not sure what malware I picked up; CHKDSK deleted Index files at next boot

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

not sure what malware I picked up; CHKDSK deleted Index files at next boot22nd February 2011, 4:48 am

Hello,

I have a Gateway Laptop MX6930 running Windows XP Professional 5.6.2100 Service Pack 3 Build 2600 (security updates up-to-date) with AdAware Pro Virus Protection and Malawarebytes Freeware (I bought the upgraded version of Malawarebytes, but it conflicts with AdAware, and no one at Malawarebytes was able to help me get them to be compatible, so I had to uninstall it and re-install the free version only).

Tonight, I was on Huffington Post news site and my AdAware program kicked in and said a malicious file had attempted to alter my Registry and had been shut down. I shut down IE 8.0.6001.18702 and immediately ran a Malwarebytes Quick Scan and an AdAware Quick Scan and found no problems, so I continued with some ordinary wordprocessessing work in MsWord, but everything was terribly slow and eventually I opened TaskManager, which showed some kind of odd activity (I wish I had copied down the file names, but I do remember that the program that was running at the top of the list was U3Launch, which is I think a program to open a little flash drive, but I didn't have any flash drive in any USB plug at that time-- I've never seen anything like this. It was changing values as if it were actively running, too, and the green graph portion of Task Manager showed a huge amount of processor being used at that time. When I tried to shut down Task Manager, everything froze. I powered off the whole system just using the on/off button, and when I booted it back up, CHKDSK opened automatically and ran for quite a while, saying that there were "Index entries" that it was deleting "at $I30." (That is an upper-case I after the dollar sign.) It listed several numbered files; a line would look something like this: "Deleting Index at $I30 of entry file 44646, file 44647," and so forth. I have no idea what this means, good or bad, etc.

After that finished, system seemed to boot up as normal, so I ran a full-scale Adaware Virus Scan and a full-scale Malwarebytes scan, and no malicious files were found.

However, my computer is still sluggish, and it just acts as if there is something wrong. For example, I shut off the wireless function so that I wouldn't be on the internet, just in case there is some malware in there, and went back to working on some wordprocessing that I've got a deadline on tomorrow. But while I was wordprocessing, again the system was slow; it didn't even want to open multiple MSWord files simultaneously-- it seemed to take a long time to load a simple document, if it would load at all. I decided to run a HiJack This scan and see if anything seemed really obvious to me (I'm not very computer savvy, but I always hope I'm learning, I guess), and when I went to do this, the program opened IE to update the version of the program I had-- so, it turned out that some other wireless internet program had made an internet connection without my knowledge and had been running in the background all that time. (Sorry, I don't know enough to understand how this might be possible without my having created the connection, but in the past I can say that whenever I have shut down the wireless like I did tonight, I am sure there were no connections until I reversed the "wireless off" command in my Intel PROSet Wireless program. I have tested this, even. But tonight somehow the internet connection had been made and was ongoing without my knowledge.) FWIW, I ran the HiJack This scan but I didn't run any fixes, because I realized I didn't have any idea what I was looking at; I decided to get help from GeekPolice.

I have updated Java and done the other recommended steps on the "Read This First" note before running OTL. I would appreciate any advice you can give me-- do you see anything lurking here that I need to clean?

{Also, a possibly related question (I don't know)-- feel free to disregard this if it is not an element of what happened or what's going on tonight-- ever since I had an attack of something fairly minor (I think it was Joker or something like that malware?) back last spring, I think? and had great advice from GeekPolice then to help me clean everything and get back running, the thing that has never run right is the Task Scheduler-- it will not update my AdAware or Malwarebytes programs like it's suppposed to, and whenever I shut down and then boot back up later, I get an error message that Task Scheduler isn't working correctly. I've tried everything I could think of to find the glitch, but I haven't been able to fix it or even find what is interfering with it. I just have to remember manually to update both the protection programs and to run them now and then. They hadn't been updated in about a day, maybe two, when this happened tonight, I admit.}

Thank you so much for help!!

This screen says my message with the OTL scan is too big, so I will post the OTL scan log in a second msg.
GrannyS.

not sure what malware I picked up, pt 2-- OTL logfile post22nd February 2011, 4:53 am

Here is part 1 of the cut and paste of the OTL scan from tonight. Thanks, GrannySlammy.

OTL logfile created on: 2/21/2011 9:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Owner.Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.40 Gb Total Space | 79.14 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 1.73 Gb Free Space | 32.28% Space Free | Partition Type: FAT32

Computer Name: TLAPTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/21 20:55:03 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
PRC - [2011/02/21 20:36:13 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/02/08 06:55:04 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/02/08 06:54:57 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/30 14:01:50 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/08/30 02:17:22 | 000,356,352 | ---- | M] () -- C:\Program Files\Browser Mouse\mouse32a.exe
PRC - [2010/08/16 12:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 14:31:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/10 16:25:54 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2005/12/28 12:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 12:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 12:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 12:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 12:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 12:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/11/05 03:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/02/21 20:55:03 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
MOD - [2010/08/30 02:17:22 | 000,073,728 | ---- | M] () -- C:\Program Files\Browser Mouse\mouDL32A.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/05 03:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McciCMService)
SRV - [2011/02/08 06:54:57 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/30 14:01:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/08/16 12:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/04/28 13:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/02 14:31:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/28 12:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/12/28 12:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/12/28 12:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/02/04 08:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/03 11:11:52 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/11/03 11:04:55 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/11/03 11:04:52 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/08/29 18:36:11 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/16 12:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/07/02 14:29:49 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/06/15 09:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 13:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/23 03:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/12/28 14:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/09/20 18:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 18:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 18:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 03:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 08:02:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/21 20:43:07 | 000,000,000 | ---D | M]

[2009/10/06 00:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Extensions
[2011/01/14 02:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions
[2010/07/19 16:21:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 04:53:15 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/12/31 15:02:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/31 15:02:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/31 15:02:12 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/02/21 19:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 14:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 04:47:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/21 14:00:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 09:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 19:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/23 14:14:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/04 19:57:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Recguard] File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\Owner.Owner\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adobe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([bearmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([bearmail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([blackboard] https in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: symantec.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: symantecliveupdate.com ([liveupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: symantecliveupdate.com ([liveupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([my] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://passport.missouristate.edu/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 20:55:03 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
[2011/02/21 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Application Data\Google
[2011/02/21 20:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/02/21 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/02/21 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/02/21 20:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/02/21 20:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/02/21 19:30:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/21 19:30:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/21 19:30:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/13 03:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco
[2011/02/09 13:08:53 | 000,069,976 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/02/09 13:08:53 | 000,021,464 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/02/06 23:32:59 | 014,641,880 | ---- | C] (Programming Sunrise) -- C:\Documents and Settings\Owner.Owner\Desktop\SmartDiarySuite4MedicalPort.exe
[2011/02/06 22:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Diary Suite 4
[2011/02/06 22:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Diary Suite 4
[2011/01/30 17:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\My Documents\Recipes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

not sure what malware I picked up; part 2 of the OTL logfile22nd February 2011, 4:55 am

Here is part 2 of the OTL logfile. Thanks, GrannySlammy.

========== Files - Modified Within 30 Days ==========

[2011/02/21 21:05:57 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (startup scan).job
[2011/02/21 21:05:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/02/21 21:05:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/02/21 21:05:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/02/21 21:05:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/02/21 21:05:57 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (weekly scan).job
[2011/02/21 21:05:57 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (monthly scan).job
[2011/02/21 21:05:57 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (daily scan).job
[2011/02/21 20:55:03 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
[2011/02/21 20:50:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/21 20:43:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/21 20:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/21 20:41:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/21 20:14:33 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/02/21 19:52:25 | 000,002,657 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2011/02/21 19:52:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/20 19:39:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/02/20 04:03:51 | 000,005,864 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\wklnhst.dat
[2011/02/20 03:57:13 | 000,017,607 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Points Spring 2011.docx
[2011/02/18 11:45:34 | 000,018,370 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Jims notes for 2 18 11 when I was sick.docx
[2011/02/17 14:07:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0ED8018E-F816-47A4-88F5-90D7DD740D4D}.job
[2011/02/15 22:25:33 | 000,013,713 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Review Confed Girlhoods.docx
[2011/02/13 03:25:28 | 000,011,180 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Accessing Bear 1 from home and from campus.docx
[2011/02/10 03:33:46 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\keyfile3.drm
[2011/02/10 00:52:19 | 000,012,640 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Public Scorecard link[1].docx
[2011/02/09 13:06:18 | 002,194,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 12:59:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/07 06:17:45 | 000,072,220 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\580 Malory Study Guide First Half.docx
[2011/02/06 23:56:58 | 000,112,640 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Smart Diary Fibrofile.sd4
[2011/02/06 23:33:08 | 014,641,880 | ---- | M] (Programming Sunrise) -- C:\Documents and Settings\Owner.Owner\Desktop\SmartDiarySuite4MedicalPort.exe
[2011/02/06 22:26:54 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Diary Suite.lnk
[2011/02/05 21:33:22 | 000,024,319 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Academic Calendar Summer 2011 and Fall 2011.docx
[2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/02 19:19:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/02 14:49:01 | 000,012,727 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Standing Homework Assignment.docx
[2011/02/01 20:32:06 | 000,010,526 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\our Ms.docx
[2011/01/30 23:51:25 | 000,013,261 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Letter to Liejun 013011.docx
[2011/01/24 23:41:40 | 005,324,288 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Philosophy_For_Old_Age.pps
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/21 20:43:07 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/21 20:43:07 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/21 20:36:22 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/21 20:36:22 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/18 08:52:59 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/02/18 08:52:58 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/02/18 08:52:58 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/02/18 08:52:58 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/02/18 08:52:58 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (weekly scan).job
[2011/02/18 08:52:58 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (monthly scan).job
[2011/02/18 08:52:57 | 000,000,482 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (startup scan).job
[2011/02/18 08:52:57 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (daily scan).job
[2011/02/18 08:49:52 | 000,018,370 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Jims notes for 2 18 11 when I was sick.docx
[2011/02/15 21:08:11 | 000,013,713 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Review Confed Girlhoods.docx
[2011/02/13 03:23:31 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Degrees Comm Guidelines 1.12.11.doc
[2011/02/10 00:52:19 | 000,012,640 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Public Scorecard link[1].docx
[2011/02/07 06:17:45 | 000,072,220 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\580 Malory Study Guide First Half.docx
[2011/02/06 22:38:02 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Smart Diary Fibrofile.sd4
[2011/02/06 22:26:54 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Diary Suite.lnk
[2011/02/05 21:14:37 | 000,024,319 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Academic Calendar Summer 2011 and Fall 2011.docx
[2011/02/02 14:49:01 | 000,012,727 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Standing Homework Assignment.docx
[2011/02/01 20:32:06 | 000,010,526 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\our Ms.docx
[2011/01/30 17:23:52 | 000,013,261 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Letter to Liejun 013011.docx
[2011/01/24 23:41:40 | 005,324,288 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Philosophy_For_Old_Age.pps
[2011/01/19 03:07:37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2011/01/19 03:07:37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2011/01/19 03:05:34 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2010/11/30 19:38:29 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/30 19:38:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/01 12:54:54 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2010/09/13 09:35:57 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\keyfile3.drm
[2010/09/11 18:04:31 | 000,000,371 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/03 01:53:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\housecall.guid.cache
[2010/08/10 22:17:51 | 000,082,111 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/08/10 22:17:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/07/09 22:01:48 | 000,020,536 | ---- | C] () -- C:\Program Files\Ophcrack LiveCD 2.docx
[2010/06/03 21:29:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/05/07 14:04:01 | 000,000,729 | ---- | C] () -- C:\Program Files\readme.txt
[2010/04/13 13:29:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/10/10 18:07:14 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\fusioncache.dat
[2009/09/30 19:30:02 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 20:06:00 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2009/09/05 15:54:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/08/04 16:09:56 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2009/08/04 16:07:46 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2009/08/04 16:07:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2009/07/27 21:30:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/07/07 22:18:41 | 000,005,864 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\wklnhst.dat
[2009/07/05 20:01:05 | 000,015,266 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/05 20:00:33 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/07/05 20:00:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/07/02 14:36:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2009/07/02 14:24:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 03:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/11/30 16:13:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/08/31 14:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/06/17 03:40:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/03/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA0.DLL
[2009/03/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/10 19:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/08/21 16:39:53 | 000,001,674 | -H-- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/07/09 22:11:21 | 000,020,536 | ---- | M] () -- C:\Program Files\Ophcrack LiveCD 2.docx
[2010/05/05 14:06:00 | 000,000,729 | ---- | M] () -- C:\Program Files\readme.txt

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/07/02 17:08:01 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/02 17:14:24 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/06/17 03:46:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/06 23:33:08 | 014,641,880 | ---- | M] (Programming Sunrise) -- C:\Documents and Settings\Owner.Owner\Desktop\SmartDiarySuite4MedicalPort.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/01/04 08:02:26 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/01/04 08:02:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/01/04 08:02:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/01/04 08:02:33 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/19 03:10:23 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Favorites\Corel Macros.LNK
[2009/07/02 17:14:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner.Owner\Favorites\Desktop.ini
[2011/01/19 03:10:23 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Favorites\Graphics.LNK
[2011/01/19 03:10:23 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Favorites\Personal Files.LNK

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/06/16 20:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/16 20:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/16 20:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/10 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 23:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/12/31 07:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 04:41:50 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 04:41:50 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 04:41:50 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 04:41:50 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 04:41:50 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 04:41:50 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 04:41:50 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 04:41:52 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 04:41:52 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 04:41:52 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 04:41:52 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 04:41:52 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 04:41:52 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 04:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/14 04:42:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 04:42:10 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/03/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA0.DLL
[2009/03/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/10 19:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2011/02/21 19:52:14 | 000,008,952 | ---- | M] () -- C:\aaw7boot.log
[2006/06/17 03:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/01 13:40:36 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/10/13 12:07:12 | 000,000,325 | -HS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/06/17 03:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/06/17 03:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/21 19:44:37 | 000,020,777 | ---- | M] () -- C:\JavaRa.log
[2006/06/17 03:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/02 17:03:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/21 19:52:14 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/11/22 15:36:58 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/07/06 19:26:17 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\uninstall_flash_player.exe
[2009/07/02 14:17:21 | 000,000,002 | RHS- | M] () -- C:\USER

< %PROGRAMFILES%\*. >
[2009/09/15 20:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\2nd Story Software
[2010/12/12 13:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/02/21 20:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/11/25 22:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/11/03 16:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/12 12:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2010/11/20 05:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/30 02:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Browser Mouse
[2010/08/21 20:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/08/21 19:33:16 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/12/14 01:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/10/21 15:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/06/17 03:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/02 14:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/02 01:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/09/05 21:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/07/02 14:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway Games
[2011/02/21 20:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/07/02 14:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\gtw_logo
[2010/10/19 04:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/04/10 12:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\HP RecordNow
[2010/10/03 00:56:45 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/02 14:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/19 21:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Chess Club
[2011/02/09 13:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/11/20 05:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/11/20 07:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/02/21 19:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/18 18:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/09/14 19:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/12/23 17:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/03 15:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/07/02 14:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2006/06/17 03:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/09/06 17:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2009/07/08 21:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/08 21:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/08 21:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/11/21 20:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/07/08 21:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/02 14:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/10 22:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/01/04 08:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/08 21:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/08 22:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/06/17 03:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/07/02 14:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2006/06/17 03:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/07/03 15:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/07/02 14:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2009/07/02 17:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/10/12 13:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\New Folder
[2010/10/19 05:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2011/02/21 20:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/07/05 03:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Office03
[2006/06/17 03:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/12/18 18:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/15 13:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/14 22:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\PDFZilla
[2010/07/02 13:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\PocketRAR
[2010/11/20 04:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/02 14:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/03 21:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 14:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2011/02/06 22:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Diary Suite 4
[2010/07/02 01:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/07/02 14:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/10/24 14:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/09/07 12:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2006/06/17 03:46:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/27 21:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\USPS
[2009/07/02 14:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/07/02 14:25:36 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/07/03 21:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/03 21:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/02 17:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/06/17 03:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/06/17 03:39:10 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/18 14:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/10/21 17:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\WinUtilities
[2006/06/17 03:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/11/30 19:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid

< %appdata%\*.* >
[2006/06/16 20:31:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\desktop.ini
[2010/08/10 22:18:06 | 000,082,111 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2011/02/20 04:03:51 | 000,005,864 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\wklnhst.dat

< MD5 for: AGP440.SYS >
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\DRV\SCS\iastor.sys
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys
[2005/10/12 13:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/10 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/10 13:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 23:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-09 18:59:23

< >

< End of report >

Post #4 not sure what malware I picked up; extras.txt file from OTL scan22nd February 2011, 5:05 am

Here is the Extras.txt file from the OTL scan. Thanks, GrannySlammy.

OTL Extras logfile created on: 2/21/2011 9:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Owner.Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.40 Gb Total Space | 79.14 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 1.73 Gb Free Space | 32.28% Space Free | Partition Type: FAT32

Computer Name: TLAPTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDB21979-9370-4D64-A54C-BE43F2282F18}" = Nitro PDF Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.7 Professional Edition
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Kindle For PC" = Amazon Kindle For PC
"Browser Mouse" = Browser Mouse
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Dasher" = Dasher
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Gateway Game Console" = Gateway Game Console
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDFZilla_is1" = PDFZilla V1.2.9
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PocketRAR" = Pocket RAR documentation
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Missouri" = TaxACT 2009 Missouri
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2011 3:10:16 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2296

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4906

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4906

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6875

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6875

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8828

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8828

[ Application Events ]
Error - 2/21/2011 3:10:16 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2296

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4906

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4906

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6875

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6875

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8828

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8828

[ Application Events ]
Error - 2/21/2011 3:10:16 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2296

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4906

Error - 2/21/2011 3:10:18 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4906

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6875

Error - 2/21/2011 3:10:20 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6875

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8828

Error - 2/21/2011 3:10:22 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8828

[ OSession Events ]
Error - 3/8/2010 9:18:26 PM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 548145
seconds with 28680 seconds of active time. This session ended with a crash.

Error - 4/28/2010 3:37:46 AM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/8/2010 9:18:54 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 505086
seconds with 11340 seconds of active time. This session ended with a crash.

Error - 8/29/2010 10:12:10 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4927
seconds with 300 seconds of active time. This session ended with a crash.

Error - 11/22/2010 5:19:59 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2010 5:21:06 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2010 5:21:32 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2010 5:28:01 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2010 5:28:34 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/22/2010 5:28:42 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/13/2011 3:54:02 PM | Computer Name = TLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 2/15/2011 10:12:38 PM | Computer Name = TLAPTOP | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 2/17/2011 1:35:29 PM | Computer Name = TLAPTOP | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 2/20/2011 9:27:51 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 2/20/2011 9:27:53 PM | Computer Name = TLAPTOP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 2/20/2011 9:36:35 PM | Computer Name = TLAPTOP | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/21/2011 1:48:58 AM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 2/21/2011 1:49:00 AM | Computer Name = TLAPTOP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 2/21/2011 9:52:23 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 2/21/2011 9:52:26 PM | Computer Name = TLAPTOP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

< End of report >

Re: not sure what malware I picked up; CHKDSK deleted Index files at next boot23rd February 2011, 1:29 am

Hi,

I don't see anything in your log that indicates infection. A slow machine can be caused by a great deal of things. The first of which I'd say is lack of RAM and the amount of things starting up when Windows boots.

You can use a program like StartupLite to manage this. Found here:
http://www.malwarebytes.org/startuplite.php

re: not sure what malware I picked up - SOLVED23rd February 2011, 2:22 am

Thank you!!! The system has been acting ok today, nothing really weird, and not any slower than its normal.

Thanks for the advice, too. It will be good to get some startup clutter out of there.

I just wanted someone to make sure it all looks okay and the AdAware and Malwarebytes scans weren't missing anything.

I knew I could trust you folks here at GeekPolice. You are awesome!!!!

Thank You!

GrannyS.

Re: not sure what malware I picked up; CHKDSK deleted Index files at next boot23rd February 2011, 4:46 am

No problem. Let me know if we can help any more

not sure what malware I picked up; CHKDSK deleted Index files at next boot

descriptionnot sure what malware I picked up; CHKDSK deleted Index files at next boot22nd February 2011, 4:48 am

descriptionnot sure what malware I picked up, pt 2-- OTL logfile post22nd February 2011, 4:53 am

descriptionnot sure what malware I picked up; part 2 of the OTL logfile22nd February 2011, 4:55 am

descriptionPost #4 not sure what malware I picked up; extras.txt file from OTL scan22nd February 2011, 5:05 am

descriptionRe: not sure what malware I picked up; CHKDSK deleted Index files at next boot23rd February 2011, 1:29 am

descriptionre: not sure what malware I picked up - SOLVED23rd February 2011, 2:22 am

descriptionRe: not sure what malware I picked up; CHKDSK deleted Index files at next boot23rd February 2011, 4:46 am

descriptionRe: not sure what malware I picked up; CHKDSK deleted Index files at next boot