Thinkpoint virus Pt 1

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Thinkpoint virus Pt 118th October 2010, 6:10 pm

OTL logfile created on: 10/18/2010 1:59:43 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Ed Mixon\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.66 Gb Total Space | 248.00 Gb Free Space | 84.17% Space Free | Partition Type: NTFS

Computer Name: D18BPP61 | User Name: Ed Mixon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 13:56:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed Mixon\My Documents\Downloads\OTL.com
PRC - [2010/10/18 07:49:22 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/09/17 06:08:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/03 10:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/05/05 10:50:52 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/01/18 13:19:32 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/01/07 17:01:26 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxebcoms.exe
PRC - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/03/04 13:45:36 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CtHelper.exe
PRC - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/19 12:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/19 12:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 12:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2004/09/15 03:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/06/29 13:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 13:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/09/17 12:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 03:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2003/06/03 11:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2010/10/18 13:56:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed Mixon\My Documents\Downloads\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/06/03 11:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/06/03 11:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/18 07:49:22 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/08/27 15:25:22 | 000,488,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/05/05 10:50:52 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2010/01/07 17:01:26 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2009/12/17 13:02:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdauxservice)
SRV - [2009/01/08 10:35:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2004/06/29 13:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/09/19 08:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/09/27 19:12:21 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/21 16:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nvhda32.sys -- (NVHDA)
DRV - [2009/03/04 15:46:56 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP17v2k.sys -- (hap17v2k)
DRV - [2009/03/04 15:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/03/04 15:42:56 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CTERFXFX.sys -- (CTERFXFX)
DRV - [2009/03/04 15:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/03/04 15:42:42 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CTSBLFX.sys -- (CTSBLFX)
DRV - [2009/03/04 15:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/03/04 15:42:30 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CTAUDFX.sys -- (CTAUDFX)
DRV - [2009/03/04 15:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/03/04 15:42:16 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\COMMONFX.sys -- (COMMONFX)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/23 12:36:49 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/29 02:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 17:40:00 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 12:43:00 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/07/13 12:15:00 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 12:13:00 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 12:12:00 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 12:11:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 12:11:00 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 12:09:00 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 19:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/11/12 22:11:00 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/05/16 11:50:00 | 000,072,893 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/05/16 11:50:00 | 000,053,869 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/05/16 11:50:00 | 000,037,883 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/05/16 11:50:00 | 000,025,213 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: facebookfilter@chocolatesoftware.com:2.0.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: guillaume.lecanu@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: tinyurl.addon@fast-chat.co.uk:2.0.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/18 13:18:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/18 13:19:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/02 22:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 06:08:31 | 000,000,000 | ---D | M]

[2009/12/16 16:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Extensions
[2009/12/16 16:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/10/18 13:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions
[2010/04/28 06:13:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/29 06:27:19 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/09/18 08:30:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/29 06:27:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/26 07:54:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/07/27 08:20:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/25 15:13:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/03/22 06:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\anttoolbar@ant.com
[2010/09/24 07:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\facebookfilter@chocolatesoftware.com
[2010/10/06 21:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\guillaume.lecanu@gmail.com
[2010/09/26 15:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\tinyurl.addon@fast-chat.co.uk
[2010/06/04 06:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Mixon\Application Data\Mozilla\Firefox\Profiles\jwwj18po.default\extensions\toolbar@ask.com
[2010/10/18 13:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mafia Bot.lnk = C:\WINDOWS\Installer\{B847DBF3-A6F5-4F9E-B1C5-F5A7C02C9277}\_E775C8FC2526B3FE2E3A38.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe) - C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Ed Mixon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ed Mixon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

Re: Thinkpoint virus Pt 118th October 2010, 6:11 pm

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/18 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Mixon\Local Settings\Application Data\AVG Security Toolbar
[2010/10/18 13:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Mixon\Application Data\AVG10
[2010/10/18 13:19:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/18 13:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/18 13:19:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/18 13:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 13:18:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/18 08:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/13 09:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/10/13 09:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Mixon\My Documents\Anti-Malware
[2010/10/13 06:06:44 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/13 06:06:44 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 06:06:43 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 06:06:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/08 16:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Mixon\Local Settings\Application Data\Opera
[2010/10/08 16:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Mixon\Application Data\Opera
[2010/10/08 16:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/10 12:58:41 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2009/06/09 19:11:20 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2009/05/14 16:27:12 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2009/05/14 16:22:02 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2009/05/14 16:19:52 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2009/05/14 16:18:54 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2009/05/14 16:17:34 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhcp.dll
[2009/05/14 16:16:20 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2009/05/14 16:15:48 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2009/05/14 16:15:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2009/05/14 16:15:36 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2009/03/04 13:46:18 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/18 14:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/18 13:48:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Local Settings\Application Data\prvlcl.dat
[2010/10/18 13:33:04 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2766121098-2238092136-2306616017-1007UA.job
[2010/10/18 13:21:51 | 097,096,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/18 13:20:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2010/10/18 13:19:41 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/18 13:17:39 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mafia Bot.lnk
[2010/10/18 13:17:36 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/18 13:17:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/18 13:17:29 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/18 13:16:53 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/10/18 13:16:53 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/10/18 13:16:53 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/10/18 13:16:53 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/10/18 13:16:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/10/18 13:16:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/10/18 13:16:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/10/18 13:16:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/10/18 09:33:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2766121098-2238092136-2306616017-1007Core.job
[2010/10/18 07:38:20 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe
[2010/10/18 07:38:20 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\39359.bat
[2010/10/17 18:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/15 09:43:48 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Desktop\Microsoft Word (2).lnk
[2010/10/14 05:59:06 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 22:13:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 09:50:58 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/10/13 09:50:58 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/10/12 08:49:55 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/12 08:49:55 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/08 12:15:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/05 22:10:12 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/10/05 22:10:12 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/10/01 18:16:48 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\My Documents\Endearringly Your11.doc
[2010/09/30 20:28:42 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\My Documents\Endearringly Your business card.doc
[2010/09/29 16:16:26 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\My Documents\Endearringly Yours.doc
[2010/09/24 17:44:44 | 001,016,200 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\My Documents\thinkpad x60s manual.pdf
[2010/09/23 15:27:40 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Desktop\Google Chrome.lnk
[2010/09/23 15:27:40 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/22 08:55:41 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\My Documents\1965 Ford Falcon Sedan Delivery.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/18 13:21:51 | 097,096,219 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/18 13:19:41 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/18 07:38:20 | 000,522,240 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe
[2010/10/18 07:38:20 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\39359.bat
[2010/10/13 09:50:58 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/10/13 09:50:58 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/10/08 16:11:34 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/08 16:11:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/08 13:30:57 | 000,002,433 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mafia Bot.lnk
[2010/10/01 18:16:48 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\My Documents\Endearringly Your11.doc
[2010/09/30 20:28:42 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\My Documents\Endearringly Your business card.doc
[2010/09/28 18:39:31 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\My Documents\Endearringly Yours.doc
[2010/09/24 17:44:44 | 001,016,200 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\My Documents\thinkpad x60s manual.pdf
[2010/09/22 08:55:40 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\My Documents\1965 Ford Falcon Sedan Delivery.doc
[2010/02/10 12:58:46 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2010/02/10 12:58:46 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2010/01/11 11:42:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009/12/17 15:25:16 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\SAS7_000.DAT
[2009/12/17 14:18:35 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/12/13 11:13:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Local Settings\Application Data\prvlcl.dat
[2009/12/12 10:18:16 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2009/12/10 10:45:45 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/10 09:45:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/10 09:36:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/10 09:35:39 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/05/22 09:01:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2009/05/22 09:01:14 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2009/05/22 08:59:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2009/05/22 08:59:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2009/05/22 08:59:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2009/05/22 08:58:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2009/05/22 08:58:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2009/05/22 08:58:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2009/05/22 08:58:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2009/05/22 08:57:48 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2009/05/22 08:44:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2009/03/04 14:15:26 | 000,049,697 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/03/04 14:15:24 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/03/04 13:47:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/02/20 10:48:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lxebsmr.dll
[2009/02/20 10:48:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\lxebsm.dll
[2008/03/05 04:55:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2007/08/13 21:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 18:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/01/23 12:39:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/23 12:33:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/23 12:31:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/23 12:29:05 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/23 12:28:47 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/01/23 12:28:28 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/23 11:59:04 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/18 10:04:38 | 000,001,783 | ---- | C] () -- C:\Program Files\Enhancements_Import_1_0.dtd

========== Custom Scans ==========

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/15 13:59:23 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/01/23 12:05:32 | 000,005,738 | RH-- | M] () -- C:\DELL.SDR
[2010/10/18 13:17:29 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 15:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/01/23 12:37:11 | 000,000,759 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/12 16:13:13 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/10/18 13:17:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2005/01/23 12:37:16 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %PROGRAMFILES%*. >
[2010/03/15 14:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\2K Games
[2009/12/15 09:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/07/16 06:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\a-squared Free
[2005/01/23 12:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/28 13:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/12/31 10:52:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/12/10 09:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/06/04 06:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/10/18 08:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/12/31 10:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2005/01/23 12:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/03/15 13:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/08 17:07:59 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/12/21 16:35:00 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/12/17 13:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/01/23 12:30:41 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/12/12 10:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2005/01/23 12:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2009/12/17 12:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\Device Doctor
[2010/03/15 13:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/12/17 12:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\Driver-Soft
[2010/07/26 20:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2009/12/22 17:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/10/18 07:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft Anti-Malware
[2010/02/10 13:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2009/12/15 08:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Final Draft 6
[2009/12/15 09:24:56 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010/03/02 12:20:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/12/17 13:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/13 22:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/31 10:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/12/31 10:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2005/01/23 12:34:11 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/01/27 19:48:52 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/01/23 12:37:07 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/02/10 12:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark
[2010/02/10 12:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Printable Web
[2010/02/10 12:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Pro200-S500 Series
[2010/02/10 12:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2005/01/23 12:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/06/29 14:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\MafiaBots.com
[2010/03/03 14:24:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mass Effect 2
[2009/12/10 09:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/12/12 16:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/01/23 12:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/12/10 10:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/02/24 12:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/12/13 10:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/01/23 12:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/01/23 12:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2005/01/23 12:31:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/01/23 12:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/01/23 12:30:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2005/01/23 12:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2005/01/23 12:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2010/01/01 10:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Moffsoft FreeCalc
[2010/08/12 12:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/18 13:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/12/13 11:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/13 10:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/01/23 11:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/01/23 11:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/12/10 20:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/16 18:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2005/01/23 12:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\MyWaySA
[2009/12/12 16:14:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/12/10 18:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2010/02/28 13:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2005/01/23 11:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/12 08:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/05/12 22:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/08 17:07:58 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2009/12/10 10:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/12/31 10:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/01/23 12:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/12/14 17:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Red Chair Software
[2009/12/13 11:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/15 08:53:46 | 000,000,000 | ---D | M] -- C:\Program Files\Screenplay Systems
[2010/07/28 16:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\Smart PDF Converter
[2009/12/16 18:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\Songbird
[2005/01/23 12:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/22 09:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/12/16 07:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/01/11 11:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2005/01/23 11:58:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/01/23 12:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/12/22 13:01:06 | 000,000,000 | ---D | M] -- C:\Program Files\WildGames
[2009/12/12 16:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/12/12 16:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/01/23 11:58:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/06/29 14:20:16 | 000,000,000 | ---D | M] -- C:\Program Files\Xenocode
[2005/01/23 11:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2005/01/23 12:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name

< %appdata%*.* >
[2010/10/18 07:38:20 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\39359.bat
[2004/08/10 14:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\DESKTOP.INI
[2010/10/18 07:38:20 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe
[2009/12/17 15:25:16 | 000,001,434 | ---- | M] () -- C:\Documents and Settings\Ed Mixon\Application Data\SAS7_000.DAT

< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\I386\DISK.SYS
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\I386\IASTOR.SYS
[2004/06/29 13:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:usbstor.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:usbstor.sys
[2009/12/12 16:11:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\I386\USBSTOR.SYS
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Re: Thinkpoint virus Pt 118th October 2010, 11:12 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mafia Bot.lnk = C:\WINDOWS\Installer\{B847DBF3-A6F5-4F9E-B1C5-F5A7C02C9277}\_E775C8FC2526B3FE2E3A38.exe ()
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe) - C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe ()
[2010/10/18 07:38:20 | 000,522,240 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\hotfix.exe
[2010/10/18 07:38:20 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Ed Mixon\Application Data\39359.bat
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Thinkpoint virus Pt 1 DXwU4