Malwarebytes and HiJackThis both crash and return permissions errors...

Hello.

Please download inherit.exe

Download it to your Desktop, but do not run it just yet.

Now open a new notepad file.
Input this into the notepad file:

@echo off
"inherit.exe" "C:\Program Files\AlphaAnt\alpha.exe"
"inherit.exe" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"inherit.exe" "C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe"
"inherit.exe" "C:\WINDOWS\System32\cngaudit.dll"
"inherit.exe" "C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll "
"inherit.exe" "C:\Windows\System32\mrt.exe"
"inherit.exe" "C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe "
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Now try running MBAM again, this malware is capable of messing around with files and locked them so we can't use them, but the above fix unlocks it.

it allowed me to restart malwarebytes again, but it still crashed after about 6 seconds this time...

and then it is back to the error again.

Hello

We need to run the tool with the following command to fix some malware related changes.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your
desktop. Please open it with notepad and post the contents here.

Ok. It's to big to post again so here is the rapidshare address.

http://rapidshare.com/files/419649351/Win32kDiag.txt

Okay, re-run the bat script again, then try running Combofix.

It's still doing the same thing with combofix as before...

Okay, try MBAM now.

Its still the same as well. I tried MBAM right afterwords just to see.

Did you re-do this script?

http://www.GeekPolice.net/virus-spyware-malware-removal-f11/malwarebytes-and-hijackthis-both-crash-and-return-permissions-errors-t23720-15.htm#159542

yes

Okay please re-run LockSearch and post the new log.

At least got the whole log for it this time

LockSearch by jpshortstuff (05.11.09.1)
Log created at 15:45 on 17/09/2010 (matt)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-------------------------


C:\Users\matt\Desktop\OTL.exe
-------------------------


C:\WINDOWS\System32\cngaudit.dll
-------------------------
C:\Windows\System32\cngaudit.dll [Unable to get md5 : 1998120061 bytes]
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [7F15B4953378C8B5161D65C26D5FED4D : 11776 bytes]

-=E.O.F=-

and just to be for sure, I ran the fix.bat again a third time to check malwarebytes and its like once I try and run it it re locks it up....

Okay, lets try it this way.

Right click Inherit.exe, select Copy.

Now using Windows Explorer (Windows Key + E), locate this folder:
C:\Program Files\Malwarebytes' Anti-Malware

Enter the folder, right click anywhere, select Paste.

That should put a copy of Inherit.exe into the MBAM folder. Now drag and drop mbam.exe onto inherit.exe.

---

Now with the copy of inherit.exe that is still on the Desktop, drag and drop OTL.exe onto inherit.exe.

Does MBAM work now?

No. It opened like last time, but it still just closes after 6 seconds and then it returns the permissions error again.

Hmm, please re-run Win32kDiag and post the new log.

K. here is that again.
_________________________________________________________

Running from: C:\Users\matt\Desktop\Win32kDiag.exe

Log file at : C:\Users\matt\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 04:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[1] 2006-11-02 04:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\mrt.exe

[1] 2010-09-10 14:34:30 35552200 C:\Windows\System32\mrt.exe ()

[1] 2008-01-20 21:24:53 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)





Finished!

Hmm, can you extract/use The Avenger?

I'll try again

It still says it's invalid.

I'm not sure if I may just be doing something wrong or if vista just doesn't like it.

Hello.
Delete that copy of the Avenger and re-download it, now try it again, do you get the same error?

yeah. I still get the same error with it.

Can you run OTL now?

Here is the OTL log. Didn't get the extras log again.

--------------------------------------------------------------------------------------------------

OTL logfile created on: 9/23/2010 8:19:23 AM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 94.99 Gb Free Space | 54.42% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.39 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAWN-PC
Current User Name: matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2010/06/25 23:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/09/27 00:06:55 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/12 06:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/04 04:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 06:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 00:16:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [calc] C:\Windows\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.6.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 15:11:13 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/17 11:06:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010/09/16 13:07:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010/09/16 12:06:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 08:56:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/10 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/09 09:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/09 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Macromedia
[2010/09/09 03:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/09/09 03:08:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/09/09 03:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/09/08 10:14:18 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/09/08 10:14:17 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/08 10:14:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/09/08 10:14:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/09/08 10:13:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/08 09:45:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/09/08 09:45:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/09/08 09:45:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/09/08 09:45:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/09/08 09:45:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/09/08 09:45:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/09/08 09:45:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/09/08 09:45:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/09/08 09:45:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/09/08 09:45:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/09/08 09:45:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/09/08 09:45:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/09/08 09:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/09/08 09:45:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/09/08 09:45:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/09/08 09:44:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/09/08 09:44:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/08 09:44:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/09/08 09:43:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/09/08 09:43:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/09/08 09:43:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/08 09:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/08 09:42:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/09/08 09:42:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/09/01 15:11:57 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2010/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Verizon Wireless
[2010/08/30 17:05:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Anatomy
[2010/08/30 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\WildTangent
[2010/08/28 00:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Apple
[2010/08/27 16:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/27 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\CyberLink
[2010/08/26 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Yahoo!
[2010/08/26 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Youcam
[2010/08/26 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Hewlett-Packard
[2010/08/26 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\little league matt
[2010/08/26 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Hewlett-Packard
[2010/08/26 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Adobe
[2010/08/26 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\HP
[2010/08/26 21:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\QuickPlay
[2010/08/26 21:29:23 | 000,000,000 | R--D | C] -- C:\Users\matt\Searches
[2010/08/26 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Identities
[2010/08/26 21:29:10 | 000,000,000 | R--D | C] -- C:\Users\matt\Contacts
[2010/08/26 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\VirtualStore
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Temporary Internet Files
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Templates
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Start Menu
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\SendTo
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Recent
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\PrintHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\NetHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Videos
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Pictures
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Music
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\My Documents
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Local Settings
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\History
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Cookies
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Application Data
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Application Data
[2010/08/26 21:29:01 | 000,000,000 | --SD | C] -- C:\Users\matt\AppData\Roaming\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Videos
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Saved Games
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Pictures
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Music
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Links
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Favorites
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Downloads
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Documents
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Desktop
[2010/08/26 21:29:01 | 000,000,000 | -H-D | C] -- C:\Users\matt\AppData
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Temp
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft Help
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Media Center Programs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/23 08:23:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/23 08:23:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FC831C4-4D0E-4D5A-BA3D-44268E92C10E}.job
[2010/09/23 08:23:19 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/09/23 08:23:05 | 000,000,190 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/23 08:19:38 | 001,048,576 | -HS- | M] () -- C:\Users\matt\ntuser.dat
[2010/09/23 08:18:51 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/23 08:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/21 16:19:49 | 000,677,998 | ---- | M] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/21 09:45:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 09:45:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 09:44:33 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AlphaAnt.job
[2010/09/21 09:44:30 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/21 09:44:30 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/21 09:44:30 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/21 09:43:57 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/21 09:43:36 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/21 03:20:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/21 03:19:47 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2010/09/21 03:19:44 | 3152,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/21 03:17:08 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/21 03:17:08 | 000,065,536 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/17 15:11:43 | 000,002,521 | ---- | M] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/17 11:28:00 | 000,032,653 | ---- | M] () -- C:\Users\matt\Desktop\LockSearch.exe
[2010/09/17 11:07:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 03:17:42 | 002,057,727 | -H-- | M] () -- C:\Users\matt\AppData\Local\IconCache.db
[2010/09/16 13:07:27 | 003,845,883 | ---- | M] () -- C:\Users\matt\Desktop\svchost.exe
[2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 09:22:32 | 000,939,956 | ---- | M] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 09:19:55 | 003,266,369 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 08:54:02 | 000,047,616 | ---- | M] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 14:34:30 | 035,552,200 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2010/09/09 09:24:10 | 000,085,504 | ---- | M] () -- C:\Users\matt\Desktop\Inherit.exe
[2010/09/09 03:31:29 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/03 12:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 12:51:40 | 000,065,536 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | M] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 17:06:05 | 000,002,627 | ---- | M] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/27 16:48:01 | 000,000,813 | -HS- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | M] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:30:01 | 000,077,136 | ---- | M] () -- C:\Users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/26 21:29:03 | 000,000,020 | -HS- | M] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 16:19:47 | 000,677,998 | ---- | C] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/17 13:02:11 | 000,085,504 | ---- | C] () -- C:\Users\matt\Desktop\Inherit.exe
[2010/09/17 11:28:00 | 000,032,653 | ---- | C] () -- C:\Users\matt\Desktop\LockSearch.exe
[2010/09/16 13:07:27 | 003,845,883 | ---- | C] () -- C:\Users\matt\Desktop\svchost.exe
[2010/09/16 09:22:28 | 000,939,956 | ---- | C] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 08:47:22 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/13 08:54:01 | 000,047,616 | ---- | C] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 08:56:38 | 000,002,521 | ---- | C] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 08:29:30 | 000,065,536 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 08:58:14 | 3152,932,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 15:09:38 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | C] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:51:11 | 000,002,627 | ---- | C] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\QSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\DSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\AtStart.txt
[2010/08/26 21:29:03 | 000,000,020 | -HS- | C] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 21:29:02 | 000,262,144 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG1
[2010/08/26 21:29:02 | 000,065,536 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/26 21:29:02 | 000,000,000 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG2
[2010/08/26 21:29:01 | 001,048,576 | -HS- | C] () -- C:\Users\matt\ntuser.dat
[2010/08/26 21:29:01 | 000,000,934 | ---- | C] () -- C:\Users\matt\Desktop\Cyberlink YouCam.lnk
[2010/08/26 21:29:01 | 000,000,258 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/26 21:29:01 | 000,000,240 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/03/11 22:28:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/21 23:30:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/21 17:44:08 | 000,534,528 | ---- | C] () -- C:\Windows\System32\ExplorerImages.dll
[2009/11/21 03:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/09/23 23:45:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 11:23:04 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/18 11:23:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/28 16:23:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 21:38:18 | 000,002,493 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >

Guess I will just wipe the hard drive and tell them to start over.