/03/24 11:26:22 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/03/24 11:26:22 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/03/24 11:26:22 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/03/24 11:26:22 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/03/24 11:26:21 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/03/24 11:26:21 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/03/24 11:26:21 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/03/24 11:26:21 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/03/24 11:26:21 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/03/24 11:26:21 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/03/24 11:26:21 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/03/24 11:26:21 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/03/24 11:26:21 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/03/24 11:26:21 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/03/24 11:26:21 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/03/24 11:23:08 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/03/24 11:23:07 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/03/24 11:23:07 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/03/23 07:45:12 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\Internet Explorer.lnk
[2011/03/23 04:26:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/23 04:13:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/03/23 04:13:02 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/03/23 04:13:01 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/03/21 15:06:14 | 400,625,664 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/20 12:08:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/19 15:29:20 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2011/03/19 15:28:59 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/03/19 14:31:28 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Desktop\HiJackThis.lnk
[2011/03/18 16:08:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/15 21:44:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/03/04 10:04:34 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.6 Install.lnk
[2011/03/04 10:04:30 | 000,000,818 | -H-- | C] () -- C:\IPH.PH
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/21 16:04:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\PFP110JPR.{PB
[2008/12/21 16:04:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\PFP110JCM.{PB
[2006/07/07 16:34:49 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/10/11 19:03:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo5c.INI
[2004/12/04 18:11:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2004/12/04 18:07:55 | 000,000,085 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/04 18:07:55 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/04 18:07:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\mid.ini
[2004/10/04 20:45:34 | 001,865,736 | ---- | C] () -- C:\WINDOWS\System32\lmd.bin
[2004/08/08 13:46:18 | 000,003,025 | ---- | C] () -- C:\WINDOWS\jawa32vs.bin
[2004/08/08 13:00:44 | 001,404,204 | ---- | C] () -- C:\WINDOWS\jawa32v.bin
[2004/08/08 13:00:44 | 000,106,324 | ---- | C] () -- C:\WINDOWS\jawa32u.bin
[2004/08/08 13:00:44 | 000,034,068 | ---- | C] () -- C:\WINDOWS\jawa32.bin
[2004/08/08 13:00:44 | 000,002,668 | ---- | C] () -- C:\WINDOWS\jawa32.dat
[2004/08/08 13:00:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\jawa32e.bin
[2004/08/03 20:20:09 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\tvmuknwrd.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/09 13:53:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\MSrev21.dll
[2004/05/09 13:52:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2004/05/09 13:47:38 | 001,404,204 | ---- | C] () -- C:\WINDOWS\vurls.bin
[2004/05/09 13:47:38 | 000,160,400 | ---- | C] () -- C:\WINDOWS\mwsvm.bin
[2004/05/09 13:47:38 | 000,106,324 | ---- | C] () -- C:\WINDOWS\urls.bin
[2004/05/09 13:47:38 | 000,002,623 | ---- | C] () -- C:\WINDOWS\mwsvm.dat
[2004/05/09 13:45:00 | 000,229,793 | ---- | C] () -- C:\WINDOWS\twaintec.ini
[2004/05/09 13:40:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SWLAD2.dll
[2004/03/30 21:58:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI
[2004/03/29 21:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI
[2004/03/18 23:57:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/03/18 23:54:17 | 000,000,279 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/03/06 13:44:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/06 13:37:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/06 13:31:55 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/06 13:27:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/06 13:25:34 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini_
[2004/03/06 13:21:27 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/06 13:04:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/06 13:02:06 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/06 13:02:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/06 13:02:06 | 000,087,682 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/06 13:01:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/06 12:47:40 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/04/22 17:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[2003/01/07 23:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 21:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2002/09/03 11:05:08 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

========== Files - Unicode (All) ==========
[2011/03/20 12:49:25 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\?asks) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Тasks
[2011/03/20 12:49:25 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\?asks) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Тasks
[2008/05/06 21:37:18 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\F?nts) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Fоnts
[2008/02/28 16:35:17 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\F?nts) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Fоnts
[2008/02/16 01:13:04 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?icrosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Мicrosoft.NET
[2008/02/10 16:37:39 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?icrosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Мicrosoft.NET
[2008/01/30 16:16:35 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\??stem32) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\ѕуstem32
[2008/01/28 20:37:45 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\??crosoft) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Μіcrosoft
[2008/01/28 20:37:45 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\??stem32) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\ѕуstem32
[2008/01/24 21:41:29 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\??crosoft) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Μіcrosoft
[2007/11/28 17:54:36 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?ymbols) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\ѕymbols
[2007/11/24 12:36:57 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?ymbols) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\ѕymbols
[2007/09/15 13:28:04 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?icrosoft) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Μicrosoft
[2007/09/15 13:28:04 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?icrosoft) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Μicrosoft
[2007/08/15 18:21:48 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\T?sks) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Tаsks
[2007/08/15 18:21:48 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\T?sks) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Tаsks
[2007/07/17 18:00:43 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\?ymantec) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Ѕymantec
[2007/07/17 18:00:43 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\?ymantec) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Ѕymantec
[2007/06/10 19:08:59 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?icrosoft) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Мicrosoft
[2007/06/10 19:08:59 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\?icrosoft) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Мicrosoft
[2007/02/24 19:54:03 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\M?crosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mіcrosoft.NET
[2007/02/24 19:54:03 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\M?crosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mіcrosoft.NET
[2006/11/27 23:50:12 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\?racle) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Оracle
[2006/11/27 23:50:12 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\?racle) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Оracle
[2006/11/18 21:33:40 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\s?stem32) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\sуstem32
[2006/11/18 21:33:40 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\s?stem32) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\sуstem32
[2006/10/14 22:18:56 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\s?mbols) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\sуmbols
[2006/10/14 22:18:56 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\Application Data\s?mbols) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\sуmbols
[2006/05/20 20:10:01 | 000,000,000 | ---D | M](C:\Documents and Settings\PATRICIA ANDERS\My Documents\??crosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Міcrosoft.NET
[2006/05/20 20:10:01 | 000,000,000 | ---D | C](C:\Documents and Settings\PATRICIA ANDERS\My Documents\??crosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\My Documents\Міcrosoft.NET
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\T?sks) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Tаsks
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\s?stem32) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\sуstem32
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\s?mbols) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\sуmbols
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\M?crosoft.NET) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Mіcrosoft.NET
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\?ymantec) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Ѕymantec
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\?racle) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Оracle
(C:\Documents and Settings\PATRICIA ANDERS\Application Data\?asks) -- C:\Documents and Settings\PATRICIA ANDERS\Application Data\Тasks

< End of report >


OTL Extras logfile created on: 3/25/2011 8:13:06 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\PATRICIA ANDERS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 53.00% Memory free
536.00 Mb Paging File | 308.00 Mb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 63.69 Gb Free Space | 85.53% Space Free | Partition Type: NTFS

Computer Name: D3ZJQG41 | User Name: PATRICIA ANDERS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1361832622-2035837001-3103575040-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2011 2:24:32 PM | Computer Name = D3ZJQG41 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 3/21/2011 3:08:00 PM | Computer Name = D3ZJQG41 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "Spooler"
in
the "C:\WINDOWS\System32\winspool.drv" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 3/21/2011 3:08:19 PM | Computer Name = D3ZJQG41 | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 3/22/2011 1:15:02 PM | Computer Name = D3ZJQG41 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/22/2011 1:15:13 PM | Computer Name = D3ZJQG41 | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 3/22/2011 1:24:34 PM | Computer Name = D3ZJQG41 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/22/2011 1:24:47 PM | Computer Name = D3ZJQG41 | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 3/22/2011 7:40:49 PM | Computer Name = D3ZJQG41 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/22/2011 7:41:00 PM | Computer Name = D3ZJQG41 | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 3/24/2011 12:23:15 PM | Computer Name = D3ZJQG41 | Source = MsiInstaller | ID = 11306
Description = Product: Jasc Paint Shop Photo Album -- Error 1306.Another application
has exclusive access to the file C:\Program Files\Jasc Software Inc\Paint Shop
Photo Album\asul.dat. Please shut down all other applications, then click Retry.

[ System Events ]
Error - 3/22/2011 7:42:13 PM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 3/23/2011 2:50:05 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 3/23/2011 8:34:04 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 3/23/2011 8:34:04 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).

Error - 3/23/2011 8:34:04 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/23/2011 8:34:04 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7034
Description = The Fax service terminated unexpectedly. It has done this 1 time(s).

Error - 3/23/2011 8:34:04 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/23/2011 8:34:04 AM | Computer Name = D3ZJQG41 | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/24/2011 9:43:37 PM | Computer Name = D3ZJQG41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 3/24/2011 10:08:28 PM | Computer Name = D3ZJQG41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.


< End of report >
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 25th, 2011, 3:19 pm

Hi,

Securia PSI uses a lot of resources (the online scanning option is sufficient) and SpywareBlaster is no longer considered effective, so lets uninstall both.

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Secunia PSI
SpywareBlaster


==============================

Backup the Registry
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

==============================

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
    
    :files
    C:\Documents and Settings\PATRICIA ANDERS\Local Settings\Application Data\Secunia PSI
    C:\Program Files\Secunia
    C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
    C:\Program Files\SpywareBlaster
    C:\Documents and Settings\PATRICIA ANDERS\Desktop\SpywareBlaster.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
    C:\Documents and Settings\PATRICIA ANDERS\Desktop\SpywareBlaster.lnk
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please post the OTL report and let me know how the computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 25th, 2011, 4:02 pm

Carolyn,

Computer seems fine. Removed programs with no issues.


All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\\"BootExecute"|hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\ /E : value set successfully!
========== FILES ==========
C:\Documents and Settings\PATRICIA ANDERS\Local Settings\Application Data\Secunia PSI folder moved successfully.
C:\Program Files\Secunia\PSI folder moved successfully.
C:\Program Files\Secunia folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster not found.
File\Folder C:\Program Files\SpywareBlaster not found.
File\Folder C:\Documents and Settings\PATRICIA ANDERS\Desktop\SpywareBlaster.lnk not found.
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk not found.
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk not found.
File\Folder C:\Documents and Settings\PATRICIA ANDERS\Desktop\SpywareBlaster.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PATRICIA ANDERS
->Temp folder emptied: 294149955 bytes
->Temporary Internet Files folder emptied: 9197272 bytes
->Java cache emptied: 4743002 bytes
->FireFox cache emptied: 59492737 bytes
->Flash cache emptied: 653 bytes

User: TED ANDERS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 215273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 86339 bytes
RecycleBin emptied: 849 bytes

Total Files Cleaned = 351.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 03252011_154244

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 25th, 2011, 6:26 pm

Hi Colleen

I'm glad the computer is running well.

Cleanup with OTL
  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

hubert wrote:Can you please explain to me the reason for this?
Check all items except items in the C:\System Volume Information folder

Oh, and besides the obvious, what exactly was going on here?


Good questions... :)

The System Volume Information folder is where System Restore Points reside. I am not concerned by infected Restore Points. Should something go wrong during the cleaning process, an infected Restore Point is better than none at all. I prefer not to clean them out of concern that they could be rendered unusable. Once the computer is clean, I have the User create a new, clean Restore Point and delete the old ones, so I see no need to clean them.

As for what was going on, there was a good deal of Adware mucking up the works.

Please let me know if you have any other questions.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 25th, 2011, 7:36 pm

Carolyn,

Once again, Thank you! And thank you for answering my questions. I do appreciate the time you spent with me on this matter.
You can close this thread now as all seems to be well.

Sincerely

Colleen H :wave:
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 27th, 2011, 8:42 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware