Malwarebytes and HiJackThis both crash and return permissions errors...

My friends laptop had Eco Antivirus on it and I thought I had removed it successfully but when I try to run Malwarebytes on it, the scan crashes after about 2-3 seconds and then returns a permissions error if I try and run it again. I was reading some of the other posts about this searching for an answer and saw where at first people were running SystemLook and HJT and showing the logs for you to look at. I tried running HJT to get the log and it crashed returning the same permissions error as Malwarebytes. I did however get the SystemLook log... here is that

SystemLook 04.09.10 by jpshortstuff
Log created at 08:58 on 10/09/2010 by matt
Administrator - Elevation successful

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\System32\scecli.dll --a---- 177152 bytes [04:45 24/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a---- 177152 bytes [02:24 21/01/2008] [02:24 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll --a---- 177152 bytes [04:45 24/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\WINDOWS\System32\netlogon.dll --a---- 592896 bytes [04:45 24/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a---- 592384 bytes [02:24 21/01/2008] [02:24 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll --a---- 592896 bytes [04:45 24/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
C:\Program Files\CyberLink\PowerDirector\EventLog.dll --a---- 7216 bytes [05:30 13/01/2007] [05:30 13/01/2007] C2A279A458A06DE2C83D842AA042B5A8

Searching for "cngaudit.dll"
C:\WINDOWS\System32\cngaudit.dll --a---- 61952 bytes [08:43 02/11/2006] [09:46 02/11/2006] (Unable to calculate MD5)
C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a---- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-= EOF =-

Hopefully and Patiently awaiting help...
Drenji

Hello.

1. Download Win32kDiag from any of the following locations and save it to your Desktop.
   
   
   • Download Win32kDiag (Win32kDiag.exe) - #1
     
   • Download Win32kDiag (Win32kDiag.exe) - #2
     
   • Download Win32kDiag (Win32kDiag.exe) - #3
     

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Ok, I ran the Win32kDiag.exe, would it be ok to attach the log file, or do you want me to make multiple posts to fit it all... I go into -45000 range when I post this fully. Ha.

Just wondering if it would be ok. Tell me what ya want.

Yeah it's fine to attach it.

Tried to attach the file and it is apparently to big as well... I put it up on RapidShare for you to download if that's ok. Here is that link


http://rs22.rapidshare.com/files/419218203/Win32kDiag.txt

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\System32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

I downloaded it to the desktop and when I try to open the zip folder, I get an error about *The Compressed (zipped) Folder "C:\Users\matt\Desktop\avenger.zip" is invalid.*

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

The only log I ever got was the regular OTL log, not the extras one... but here is that log

OTL logfile created on: 9/16/2010 12:11:21 PM - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 96.49 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.42 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.87% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAWN-PC
Current User Name: matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/04 04:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 06:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 00:16:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [calc] C:\Windows\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.6.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 12:06:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/10 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/09 09:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/09 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Macromedia
[2010/09/09 03:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/09/09 03:08:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/09/09 03:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/09/08 10:14:18 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/09/08 10:14:17 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/08 10:14:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/09/08 10:14:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/09/08 10:13:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/08 09:45:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/09/08 09:45:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/09/08 09:45:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/09/08 09:45:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/09/08 09:45:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/09/08 09:45:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/09/08 09:45:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/09/08 09:45:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/09/08 09:45:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/09/08 09:45:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/09/08 09:45:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/09/08 09:45:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/09/08 09:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/09/08 09:45:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/09/08 09:45:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/09/08 09:44:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/09/08 09:44:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/08 09:44:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/09/08 09:43:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/09/08 09:43:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/09/08 09:43:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/08 09:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/08 09:42:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/09/08 09:42:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/09/01 15:11:57 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2010/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Verizon Wireless
[2010/08/30 17:05:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Anatomy
[2010/08/30 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\WildTangent
[2010/08/28 00:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Apple
[2010/08/27 16:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/27 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\CyberLink
[2010/08/26 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Yahoo!
[2010/08/26 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Youcam
[2010/08/26 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Hewlett-Packard
[2010/08/26 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\little league matt
[2010/08/26 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Hewlett-Packard
[2010/08/26 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Adobe
[2010/08/26 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\HP
[2010/08/26 21:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\QuickPlay
[2010/08/26 21:29:23 | 000,000,000 | R--D | C] -- C:\Users\matt\Searches
[2010/08/26 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Identities
[2010/08/26 21:29:10 | 000,000,000 | R--D | C] -- C:\Users\matt\Contacts
[2010/08/26 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\VirtualStore
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Temporary Internet Files
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Templates
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Start Menu
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\SendTo
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Recent
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\PrintHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\NetHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Videos
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Pictures
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Music
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\My Documents
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Local Settings
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\History
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Cookies
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Application Data
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Application Data
[2010/08/26 21:29:01 | 000,000,000 | --SD | C] -- C:\Users\matt\AppData\Roaming\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Videos
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Saved Games
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Pictures
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Music
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Links
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Favorites
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Downloads
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Documents
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Desktop
[2010/08/26 21:29:01 | 000,000,000 | -H-D | C] -- C:\Users\matt\AppData
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Temp
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft Help
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Media Center Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/16 12:13:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FC831C4-4D0E-4D5A-BA3D-44268E92C10E}.job
[2010/09/16 12:11:07 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/16 12:11:07 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/16 12:11:07 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/16 12:11:04 | 000,786,432 | -HS- | M] () -- C:\Users\matt\ntuser.dat
[2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 12:05:50 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/16 12:05:50 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/09/16 12:05:44 | 000,000,190 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/16 12:05:18 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/16 12:05:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 09:22:32 | 000,939,956 | ---- | M] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 09:20:24 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/16 09:19:55 | 003,266,369 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/09/16 09:19:06 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AlphaAnt.job
[2010/09/16 09:18:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 09:18:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 09:18:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 09:18:00 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2010/09/16 09:17:29 | 3152,879,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 09:11:15 | 000,065,536 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/16 08:58:49 | 000,677,998 | ---- | M] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/15 10:47:41 | 000,002,521 | ---- | M] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/13 08:54:02 | 000,047,616 | ---- | M] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/09 08:48:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 03:31:29 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/03 13:10:51 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/03 12:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 12:51:40 | 000,065,536 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/03 12:44:09 | 002,015,181 | -H-- | M] () -- C:\Users\matt\AppData\Local\IconCache.db
[2010/09/03 11:04:48 | 000,000,680 | ---- | M] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 17:06:05 | 000,002,627 | ---- | M] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/27 16:48:01 | 000,000,813 | -HS- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | M] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:30:01 | 000,077,136 | ---- | M] () -- C:\Users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/26 21:29:03 | 000,000,020 | -HS- | M] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/16 09:22:28 | 000,939,956 | ---- | C] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 08:49:26 | 000,677,998 | ---- | C] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/16 08:47:22 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/13 08:54:01 | 000,047,616 | ---- | C] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 08:56:38 | 000,002,521 | ---- | C] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 08:29:30 | 000,065,536 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 08:58:14 | 3152,879,616 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 15:09:38 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | C] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:51:11 | 000,002,627 | ---- | C] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\QSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\DSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\AtStart.txt
[2010/08/26 21:29:03 | 000,000,020 | -HS- | C] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 21:29:02 | 000,262,144 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG1
[2010/08/26 21:29:02 | 000,065,536 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/26 21:29:02 | 000,000,000 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG2
[2010/08/26 21:29:01 | 000,786,432 | -HS- | C] () -- C:\Users\matt\ntuser.dat
[2010/08/26 21:29:01 | 000,000,934 | ---- | C] () -- C:\Users\matt\Desktop\Cyberlink YouCam.lnk
[2010/08/26 21:29:01 | 000,000,258 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/26 21:29:01 | 000,000,240 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/03/11 22:28:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/21 23:30:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/21 17:44:08 | 000,534,528 | ---- | C] () -- C:\Windows\System32\ExplorerImages.dll
[2009/11/21 03:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/09/23 23:45:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 11:23:04 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/18 11:23:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/28 16:23:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 21:38:18 | 000,002,493 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >

Hello.

• Download combofix from here
  Link 1
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on svchost.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

ComboFix looks like it is starting to run, loads that little starting bar all the way and then nothing after that. That bar disappears and I get no log or anything. Beginning to think this computer is really messed up. Oh, also found AlphaAntivirus on the computer today. It doesn't seem to be running at all though.

And by the looks of it there is no other anti-virus program running on the computer, and windows defender is stuck off anyway so....

What to do?

Drenji

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes updates, starts to run, starts the scan, then crashes after about 3 seconds... Try to run it again it gives me the permissions error again.

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Hello.

Please download LockSearch to your Desktop.


1. A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
   
2. A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply.
   

I run the LockSearch and it gets to the creating log part and then I get the "LockSearch has stopped working, windows is searching for a solution" part, but here is what of the log I got...

LockSearch by jpshortstuff (05.11.09.1)
Log created at 11:32 on 17/09/2010 (matt)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\Program Files\AlphaAnt\alpha.exe
-------------------------


C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-------------------------


C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
-------------------------


C:\Users\matt\Desktop\OTL.exe
-------------------------


C:\WINDOWS\System32\cngaudit.dll
-------------------------
C:\Windows\System32\cngaudit.dll [Unable to get md5 : 1998120061 bytes]
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [7F15B4953378C8B5161D65C26D5FED4D : 11776 bytes]


C:\WINDOWS\System32\mrt.exe
-------------------------
C:\Windows\System32\mrt.exe [Unable to get md5 : 31648712 bytes]
C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe [77733CAF4F96DC546E87363B6EA688B5 : 52696 bytes]

Hello.

Please download inherit.exe

Download it to your Desktop, but do not run it just yet.

Now open a new notepad file.
Input this into the notepad file:

@echo off
"inherit.exe" "C:\Program Files\AlphaAnt\alpha.exe"
"inherit.exe" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"inherit.exe" "C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe"
"inherit.exe" "C:\WINDOWS\System32\cngaudit.dll"
"inherit.exe" "C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll "
"inherit.exe" "C:\Windows\System32\mrt.exe"
"inherit.exe" "C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe "
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Now try running MBAM again, this malware is capable of messing around with files and locked them so we can't use them, but the above fix unlocks it.

it allowed me to restart malwarebytes again, but it still crashed after about 6 seconds this time...

and then it is back to the error again.

Hello

We need to run the tool with the following command to fix some malware related changes.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your
desktop. Please open it with notepad and post the contents here.

Ok. It's to big to post again so here is the rapidshare address.

http://rapidshare.com/files/419649351/Win32kDiag.txt

Okay, re-run the bat script again, then try running Combofix.

It's still doing the same thing with combofix as before...

Okay, try MBAM now.

Its still the same as well. I tried MBAM right afterwords just to see.

Did you re-do this script?

http://www.GeekPolice.net/virus-spyware-malware-removal-f11/malwarebytes-and-hijackthis-both-crash-and-return-permissions-errors-t23720-15.htm#159542

yes

Okay please re-run LockSearch and post the new log.

At least got the whole log for it this time

LockSearch by jpshortstuff (05.11.09.1)
Log created at 15:45 on 17/09/2010 (matt)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-------------------------


C:\Users\matt\Desktop\OTL.exe
-------------------------


C:\WINDOWS\System32\cngaudit.dll
-------------------------
C:\Windows\System32\cngaudit.dll [Unable to get md5 : 1998120061 bytes]
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [7F15B4953378C8B5161D65C26D5FED4D : 11776 bytes]

-=E.O.F=-

and just to be for sure, I ran the fix.bat again a third time to check malwarebytes and its like once I try and run it it re locks it up....

Okay, lets try it this way.

Right click Inherit.exe, select Copy.

Now using Windows Explorer (Windows Key + E), locate this folder:
C:\Program Files\Malwarebytes' Anti-Malware

Enter the folder, right click anywhere, select Paste.

That should put a copy of Inherit.exe into the MBAM folder. Now drag and drop mbam.exe onto inherit.exe.

---

Now with the copy of inherit.exe that is still on the Desktop, drag and drop OTL.exe onto inherit.exe.

Does MBAM work now?

No. It opened like last time, but it still just closes after 6 seconds and then it returns the permissions error again.

Hmm, please re-run Win32kDiag and post the new log.

K. here is that again.
_________________________________________________________

Running from: C:\Users\matt\Desktop\Win32kDiag.exe

Log file at : C:\Users\matt\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 04:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[1] 2006-11-02 04:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\mrt.exe

[1] 2010-09-10 14:34:30 35552200 C:\Windows\System32\mrt.exe ()

[1] 2008-01-20 21:24:53 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)





Finished!

Hmm, can you extract/use The Avenger?

I'll try again

It still says it's invalid.

I'm not sure if I may just be doing something wrong or if vista just doesn't like it.

Hello.
Delete that copy of the Avenger and re-download it, now try it again, do you get the same error?

yeah. I still get the same error with it.

Can you run OTL now?

Here is the OTL log. Didn't get the extras log again.

--------------------------------------------------------------------------------------------------

OTL logfile created on: 9/23/2010 8:19:23 AM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 94.99 Gb Free Space | 54.42% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.39 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAWN-PC
Current User Name: matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2010/06/25 23:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/09/27 00:06:55 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/12 06:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/04 04:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 06:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 00:16:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [calc] C:\Windows\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.6.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 15:11:13 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/17 11:06:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010/09/16 13:07:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010/09/16 12:06:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 08:56:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/10 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/09 09:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/09 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Macromedia
[2010/09/09 03:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/09/09 03:08:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/09/09 03:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/09/08 10:14:18 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/09/08 10:14:17 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/08 10:14:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/09/08 10:14:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/09/08 10:13:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/08 09:45:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/09/08 09:45:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/09/08 09:45:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/09/08 09:45:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/09/08 09:45:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/09/08 09:45:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/09/08 09:45:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/09/08 09:45:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/09/08 09:45:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/09/08 09:45:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/09/08 09:45:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/09/08 09:45:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/09/08 09:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/09/08 09:45:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/09/08 09:45:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/09/08 09:44:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/09/08 09:44:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/08 09:44:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/09/08 09:43:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/09/08 09:43:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/09/08 09:43:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/08 09:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/08 09:42:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/09/08 09:42:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/09/01 15:11:57 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2010/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Verizon Wireless
[2010/08/30 17:05:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Anatomy
[2010/08/30 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\WildTangent
[2010/08/28 00:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Apple
[2010/08/27 16:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/27 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\CyberLink
[2010/08/26 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Yahoo!
[2010/08/26 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Youcam
[2010/08/26 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Hewlett-Packard
[2010/08/26 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\little league matt
[2010/08/26 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Hewlett-Packard
[2010/08/26 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Adobe
[2010/08/26 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\HP
[2010/08/26 21:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\QuickPlay
[2010/08/26 21:29:23 | 000,000,000 | R--D | C] -- C:\Users\matt\Searches
[2010/08/26 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Identities
[2010/08/26 21:29:10 | 000,000,000 | R--D | C] -- C:\Users\matt\Contacts
[2010/08/26 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\VirtualStore
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Temporary Internet Files
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Templates
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Start Menu
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\SendTo
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Recent
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\PrintHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\NetHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Videos
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Pictures
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Music
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\My Documents
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Local Settings
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\History
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Cookies
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Application Data
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Application Data
[2010/08/26 21:29:01 | 000,000,000 | --SD | C] -- C:\Users\matt\AppData\Roaming\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Videos
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Saved Games
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Pictures
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Music
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Links
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Favorites
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Downloads
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Documents
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Desktop
[2010/08/26 21:29:01 | 000,000,000 | -H-D | C] -- C:\Users\matt\AppData
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Temp
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft Help
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Media Center Programs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/23 08:23:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/23 08:23:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FC831C4-4D0E-4D5A-BA3D-44268E92C10E}.job
[2010/09/23 08:23:19 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/09/23 08:23:05 | 000,000,190 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/23 08:19:38 | 001,048,576 | -HS- | M] () -- C:\Users\matt\ntuser.dat
[2010/09/23 08:18:51 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/23 08:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/21 16:19:49 | 000,677,998 | ---- | M] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/21 09:45:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 09:45:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 09:44:33 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AlphaAnt.job
[2010/09/21 09:44:30 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/21 09:44:30 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/21 09:44:30 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/21 09:43:57 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/21 09:43:36 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/21 03:20:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/21 03:19:47 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2010/09/21 03:19:44 | 3152,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/21 03:17:08 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/21 03:17:08 | 000,065,536 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/17 15:11:43 | 000,002,521 | ---- | M] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/17 11:28:00 | 000,032,653 | ---- | M] () -- C:\Users\matt\Desktop\LockSearch.exe
[2010/09/17 11:07:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 03:17:42 | 002,057,727 | -H-- | M] () -- C:\Users\matt\AppData\Local\IconCache.db
[2010/09/16 13:07:27 | 003,845,883 | ---- | M] () -- C:\Users\matt\Desktop\svchost.exe
[2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 09:22:32 | 000,939,956 | ---- | M] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 09:19:55 | 003,266,369 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 08:54:02 | 000,047,616 | ---- | M] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 14:34:30 | 035,552,200 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2010/09/09 09:24:10 | 000,085,504 | ---- | M] () -- C:\Users\matt\Desktop\Inherit.exe
[2010/09/09 03:31:29 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/03 12:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 12:51:40 | 000,065,536 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | M] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 17:06:05 | 000,002,627 | ---- | M] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/27 16:48:01 | 000,000,813 | -HS- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | M] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:30:01 | 000,077,136 | ---- | M] () -- C:\Users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/26 21:29:03 | 000,000,020 | -HS- | M] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 16:19:47 | 000,677,998 | ---- | C] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/17 13:02:11 | 000,085,504 | ---- | C] () -- C:\Users\matt\Desktop\Inherit.exe
[2010/09/17 11:28:00 | 000,032,653 | ---- | C] () -- C:\Users\matt\Desktop\LockSearch.exe
[2010/09/16 13:07:27 | 003,845,883 | ---- | C] () -- C:\Users\matt\Desktop\svchost.exe
[2010/09/16 09:22:28 | 000,939,956 | ---- | C] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 08:47:22 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/13 08:54:01 | 000,047,616 | ---- | C] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 08:56:38 | 000,002,521 | ---- | C] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 08:29:30 | 000,065,536 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 08:58:14 | 3152,932,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 15:09:38 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | C] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:51:11 | 000,002,627 | ---- | C] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\QSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\DSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\AtStart.txt
[2010/08/26 21:29:03 | 000,000,020 | -HS- | C] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 21:29:02 | 000,262,144 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG1
[2010/08/26 21:29:02 | 000,065,536 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/26 21:29:02 | 000,000,000 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG2
[2010/08/26 21:29:01 | 001,048,576 | -HS- | C] () -- C:\Users\matt\ntuser.dat
[2010/08/26 21:29:01 | 000,000,934 | ---- | C] () -- C:\Users\matt\Desktop\Cyberlink YouCam.lnk
[2010/08/26 21:29:01 | 000,000,258 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/26 21:29:01 | 000,000,240 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/03/11 22:28:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/21 23:30:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/21 17:44:08 | 000,534,528 | ---- | C] () -- C:\Windows\System32\ExplorerImages.dll
[2009/11/21 03:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/09/23 23:45:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 11:23:04 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/18 11:23:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/28 16:23:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 21:38:18 | 000,002,493 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >

Guess I will just wipe the hard drive and tell them to start over.