Hijacked browser and recurring fake AVs

Hi, my browsers have been hijacked for many moons. I can Google OK, but when I click the links it redirects thru mx1, icityfind, get-search-results, taxinga, etc. I ran Hijack This and thought I got a bunch of junk out, but it still redirects. I have to cut and paste the URL from the properties of the hits to navigate anywhere. :sad:

I also have been getting recurring fake AV trojans galore. Rootkit, and every new version. Latest one was so bad I had to run Loaris from safe mode. Could not even run it from startup folder.

I run XP on the machine, and I use it for my magicjack and other stuff. nothing is really critical except the magicjack and being able to browse and print office docs.

I think one of the kids downloads music--possible P2P, so if you see any of that, please let me know. I'm starting to set the browser to high security to prevent having to constantly chase down trojans--just to keep my phone working.

Can't seem to include my OTL logs in the post. Do I need to break them into little bits? Will try, but may be a lot of parts to this...
Thanks in advance for any help you may render.

OTL logfile created on: 12/16/2010 5:26:14 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jeff and Ingrid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.52 Gb Total Space | 13.86 Gb Free Space | 18.85% Space Free | Partition Type: NTFS
Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.78% Space Free | Partition Type: FAT32

Computer Name: YOUR-E358B65523 | User Name: Jeff and Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- f:\autorun.exe
PRC - [2010/12/16 17:24:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff and Ingrid\Desktop\OTL.com
PRC - [2010/12/03 07:39:14 | 022,283,664 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\magicJack.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/11 06:47:06 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
PRC - [2009/05/11 06:47:04 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe
PRC - [2008/05/16 10:33:10 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdwcoms.exe
PRC - [2008/05/16 10:32:56 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdwserv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2006/10/26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2005/06/23 18:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 18:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 18:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 08:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 08:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/16 17:24:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff and Ingrid\Desktop\OTL.com
MOD - [2010/11/11 20:07:50 | 000,051,712 | -H-- | M] () -- C:\WINDOWS\system32\forcices.dll
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/28 14:48:05 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/16 10:33:10 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdwcoms.exe -- (lxdw_device)
SRV - [2008/05/16 10:32:56 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/06/23 18:27:30 | 000,124,608 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 18:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 18:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 08:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 08:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 08:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/05/09 12:55:07 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/04/22 11:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\P17.sys -- (P17)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/12/13 04:00:00 | 001,360,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101213.003\navex15.sys -- (NAVEX15)
DRV - [2010/12/13 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101213.003\naveng.sys -- (NAVENG)
DRV - [2010/08/17 10:46:13 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/09 23:00:06 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/09 04:30:52 | 000,096,896 | R--- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ES1969.sys -- (es1969) ESS ES1946_1938 Audio Driver (WDM)
DRV - [2007/12/16 21:47:52 | 000,139,904 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500USB.SYS -- (u2kg54)
DRV - [2007/12/16 21:46:54 | 000,009,600 | ---- | M] (BUFFALO INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\BUFADPT.SYS -- (BUFADPT)
DRV - [2007/12/16 21:46:35 | 000,003,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BFAIFILT.SYS -- (BFAIFILT)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 20:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 20:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2005/05/13 18:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 11:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/04/22 11:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 19:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 19:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2000/09/15 17:24:16 | 000,122,256 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STV673.SYS -- (STV673)
DRV - [1998/06/30 21:15:58 | 000,048,648 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\DTC328X.SYS -- (DTC328X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{9CDED4A2-6469-4EA0-8E3D-16FF75923354}: C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\{9CDED4A2-6469-4EA0-8E3D-16FF75923354} [2010/11/30 15:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/08/17 10:41:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{054D2F8D-6E0E-4684-9D9F-C4899A1BC9B2}: C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\{054D2F8D-6E0E-4684-9D9F-C4899A1BC9B2} [2010/11/30 15:35:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/11/29 22:31:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/12/16 17:21:53 | 000,000,000 | ---D | M]

[2010/06/17 19:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Mozilla\Extensions
[2010/06/17 19:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Mozilla\Extensions\songbird@songbirdnest.com

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files\D-Link Toolbar\dlinktb.dll File not found
O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\magicJack.lnk = C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\magicJackLoader.exe (magicJack L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Anark Client 4.0 ActiveX Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 13:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{4a225244-7a74-11df-9a76-001111dd4b27}\Shell - "" = Autorun
O33 - MountPoints2\{4a225244-7a74-11df-9a76-001111dd4b27}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5044eab8-e856-11de-9a44-000d0b9f5f8a}\Shell\AutoRun\command - "" = J:\WDSetup.exe -- File not found
O33 - MountPoints2\{5d5e44c3-13e4-11da-804b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d5e44c3-13e4-11da-804b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{784dfc4d-85f6-11df-9a88-001111dd4b27}\Shell - "" = Autorun
O33 - MountPoints2\{784dfc4d-85f6-11df-9a88-001111dd4b27}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{7aa1377f-31b5-11dc-991c-001111dd4b27}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa1377f-31b5-11dc-991c-001111dd4b27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7aa1377f-31b5-11dc-991c-001111dd4b27}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: convdctr - (C:\WINDOWS\system32\forcices.dll) - C:\WINDOWS\system32\forcices.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "Nero BackItUp Scheduler 4.0"
MsConfig - Services: "UTSCSI"
MsConfig - Services: "SupportSoft RemoteAssist"
MsConfig - Services: "PrismXL"
MsConfig - Services: "wscsvc"
MsConfig - Services: "SavRoam"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk - C:\PROGRA~1\BUFFALO\CLIENT~1\CLIENT~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^setup.exe - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Jeff and Ingrid^Start Menu^Programs^Startup^magicJack.lnk - C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\magicJackLoader.exe - (magicJack L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: doubleTwist - hkey= - key= - C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe (doubleTwist Corporation)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Lexmark 7600 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 7600 Series\fm3032.exe ()
MsConfig - StartUpReg: Load - hkey= - key= - C:\DOCUME~1\JEFFAN~1\LOCALS~1\Temp\dwm.exe File not found
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: masqform.exe - hkey= - key= - C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge Solutions Inc.)
MsConfig - StartUpReg: Mozilla Quick Launch - hkey= - key= - C:\Program Files\Netscape\Netscape\Netscp.exe (Mozilla, Netscape)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PhilipsSongbirdLauncher - hkey= - key= - C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
MsConfig - StartUpReg: Qkefirujiqig - hkey= - key= - C:\WINDOWS\mfobuv.DLL (Acronis)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: svchost - hkey= - key= - C:\Documents and Settings\Jeff and Ingrid\Application Data\Microsoft\svchost.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Thowec - hkey= - key= - C:\WINDOWS\awohunicapa.DLL (Lenovo Group Limited)
MsConfig - StartUpReg: WebCamRT.exe - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - PureEdge Viewer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: msvideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\vvlcodec.dll (Vision)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65034330371522560)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 17:24:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff and Ingrid\Desktop\OTL.com
[2010/12/16 17:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\Temp
[2010/12/16 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/12/16 17:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/12/16 17:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/12/16 17:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/12/16 17:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/16 17:11:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/16 17:11:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/16 17:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/16 17:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/14 08:14:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/13 22:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lFpFc06301
[2010/12/07 16:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\My Documents\french project
[2010/11/30 15:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\{054D2F8D-6E0E-4684-9D9F-C4899A1BC9B2}
[2010/11/30 15:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\{9CDED4A2-6469-4EA0-8E3D-16FF75923354}
[2010/11/22 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\ConduitEngine
[2010/11/22 21:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/22 21:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2010/11/22 21:06:31 | 000,000,000 | ---D | C] -- C:\extensions
[2010/11/22 18:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\{9CDED4A2-6469-4EA0-8E3D-16FF75923354}(2)
[2010/11/18 07:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Desktop\fixya pics
[2010/11/17 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Security Essentials 2011
[2010/03/31 18:58:31 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDWhcp.dll
[2010/03/31 18:58:30 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1.dll
[2010/03/31 18:58:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa.dll
[2010/03/31 18:58:30 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc.dll
[2010/03/31 18:58:29 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv.dll
[2010/03/31 18:58:29 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwpmui.dll
[2010/03/31 18:58:29 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm.dll
[2010/03/31 18:58:27 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwhbn3.dll
[2010/03/31 18:58:26 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc.dll
[2010/03/31 18:58:26 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomm.dll
[2009/05/23 17:36:52 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/08/23 11:32:04 | 000,823,296 | ---- | C] (Frontcode Technologies) -- C:\Program Files\winmx353.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/16 17:30:04 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/12/16 17:24:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff and Ingrid\Desktop\OTL.com
[2010/12/16 17:14:57 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/12/16 17:14:57 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/16 17:11:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/16 17:11:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/16 17:11:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/16 17:11:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/16 17:11:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 21:35:17 | 001,134,731 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\SCAN0002.JPG
[2010/12/15 21:08:45 | 000,113,748 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\wanda.docx
[2010/12/15 17:09:28 | 000,000,494 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jeff and Ingrid.job
[2010/12/15 07:43:18 | 000,001,058 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Desktop\magicJack.lnk
[2010/12/15 07:39:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/15 07:27:41 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Desktop\Shortcut to HijackThis.lnk
[2010/12/14 08:29:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iweduvak.dll
[2010/12/14 08:20:11 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/14 05:21:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/14 00:54:53 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010/12/07 22:44:19 | 014,282,858 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\La Chronologie de Thanksgiving.pptx
[2010/12/01 21:54:45 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\wklnhst.dat
[2010/11/30 16:19:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/22 16:08:56 | 000,554,912 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\Order Confirmation Williams-Sonoma2.mht
[2010/11/18 07:50:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/18 06:42:08 | 000,433,550 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\New URS App.mht
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/16 17:14:57 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/12/16 17:14:57 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/15 21:35:17 | 001,134,731 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\SCAN0002.JPG
[2010/12/15 21:08:45 | 000,113,748 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\wanda.docx
[2010/12/15 07:27:41 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\Desktop\Shortcut to HijackThis.lnk
[2010/12/14 08:29:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iweduvak.dll
[2010/12/14 05:21:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/13 23:11:46 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010/12/13 13:20:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Loaris Trojan Remover.lnk
[2010/12/07 22:44:05 | 014,282,858 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\La Chronologie de Thanksgiving.pptx
[2010/11/22 18:39:59 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\All Users\lxdw.log
[2010/11/22 18:39:37 | 000,163,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/22 16:08:48 | 000,554,912 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\Order Confirmation Williams-Sonoma2.mht
[2010/11/18 06:42:02 | 000,433,550 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\My Documents\New URS App.mht
[2010/11/11 20:07:50 | 000,051,712 | -H-- | C] () -- C:\WINDOWS\System32\forcices.dll
[2010/07/20 08:09:12 | 000,024,566 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\ReplayMusicLog.log
[2010/07/18 19:14:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avunaviq.dll
[2010/07/18 17:12:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxohehate.dll
[2010/07/18 15:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ugafiruj.dll
[2010/07/18 14:11:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eturiqowaqifihu.dll
[2010/07/18 12:09:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abidevibeb.dll
[2010/07/18 10:07:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\idamijigokimaki.dll
[2010/07/18 08:05:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uyagakusa.dll
[2010/07/18 06:03:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvimerujomurara.dll
[2010/07/18 04:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iwizuxec.dll
[2010/07/18 01:59:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofehadeh.dll
[2010/07/17 23:57:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agotaduxotoyeful.dll
[2010/07/17 21:55:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umigepuk.dll
[2010/07/17 19:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oqebudaxubig.dll
[2010/07/17 17:51:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ocakakadi.dll
[2010/07/17 15:49:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujojinures.dll
[2010/07/17 13:47:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulinixig.dll
[2010/07/17 11:45:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anedusiboqu.dll
[2010/07/17 10:12:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikozuferosuloro.dll
[2010/07/17 08:10:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irowiwifa.dll
[2010/07/17 06:09:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avulufiwuzozawu.dll
[2010/07/17 04:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekivuxege.dll
[2010/07/17 02:04:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apiticabaqey.dll
[2010/07/17 00:02:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iwemakig.dll
[2010/07/16 22:01:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axucemucorojewu.dll
[2010/07/16 21:53:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezecorojewu.dll
[2010/07/16 19:50:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozoxasuxomod.dll
[2010/07/16 17:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozovozer.dll
[2010/07/16 15:47:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odajehok.dll
[2010/07/16 13:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asuqiwuh.dll
[2010/07/16 11:53:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oqojefiqa.dll
[2010/07/16 09:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikukebic.dll
[2010/07/16 07:50:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evicufotizici.dll
[2010/07/16 05:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecoxizodul.dll
[2010/07/16 03:46:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emevolupufaxawir.dll
[2010/07/16 01:44:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emekevadaz.dll
[2010/07/15 23:42:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alotazal.dll
[2010/07/15 21:40:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ilimiforawumi.dll
[2010/07/15 19:38:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijazowem.dll
[2010/07/15 17:36:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogaduraya.dll
[2010/07/15 15:34:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahixumugeya.dll
[2010/07/15 13:32:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etanulamolim.dll
[2010/07/15 11:30:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxabizebuf.dll
[2010/07/15 09:28:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvizuzeqijiwawan.dll
[2010/07/15 07:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozirisohah.dll
[2010/07/15 05:24:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\omacoroj.dll
[2010/07/15 03:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okugowelijosi.dll
[2010/07/15 01:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asibofepohe.dll
[2010/07/14 23:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uciyewiducena.dll
[2010/07/14 21:16:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awoqaluxoc.dll
[2010/07/14 19:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uhetubal.dll
[2010/07/14 17:12:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijehalafunaner.dll
[2010/07/14 15:10:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ixitilesolasiwit.dll
[2010/07/14 13:08:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxoxuwib.dll
[2010/07/14 11:06:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elepexom.dll
[2010/07/14 09:04:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\orikurub.dll
[2010/07/14 07:02:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irowuxiq.dll
[2010/07/14 05:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eyawazuc.dll
[2010/07/14 02:58:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayelulinet.dll
[2010/07/14 00:56:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufipilidarex.dll
[2010/07/13 22:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avakavupil.dll
[2010/07/13 20:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azasafox.dll
[2010/07/13 18:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adumememememe.dll
[2010/07/13 16:48:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufeziwawazu.dll
[2010/07/13 14:46:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\umawumifo.dll
[2010/07/13 12:44:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ilomovumax.dll
[2010/07/13 10:42:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awenosob.dll
[2010/07/13 08:40:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abewizut.dll
[2010/07/13 06:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekiyesubasebiwey.dll
[2010/07/13 04:36:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\igohefonulohu.dll
[2010/07/13 02:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\opecewek.dll
[2010/07/13 00:32:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozequfunaviqe.dll
[2010/07/12 22:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufebimuduti.dll
[2010/07/12 20:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akekolak.dll
[2010/07/12 18:26:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\omalazexiz.dll
[2010/07/12 16:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olinevifohah.dll
[2010/07/12 14:22:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anaholuracanar.dll
[2010/07/12 12:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iwarowigesifefe.dll
[2010/07/12 10:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enelifasufoli.dll
[2010/07/12 08:16:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irujeboy.dll
[2010/07/12 06:14:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihivumeg.dll
[2010/07/12 04:12:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okukawasaxoveseb.dll
[2010/07/12 02:10:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udozayahejozu.dll
[2010/07/12 00:08:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ehiwoniqivuxege.dll
[2010/07/11 22:06:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujijivanoqiqur.dll
[2010/07/11 21:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efufahinal.dll
[2010/07/11 19:20:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\unozoqocefuw.dll
[2010/07/11 17:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oqarivikikikodu.dll
[2010/07/11 15:16:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icebozer.dll
[2010/07/11 13:14:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etatecuxisetaco.dll
[2010/07/11 12:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivahemofivu.dll
[2010/07/11 11:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enerilupav.dll
[2010/07/11 10:35:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojusiqasoqegepa.dll
[2010/07/11 08:33:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyiherafiqejiv.dll
[2010/07/11 06:32:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odobacag.dll
[2010/07/11 04:30:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiyojiyedoh.dll
[2010/07/11 02:28:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewetucigenoguq.dll
[2010/07/11 00:26:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apisocacezaf.dll
[2010/07/10 22:24:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owonusij.dll
[2010/07/10 20:22:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aguwisucejalafoq.dll
[2010/07/10 18:20:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\idinuqucadotex.dll
[2010/07/10 16:18:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezasudevibebaxix.dll
[2010/07/10 14:16:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxekukak.dll
[2010/07/10 13:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aboheseheguc.dll
[2010/07/10 11:50:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apajijohapuh.dll
[2010/07/10 09:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivavakadevipeji.dll
[2010/07/10 08:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\opimowem.dll
[2010/07/10 06:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otuzuferosuloro.dll
[2010/07/10 04:05:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uyawiwifa.dll
[2010/07/10 02:03:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecumelum.dll
[2010/07/10 00:01:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efunazobesitefes.dll
[2010/07/09 21:59:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvubulam.dll
[2010/07/09 19:57:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\omacucen.dll
[2010/07/09 17:55:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uyopowij.dll
[2010/07/09 15:53:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogonotij.dll
[2010/07/09 13:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ixoganid.dll
[2010/07/03 15:27:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/14 16:39:14 | 000,001,180 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/05/13 10:43:29 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/31 19:04:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdwvs.dll
[2010/03/31 19:04:26 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdwcoin.dll
[2010/03/31 19:03:16 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs.dll
[2010/03/31 19:03:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps.dll
[2010/03/31 19:03:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4.dll
[2010/03/31 19:02:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDWPMON.DLL
[2010/03/31 19:02:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDWFXPU.DLL
[2010/03/31 19:02:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxdwoem.dll
[2010/03/31 18:59:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdwrwrd.ini
[2010/03/31 18:58:32 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDWinst.dll
[2010/03/31 18:58:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdwgrd.dll
[2009/10/03 08:59:23 | 000,008,174 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/02 17:45:02 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\mcs.rma
[2009/10/02 17:45:02 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\329CC9
[2009/09/27 19:45:32 | 000,001,072 | ---- | C] () -- C:\WINDOWS\auddrive.ini
[2009/06/19 16:54:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/05/23 17:36:51 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2009/02/15 11:06:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/29 23:40:22 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/08 09:25:20 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2007/12/16 21:47:51 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS
[2007/12/16 21:47:45 | 000,040,954 | ---- | C] () -- C:\WINDOWS\UN800001.INI
[2007/11/22 18:43:30 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/22 15:56:11 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/11/22 14:47:57 | 000,000,638 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/11/22 14:00:28 | 000,081,424 | ---- | C] () -- C:\WINDOWS\System32\vvlusb.sys
[2007/11/22 14:00:28 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\vvlusb32.dll
[2007/11/22 14:00:28 | 000,028,852 | ---- | C] () -- C:\WINDOWS\System32\vvlstrm.sys
[2007/11/22 14:00:28 | 000,012,720 | ---- | C] () -- C:\WINDOWS\System32\vvlusb16.drv
[2007/11/22 14:00:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\vvlpriv.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/04/05 20:26:32 | 000,000,211 | ---- | C] () -- C:\WINDOWS\lm2001.INI
[2006/11/30 14:42:53 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\wklnhst.dat
[2006/08/22 18:18:22 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/02/23 16:00:46 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/17 19:16:21 | 000,000,122 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2006/01/28 17:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/11/19 14:20:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/09 21:25:41 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2005/11/09 21:25:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/09 21:25:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WDIR32.DLL
[2005/11/09 21:25:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PMPRO32.DLL
[2005/11/09 21:25:30 | 000,018,892 | ---- | C] () -- C:\WINDOWS\System32\PMPRO16.DLL
[2005/11/09 21:25:29 | 000,042,084 | ---- | C] () -- C:\WINDOWS\System32\WDIR16.DLL
[2005/10/01 13:31:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/08/30 19:22:45 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2005/08/26 22:26:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/24 17:36:58 | 000,000,514 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/08/23 16:35:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/08/23 11:42:42 | 008,715,352 | ---- | C] () -- C:\Program Files\Install_AIM.exe
[2005/05/09 13:13:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/09 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/03/23 23:07:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 11:53:24 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 11:53:24 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 05:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/27 13:18:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\akrip.dll
[2003/03/26 09:19:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/03/23 13:12:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/07/29 04:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL
[2008/05/16 10:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/11/16 12:35:04 | 000,016,226 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Microsoft\stor.cfg

< %PROGRAMFILES%\*.* >
[2005/08/23 11:42:43 | 008,715,352 | ---- | M] () -- C:\Program Files\Install_AIM.exe
[2005/08/30 19:22:45 | 000,000,533 | ---- | M] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2005/08/23 11:32:04 | 000,823,296 | ---- | M] (Frontcode Technologies) -- C:\Program Files\winmx353.exe

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/24 20:27:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/09/04 20:30:00 | 000,000,140 | -HS- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/03/23 13:18:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/03/20 20:38:50 | 000,610,304 | ---- | M] (Speed Guide Inc.) -- C:\Documents and Settings\Jeff and Ingrid\Desktop\TCPOptimizer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/09/04 20:30:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Favorites\Desktop.ini
[2010/08/17 10:46:44 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Favorites\NCH Audio and Telephony Software.lnk
[2010/08/06 07:33:11 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/22 18:39:59 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\All Users\lxdw.log
[2010/07/12 13:49:53 | 000,032,972 | ---- | M] () -- C:\Documents and Settings\All Users\lxdwJSW.log
[2010/03/31 18:57:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\UpdaterLog.txt
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/23 05:02:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 05:02:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 05:02:03 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2007/12/16 21:46:54 | 000,009,600 | ---- | M] (BUFFALO INC.) -- C:\WINDOWS\system32\BUFADPT.SYS
[2004/08/04 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[1998/08/14 14:22:32 | 000,028,852 | ---- | M] () -- C:\WINDOWS\system32\vvlstrm.sys
[1998/08/14 14:23:02 | 000,081,424 | ---- | M] () -- C:\WINDOWS\system32\vvlusb.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 00:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/07/29 04:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL
[2008/05/16 10:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2010/07/22 23:37:12 | 000,000,269 | ---- | M] () -- C:\1.log
[2009/06/19 16:52:57 | 000,000,211 | ---- | M] () -- C:\aresult.txt
[2010/06/22 16:52:08 | 000,001,332 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2005/03/23 13:13:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/18 07:50:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2005/09/02 14:26:17 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2005/03/23 13:13:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/14 00:54:53 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2005/03/23 13:13:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/19 10:21:21 | 000,004,231 | -H-- | M] () -- C:\IPH.PH
[2010/12/13 12:00:38 | 000,000,331 | ---- | M] () -- C:\lxbl.log
[2005/03/23 13:13:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/24 20:10:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/02/26 17:13:19 | 000,004,096 | ---- | M] () -- C:\ntldr.srm
[2010/12/15 07:38:58 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2007/05/02 19:27:38 | 000,079,796 | ---- | M] () -- C:\VETlog.dmp
[2007/05/02 19:27:38 | 000,001,795 | ---- | M] () -- C:\VETlog.txt
[2006/09/01 23:33:41 | 000,000,000 | ---- | M] () -- C:\wizard.txt

< %PROGRAMFILES%\*. >
[2009/02/12 03:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/05/22 09:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009/05/30 15:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Absolute Poker
[2010/12/16 17:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/22 06:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/10/27 19:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2010/06/19 16:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\Anark
[2010/06/14 17:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2006/12/30 22:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2008/11/21 15:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/03 18:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Arcade Hits
[2010/07/28 07:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\AudioRack
[2010/11/18 00:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\AutocompletePro
[2009/01/29 23:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2010/10/31 15:25:18 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/16 21:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\BUFFALO
[2010/06/14 17:08:57 | 000,000,000 | ---D | M] -- C:\Program Files\CDKnet
[2010/07/03 15:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/22 16:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/11/30 15:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2005/05/09 12:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2005/08/23 10:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\Connection Wizard
[2010/06/22 06:16:09 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2010/12/14 18:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link Toolbar
[2010/06/14 17:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\DeltaSoft SuperComputing
[2005/12/29 10:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/09/03 19:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\doubleTwist 2.0
[2009/06/17 20:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/07/21 07:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2010/11/01 19:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free MP3 Cutter
[2010/08/17 10:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\Free MP3 WMA Cutter
[2007/07/22 13:45:58 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/07/20 11:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\GoldWave
[2006/10/14 12:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/15 07:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2009/10/02 17:26:25 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/05/09 13:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/17 06:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/31 15:35:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/10/31 15:36:50 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/28 19:06:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/05/09 13:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2005/08/24 17:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark
[2010/03/31 19:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 7600 Series
[2010/12/14 18:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Printable Web
[2010/12/14 18:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/03/31 19:01:01 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Tools for Office
[2010/08/15 21:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\Littlelan
[2010/09/03 18:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Loaris
[2009/05/31 18:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Lock Poker
[2007/11/22 15:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/06/14 17:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Lytec Systems
[2010/12/16 17:14:54 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/07/30 12:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\MediaMonkey
[2008/08/24 20:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/01/08 03:02:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/03/23 13:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/09/07 19:09:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/01/07 20:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/14 17:09:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/01/07 20:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/05/24 16:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/01/07 20:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/09 21:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/20 07:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Wav Editor
[2010/07/04 17:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\MP3Gain
[2009/02/15 10:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/09/20 20:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/03/23 13:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/05/09 13:16:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2005/03/23 13:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/14 21:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/08/09 15:24:14 | 000,000,000 | ---D | M] -- C:\Program Files\My App
[2010/08/06 06:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2010/08/15 21:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2009/06/25 20:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/08/24 20:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/09/07 19:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2010/02/22 23:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/02/22 23:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/12/16 17:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2006/01/22 16:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/02 17:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/20 09:35:32 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2010/11/16 08:04:34 | 000,000,000 | ---D | M] -- C:\Program Files\PC Wizard 2008
[2010/06/14 17:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\Phantom
[2010/07/04 17:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2010/06/20 09:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2005/08/26 22:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2006/07/28 19:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\PureEdge
[2010/10/31 15:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/05/09 13:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/02/15 10:15:21 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/06/17 20:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2010/07/21 07:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Music 3
[2009/10/02 17:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2010/02/06 10:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/06/22 06:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Screensavers.com
[2006/05/05 10:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\SHARP
[2007/07/29 21:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2007/11/22 18:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2010/09/03 19:38:02 | 000,000,000 | ---D | M] -- C:\Program Files\Songbird
[2009/05/31 19:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Sportsbook Poker
[2010/07/21 07:51:54 | 000,000,000 | ---D | M] -- C:\Program Files\Streamripper
[2010/12/14 08:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/09/02 15:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/12/15 07:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/02/25 18:53:46 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2006/12/07 14:45:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/30 15:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentBar
[2009/06/25 20:54:19 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/10/01 19:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\WAV to MP3 Encoder
[2010/12/14 19:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Whale Communications
[2010/07/21 08:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/21 08:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2007/11/22 15:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2006/12/13 16:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/24 20:17:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/24 20:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/28 19:23:19 | 000,000,000 | ---D | M] -- C:\Program Files\WindSolutions
[2005/08/26 15:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\WinMX
[2010/07/21 07:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2005/08/23 16:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\WON
[2005/03/23 13:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/04/26 14:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/06/14 17:08:24 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %appdata%\*.* >
[2010/08/27 12:28:17 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\329CC9
[2005/03/23 05:03:30 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\desktop.ini
[2010/08/27 12:28:17 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\mcs.rma
[2010/07/20 11:23:24 | 000,024,566 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\ReplayMusicLog.log
[2010/12/01 21:54:45 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Jeff and Ingrid\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/08/24 20:01:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 12/16/2010 5:26:14 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jeff and Ingrid\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.52 Gb Total Space | 13.86 Gb Free Space | 18.85% Space Free | Partition Type: NTFS
Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.78% Space Free | Partition Type: FAT32

Computer Name: YOUR-E358B65523 | User Name: Jeff and Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [Mp3nity] -- C:\PROGRA~1\LITTLE~1\MP3NIT~1\mp3nity.exe "%1" (Littlelan.com)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\1124815526\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1124815526\ee\aolservicehost.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1124815526\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1124815526\ee\aolservicehost.exe:*:Disabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1132435668\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1132435668\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1132435668\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1132435668\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Disabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\PokerStars\PokerStarsUpdate.exe" = C:\Program Files\PokerStars\PokerStarsUpdate.exe:*:Enabled:PokerStars -- File not found
"C:\Program Files\Full Tilt Poker\FullTiltPoker.exe" = C:\Program Files\Full Tilt Poker\FullTiltPoker.exe:*:Disabled:Full Tilt Poker -- File not found
"C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe" = C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY! -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Tencent\QQ Games\QQGames.exe" = C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Whale Communications\Client Components\3.1.0\WhlClnt3.exe" = C:\Program Files\Whale Communications\Client Components\3.1.0\WhlClnt3.exe:*:Enabled:Whale SSL VPN Client -- File not found
"C:\WINDOWS\system32\lxdwcoms.exe" = C:\WINDOWS\system32\lxdwcoms.exe:*:Enabled:7600 Series Server -- ( )
"C:\Documents and Settings\Magic Jack\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Magic Jack\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jeff and Ingrid\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F5FA055-84C1-459B-B0B6-D48D210AE50A}" = Hoyle Casino 2003
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1" = Free MP3 Cutter 1.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AudioRack" = AudioRack 2.20
"AutocompletePro2_is1" = AutocompletePro
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"CopyTrans Suite" = CopyTrans Suite Remove Only
"D-Link Toolbar" = D-Link Toolbar
"doubleTwist" = doubleTwist
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Free MP3 WMA Cutter_is1" = Free MP3 WMA Cutter 3.7.0.1
"GoldWave v5.57" = GoldWave v5.57
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{5F5FA055-84C1-459B-B0B6-D48D210AE50A}" = Hoyle Casino 2003
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"Lexmark 7600 Series" = Lexmark 7600 Series
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"magicJack Recovery Tool_is1" = magicJack Recovery Tool 1.0
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3nity_is1" = Mp3nity 2.1.130
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.02)" = Netscape (7.02)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"Philips Songbird" = Philips Songbird
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Shockwave" = Shockwave
"Songbird-release-1730" = Songbird 1.8.0b2 (Build 1730)
"SoundTap" = SoundTap Streaming Audio Recorder
"Streamripper" = Streamripper (Remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ToolBox" = NCH Toolbox
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MagicBeans™ 1v0" = MagicBeans™ - More Magic For Your Jack™ - 1v0
"magicJack" = magicJack
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2010 7:45:27 PM | Computer Name = YOUR-E358B65523 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uyivazom.dll, version 2.0.0.2, fault address 0x00002a53.

Error - 12/14/2010 7:47:27 PM | Computer Name = YOUR-E358B65523 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uyivazom.dll, version 2.0.0.2, fault address 0x00002a53.

Error - 12/14/2010 7:49:27 PM | Computer Name = YOUR-E358B65523 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uyivazom.dll, version 2.0.0.2, fault address 0x00002a53.

Error - 12/14/2010 7:51:27 PM | Computer Name = YOUR-E358B65523 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uyivazom.dll, version 2.0.0.2, fault address 0x00002a53.

Error - 12/14/2010 7:53:27 PM | Computer Name = YOUR-E358B65523 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uyivazom.dll, version 2.0.0.2, fault address 0x00002a53.

Error - 12/14/2010 7:55:29 PM | Computer Name = YOUR-E358B65523 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uyivazom.dll, version 2.0.0.2, fault address 0x00002a53.

Error - 12/15/2010 5:50:45 AM | Computer Name = YOUR-E358B65523 | Source = MsiInstaller | ID = 11402
Description = Product: Adobe Reader 9.3.4 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL.
System error 5. Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 12/15/2010 5:51:37 AM | Computer Name = YOUR-E358B65523 | Source = MsiInstaller | ID = 11402
Description = Product: Adobe Reader 9.4.0 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL.
System error 5. Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 12/16/2010 6:16:43 PM | Computer Name = YOUR-E358B65523 | Source = MsiInstaller | ID = 11402
Description = Product: Adobe Reader 9.3.4 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL.
System error 5. Verify that you have sufficient access to that key, or contact
your support personnel.

Error - 12/16/2010 6:21:51 PM | Computer Name = YOUR-E358B65523 | Source = MsiInstaller | ID = 11402
Description = Product: Adobe Reader X -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
System error 5. Verify that you have sufficient access to that key, or contact
your support personnel.

[ OSession Events ]
Error - 5/16/2010 8:08:55 PM | Computer Name = YOUR-E358B65523 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 189
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/11/2010 9:20:08 PM | Computer Name = YOUR-E358B65523 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1020
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/14/2010 9:17:59 AM | Computer Name = YOUR-E358B65523 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/14/2010 9:19:14 AM | Computer Name = YOUR-E358B65523 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/14/2010 9:20:43 AM | Computer Name = YOUR-E358B65523 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/14/2010 7:59:35 PM | Computer Name = YOUR-E358B65523 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/14/2010 7:59:35 PM | Computer Name = YOUR-E358B65523 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/14/2010 8:00:32 PM | Computer Name = YOUR-E358B65523 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/15/2010 8:39:28 AM | Computer Name = YOUR-E358B65523 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/15/2010 8:39:28 AM | Computer Name = YOUR-E358B65523 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/15/2010 8:40:26 AM | Computer Name = YOUR-E358B65523 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/16/2010 9:20:45 AM | Computer Name = YOUR-E358B65523 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Thanks very much. Here is my Combo-Fix log:
ComboFix 10-12-16.02 - Jeff and Ingrid 12/16/2010 22:55:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1555 [GMT -5:00]
Running from: c:\documents and settings\Jeff and Ingrid\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\Jeff and Ingrid\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Jeff and Ingrid\Application Data\Adobe\plugs
c:\documents and settings\Jeff and Ingrid\Application Data\Adobe\plugs\KB713209296.exe
c:\documents and settings\Jeff and Ingrid\Application Data\Adobe\plugs\KB713230359.exe
c:\documents and settings\Jeff and Ingrid\Application Data\Microsoft\stor.cfg
c:\documents and settings\Jeff and Ingrid\Application Data\Security Essentials 2011
c:\documents and settings\Jeff and Ingrid\Application Data\Security Essentials 2011\seqhmaszfls\sexvels.cfg
c:\program files\screensavers.com
c:\program files\screensavers.com\Wallpaper\Ohio State - Fiesta Bowl Champs.jpg
c:\program files\screensavers.com\Wallpaper\Thumbs.db
c:\windows\Downloaded Program Files\DM.0
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\iweduvak.dll
c:\windows\system32\forcices.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ABP480N5.SYS was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-16 22:18 . 2010-12-16 22:18 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\Temp
2010-12-16 22:15 . 2010-12-16 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-12-16 22:14 . 2010-12-16 22:14 -------- d-----w- c:\program files\McAfee Security Scan
2010-12-16 22:11 . 2010-12-16 22:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-14 13:15 . 2010-12-14 13:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-14 03:34 . 2010-12-14 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\lFpFc06301
2010-11-30 20:35 . 2010-11-30 20:35 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\{054D2F8D-6E0E-4684-9D9F-C4899A1BC9B2}
2010-11-30 20:28 . 2010-11-30 20:28 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\{9CDED4A2-6469-4EA0-8E3D-16FF75923354}
2010-11-23 02:06 . 2010-11-30 20:28 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\ConduitEngine
2010-11-23 02:06 . 2010-11-30 20:28 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 02:06 . 2010-11-30 20:28 -------- d-----w- c:\program files\uTorrentBar
2010-11-23 02:06 . 2010-11-23 02:06 -------- d-----w- C:\extensions
2010-11-22 23:37 . 2010-11-22 23:37 6020100 ----a-w- c:\documents and settings\All Users\SPLC0.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 22:11 . 2007-05-28 12:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2005-08-23 16:42 . 2005-08-23 16:42 8715352 ----a-w- c:\program files\Install_AIM.exe
2005-08-23 16:32 . 2005-08-23 16:32 823296 ----a-w- c:\program files\winmx353.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Jeff and Ingrid\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2009-05-11 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2009-05-11 16040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
magicJack.lnk - c:\documents and settings\Jeff and Ingrid\Application Data\mjusbsp\magicJackLoader.exe [2010-12-3 806168]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk]
backup=c:\windows\pss\ClientManager2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^setup.exe]
backup=c:\windows\pss\setup.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff and Ingrid^Start Menu^Programs^Startup^magicJack.lnk]
path=c:\documents and settings\Jeff and Ingrid\Start Menu\Programs\Startup\magicJack.lnk
backup=c:\windows\pss\magicJack.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-06-02 13:21 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-12-03 12:39 50592 ----a-w- c:\documents and settings\Jeff and Ingrid\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist]
2010-06-19 07:16 24576 ----a-w- c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 22:51 118784 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 22:55 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7600 Series Fax Server]
2009-05-11 11:47 311976 ----a-w- c:\program files\Lexmark 7600 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 21:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 21:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 13:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
2003-02-08 14:50 481264 ----a-w- c:\program files\Netscape\Netscape\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsSongbirdLauncher]
2010-07-04 22:31 346624 ----a-w- c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qkefirujiqig]
2008-04-14 00:12 54272 ----a-w- c:\windows\mfobuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 20:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-29 00:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-23 13:10 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thowec]
2008-04-14 00:12 338432 ----a-w- c:\windows\awohunicapa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"UTSCSI"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"PrismXL"=2 (0x2)
"wscsvc"=2 (0x2)
"SavRoam"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\lxdwcoms.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jeff and Ingrid\\Application Data\\mjusbsp\\magicJack.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2010 11:00 PM 6656]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [3/31/2010 7:04 PM 98984]
R3 EraserUtilDrvI10;EraserUtilDrvI10;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [12/14/2010 8:34 AM 102448]
R3 es1969;ESS ES1946_1938 Audio Driver (WDM);c:\windows\system32\drivers\ES1969.sys [6/25/2009 5:10 PM 96896]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [8/6/2010 6:41 AM 52824]
R3 STV673;STV0673 Camera;c:\windows\system32\drivers\STV673.SYS [9/15/2000 5:24 PM 122256]
S1 DTC328X;DTC328X;c:\windows\system32\drivers\Dtc328x.sys [8/22/2006 6:18 PM 48648]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [12/16/2007 9:47 PM 3264]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\RT2500USB.SYS [12/16/2007 9:47 PM 139904]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 6:27 PM 124608]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilRebootDrv
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\Norton Security Scan for Jeff and Ingrid.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-23 15:04]

2010-09-03 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-08-06 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Load - c:\docume~1\JEFFAN~1\LOCALS~1\Temp\dwm.exe
MSConfigStartUp-svchost - c:\documents and settings\Jeff and Ingrid\Application Data\Microsoft\svchost.exe
AddRemove-Amazon MP3 Downloader - c:\program files\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-Songbird-release-1730 - c:\program files\Songbird\Songbird-Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 23:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3090315745-2882805282-3170384538-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\M*a*g*i*c*B*e*a*n*s*"!\1v0]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,32,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(7328)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxdwcoms.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Lexmark 7600 Series\lxdwMsdMon.exe
c:\documents and settings\Jeff and Ingrid\Application Data\mjusbsp\magicJack.exe
c:\windows\system32\WISPTIS.EXE
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-12-16 23:24:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 04:24

Pre-Run: 14,692,016,128 bytes free
Post-Run: 20,640,837,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 814AB783E1A2FE3BC830D3EC404C40FE

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qkefirujiqig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thowec]

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Thanks very much! Here is the next log:
ComboFix 10-12-16.02 - Jeff and Ingrid 12/17/2010 18:12:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1294 [GMT -5:00]
Running from: c:\documents and settings\Jeff and Ingrid\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jeff and Ingrid\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 14:46 . 2010-12-17 14:46 -------- d-----w- c:\program files\LizardTech
2010-12-17 14:46 . 2010-12-17 14:46 -------- d-----w- c:\windows\LastGood
2010-12-17 12:45 . 2010-12-17 12:49 -------- d-----w- c:\windows\ie8updates
2010-12-17 06:38 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-17 06:38 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-12-17 06:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-17 06:38 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-17 06:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-17 06:38 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-17 06:38 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-17 06:38 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-17 06:37 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 06:33 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 22:18 . 2010-12-16 22:18 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\Temp
2010-12-16 22:15 . 2010-12-16 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-12-16 22:14 . 2010-12-16 22:14 -------- d-----w- c:\program files\McAfee Security Scan
2010-12-16 22:11 . 2010-12-16 22:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-14 13:15 . 2010-12-14 13:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-14 03:34 . 2010-12-14 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\lFpFc06301
2010-11-30 20:35 . 2010-11-30 20:35 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\{054D2F8D-6E0E-4684-9D9F-C4899A1BC9B2}
2010-11-30 20:28 . 2010-11-30 20:28 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\{9CDED4A2-6469-4EA0-8E3D-16FF75923354}
2010-11-23 02:06 . 2010-11-30 20:28 -------- d-----w- c:\documents and settings\Jeff and Ingrid\Local Settings\Application Data\ConduitEngine
2010-11-23 02:06 . 2010-11-30 20:28 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 02:06 . 2010-11-30 20:28 -------- d-----w- c:\program files\uTorrentBar
2010-11-23 02:06 . 2010-11-23 02:06 -------- d-----w- C:\extensions
2010-11-22 23:37 . 2010-11-22 23:37 6020100 ----a-w- c:\documents and settings\All Users\SPLC0.tmp
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 22:11 . 2007-05-28 12:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-18 18:12 . 2005-03-23 18:10 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2005-03-23 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-03-23 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-03-23 16:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-03-23 16:52 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-03-23 16:52 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-03-23 16:52 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-03-23 16:53 1853312 ----a-w- c:\windows\system32\win32k.sys
2005-08-23 16:42 . 2005-08-23 16:42 8715352 ----a-w- c:\program files\Install_AIM.exe
2005-08-23 16:32 . 2005-08-23 16:32 823296 ----a-w- c:\program files\winmx353.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Jeff and Ingrid\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2009-05-11 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2009-05-11 16040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager2.lnk]
backup=c:\windows\pss\ClientManager2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^setup.exe]
backup=c:\windows\pss\setup.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff and Ingrid^Start Menu^Programs^Startup^magicJack.lnk]
path=c:\documents and settings\Jeff and Ingrid\Start Menu\Programs\Startup\magicJack.lnk
backup=c:\windows\pss\magicJack.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-06-02 13:21 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-12-03 12:39 50592 ----a-w- c:\documents and settings\Jeff and Ingrid\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\doubleTwist]
2010-06-19 07:16 24576 ----a-w- c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 22:51 118784 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 22:55 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7600 Series Fax Server]
2009-05-11 11:47 311976 ----a-w- c:\program files\Lexmark 7600 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 21:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 21:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 13:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
2003-02-08 14:50 481264 ----a-w- c:\program files\Netscape\Netscape\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsSongbirdLauncher]
2010-07-04 22:31 346624 ----a-w- c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 20:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-29 00:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-23 13:10 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"UTSCSI"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"PrismXL"=2 (0x2)
"wscsvc"=2 (0x2)
"SavRoam"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\lxdwcoms.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jeff and Ingrid\\Application Data\\mjusbsp\\magicJack.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2010 11:00 PM 6656]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [3/31/2010 7:04 PM 98984]
R3 es1969;ESS ES1946_1938 Audio Driver (WDM);c:\windows\system32\drivers\ES1969.sys [6/25/2009 5:10 PM 96896]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [8/6/2010 6:41 AM 52824]
R3 STV673;STV0673 Camera;c:\windows\system32\drivers\STV673.SYS [9/15/2000 5:24 PM 122256]
S1 DTC328X;DTC328X;c:\windows\system32\drivers\Dtc328x.sys [8/22/2006 6:18 PM 48648]
S3 BFAIFILT;BFAIFILT;c:\windows\system32\drivers\BFAIFILT.SYS [12/16/2007 9:47 PM 3264]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\RT2500USB.SYS [12/16/2007 9:47 PM 139904]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 6:27 PM 124608]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrvI10
.
Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\Norton Security Scan for Jeff and Ingrid.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-23 15:04]

2010-09-03 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-08-06 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 18:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3090315745-2882805282-3170384538-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\M*a*g*i*c*B*e*a*n*s*"!\1v0]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,03,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,32,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-17 18:26:15
ComboFix-quarantined-files.txt 2010-12-17 23:26
ComboFix2.txt 2010-12-17 04:24

Pre-Run: 18,931,879,936 bytes free
Post-Run: 18,949,533,696 bytes free

- - End Of File - - D9F4F33671EF14222C071E0B335753A6

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Thanks again. I ran ESET and my Symantec was popping up with lots of warnings. Many were the same as what ESET was finding. Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=87f1cb5ac72f4d46bce3a130ab8beade
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-18 05:39:47
# local_time=2010-12-18 12:39:47 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3585 16777173 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132147
# found=11
# cleaned=11
# scan_time=7388
C:\Documents and Settings\Jeff and Ingrid\Application Data\Mozilla\Profiles\default\5mwr3lft.slt\prefs.bak Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jeff and Ingrid\Application Data\Mozilla\Profiles\default\5mwr3lft.slt\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\DeltaSoft SuperComputing\MagicBeans\1v0\MagicBeans.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\DeltaSoft SuperComputing\MagicBeans\1v0\UNINSTALLMagicBeans.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Jeff and Ingrid\Application Data\Adobe\plugs\KB713209296.exe.vir a variant of Win32/Cimag.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP1769\A0132340.exe a variant of Win32/Cimag.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP1789\A0138760.exe a variant of Win32/Adware.FakeAntiSpy.U application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP1798\A0145530.exe a variant of Win32/Cimag.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP1806\A0147605.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP1806\A0147606.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\mfobuv.dll a variant of Win32/Cimag.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

By the way, after completing ESET and rebooting, Symantec AV is still telling me I have Threat: Backdoor.Tidserv.I!inf
but I have no symptoms that I can tell, and my browser is working much better, thanks!!!!

Does Symantec say where?

yes, here: C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP1798\
filename is A0145425.SYS

Should I try to delete?

Symantec says quarantine was partially successful. It keeps repeating the same entry.

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Does Symantec see the threat now? the above should flush all restore points.

Excellent!! No peep out of Symantec.

Thank you ever so much!!!!!