Vista Antivirus 2012

My laptop got infected with this virus. I can not access the web, not even in safe mode.

Please advise.

Hi there tinyskids!!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Since you cannot access internet from the infected computer, can you download utilities from another computer and transfer them to your infected computer with e.g. an USB drive?

If you can, please proceed with the following:

====================

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

• Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  
• A black screen will briefly flash indicating a successful run.
  
• If this does not occur please delete that application and try using Mirror #2
  
• Continue process until the tool runs.
  
• Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

====================

Please download OTL by OldTimer from here and save it to your desktop.

• Close all windows and double click OTL.exe.
  
• The Extra Registry setting should be Use Safelist
  
• Copy and paste the following text into the Custom Scans/Fixes box:

• Click the Run Scan button and allow it to run.
  
• It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  
• You may need multiple posts to get it all.

Hey Gabethebae thanks so much for helping me. Thats cool I have 8kids so I know what you mean. will the usb that I use get infected with this virus. If not I have a portable hard drive that I can use but it has all my info on it so I want to make sure that the virus will not transfer over to the hard drive.

I had one more question In the previous post you stated not to reboot my comp, so should I just leave it on untill the virus is gone? Like on all the time? Just want to make sure I am understanding you.

This type of malware usually does not spread to removable media. And if it does, we will quickly find out and immunize whatever drives you have used.

And yes, after running rkill you will probably notice that the virus is gone (but it is not, we only deactivated it for the moment) - leave your computer on until we clean it with OTL.

8 kids! Wow, you are my hero

otl file
OTL logfile created on: 6/10/2011 8:43:42 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.46% Memory free
4.21 Gb Paging File | 3.31 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 74.60 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.89 Gb Free Space | 16.13% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 08:41:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 19:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/02 05:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 08:41:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 08:33:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A443E32-44C9-4280-9D4B-4ED1855B6574}\MpKsl540b4cea.sys -- (MpKsl540b4cea)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/11 07:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/29 15:08:00 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 17:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/28 14:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://webmail.aol.com/39997/aol/en-us/Suite.aspx"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {0c2508e6-de4c-11db-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cee613b&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/16 09:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/28 07:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 20:01:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 20:01:57 | 000,000,000 | ---D | M]

[2008/12/10 21:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/06/04 10:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions
[2011/03/08 18:14:18 | 000,000,000 | ---D | M] (Bible Fox Blue) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}
[2010/05/04 17:11:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/10 15:47:37 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2011/03/08 18:14:18 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/02/20 13:51:44 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\2020Player@2020Technologies.com
[2011/03/08 18:14:38 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\extension@virtusdesigns.com
[2009/01/13 10:45:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\moveplayer@movenetworks.com
[2011/03/08 18:14:37 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\noia2_option@kk.noia
[2011/04/08 05:54:33 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\personas@christopher.beard
[2011/03/08 18:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\extension@virtusdesigns.com\chrome
[2011/03/08 18:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\extension@virtusdesigns.com\defaults
[2011/03/08 18:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/01/10 15:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2010/01/10 15:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2011/01/24 01:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 10:11:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/27 15:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/07 18:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 01:51:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\063D7MA6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/08 20:01:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 20:01:51 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/09 09:40:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} http://plug-in.reallusion.com/CrazyTalk4.cab (CrazyTalk4 Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} http://www.reallusion.com/plug-in/rltts.cab (TTS Engine Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab (Live Collaboration)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/12 04:25:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 08:41:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/01 09:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1997/03/28 15:55:00 | 000,055,440 | ---- | C] (LEAD Technologies Inc.) -- C:\Program Files\LEAD.VBX

========== Files - Modified Within 30 Days ==========

[2011/06/10 08:41:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/10 08:38:48 | 000,632,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/10 08:38:48 | 000,116,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/10 08:36:19 | 000,009,602 | -HS- | M] () -- C:\Users\Owner\AppData\Local\5v658ex16os3r31s0
[2011/06/10 08:36:19 | 000,009,602 | -HS- | M] () -- C:\ProgramData\5v658ex16os3r31s0
[2011/06/10 08:35:57 | 000,000,285 | ---- | M] () -- C:\Users\Owner\Desktop\rkill - Shortcut.lnk
[2011/06/10 08:34:27 | 000,000,164 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/10 08:34:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 08:33:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 08:33:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 08:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 08:33:41 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 16:26:18 | 000,339,968 | -HS- | M] () -- C:\Users\Owner\AppData\Local\jox.exe
[2011/06/06 16:15:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 13:45:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2011/06/03 00:50:43 | 000,002,377 | ---- | M] () -- C:\Users\Owner\Desktop\Skype.lnk
[2011/06/02 22:32:19 | 000,048,836 | ---- | M] () -- C:\Users\Owner\Documents\bbsfhs.jpg
[2011/06/02 12:33:02 | 000,006,648 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/05/20 21:58:09 | 000,461,344 | ---- | M] () -- C:\Users\Owner\Documents\GATE.htm

========== Files Created - No Company Name ==========

[2011/06/10 08:35:57 | 000,000,285 | ---- | C] () -- C:\Users\Owner\Desktop\rkill - Shortcut.lnk
[2011/06/10 08:33:41 | 2137,014,272 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/06 16:26:43 | 000,009,602 | -HS- | C] () -- C:\Users\Owner\AppData\Local\5v658ex16os3r31s0
[2011/06/06 16:26:43 | 000,009,602 | -HS- | C] () -- C:\ProgramData\5v658ex16os3r31s0
[2011/06/06 16:26:18 | 000,339,968 | -HS- | C] () -- C:\Users\Owner\AppData\Local\jox.exe
[2011/06/02 22:32:17 | 000,048,836 | ---- | C] () -- C:\Users\Owner\Documents\bbsfhs.jpg
[2011/05/20 21:58:03 | 000,461,344 | ---- | C] () -- C:\Users\Owner\Documents\GATE.htm
[2011/01/04 21:02:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/07 18:51:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/07 18:51:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/07 18:51:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/07 18:51:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/07 18:51:45 | 000,000,000 | R--- | C] () -- C:\Windows\sed.exe
[2010/12/06 15:03:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/11/29 12:30:56 | 001,974,784 | ---- | C] () -- C:\Program Files\rcfiles.exe
[2010/11/29 12:30:56 | 000,517,104 | ---- | C] () -- C:\Windows\System32\LEAD45.DLL
[2010/11/29 12:30:56 | 000,000,164 | ---- | C] () -- C:\Program Files\RCSUPP~1.URL
[2010/11/27 13:37:01 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/27 13:37:01 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2010/11/27 13:36:45 | 000,000,147 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/11/27 13:36:45 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/11/27 13:36:45 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/11/27 13:36:44 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/11/27 13:36:42 | 000,014,441 | ---- | C] () -- C:\Windows\HL-5250DN.INI
[2010/10/22 23:58:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/22 23:58:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/07 21:31:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/16 08:58:49 | 000,023,087 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/08/10 19:19:09 | 000,002,704 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/06/23 22:37:15 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2008/02/17 00:26:16 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/15 11:38:25 | 000,047,616 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 09:26:53 | 000,006,648 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/01/24 22:01:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/12 04:39:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/08/20 08:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 08:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,324,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,632,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,116,408 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/11/07 21:54:02 | 000,699,584 | ---- | C] () -- C:\Program Files\robinson.exe
[2002/07/29 16:01:36 | 000,001,450 | ---- | C] () -- C:\Program Files\fcvp_w.dat
[2002/07/29 16:01:36 | 000,001,325 | ---- | C] () -- C:\Program Files\fcvp_s.dat
[2002/07/16 15:10:52 | 000,009,154 | ---- | C] () -- C:\Program Files\robinson.ini
[2002/07/16 15:09:26 | 001,420,800 | ---- | C] () -- C:\Program Files\robinson.wri
[2002/07/09 11:59:08 | 000,000,164 | ---- | C] () -- C:\Program Files\RCSupport.url
[2001/11/08 15:54:14 | 000,038,752 | ---- | C] () -- C:\Program Files\leaddib.drv
[1997/01/11 21:35:28 | 000,014,947 | ---- | C] () -- C:\Program Files\math.dat
[1997/01/11 21:35:28 | 000,005,468 | ---- | C] () -- C:\Program Files\phonics.dat
[1997/01/11 21:35:28 | 000,002,396 | ---- | C] () -- C:\Program Files\vdrill.dat

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\MpNWMon.sys

< %systemroot%\system32\drivers\*.sys >
[2006/11/02 04:55:12 | 000,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys
[2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys
[2006/11/02 05:49:59 | 000,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS
[2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys
[2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys
[2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys
[2007/09/29 15:08:00 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2008/01/19 01:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\asyncmac.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:42 | 000,109,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2008/01/19 03:41:39 | 000,028,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS
[2008/01/19 01:53:30 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2008/01/19 01:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys
[2011/02/22 09:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/04/11 01:42:55 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2006/09/03 01:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerIf.sys
[2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/09/03 01:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys
[2008/01/19 01:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys
[2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2007/10/11 07:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys
[2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys
[2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys
[2009/04/11 02:32:43 | 000,125,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2008/01/19 01:32:47 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys
[2008/01/19 03:41:25 | 000,020,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2006/06/28 14:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\CPQBttn.sys
[2009/04/11 02:32:30 | 000,035,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2006/11/02 05:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys
[2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys
[2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 00:39:11 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2008/01/19 02:53:03 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2008/01/19 01:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys
[2009/04/11 02:32:29 | 000,027,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2008/01/19 01:36:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2009/04/11 00:23:23 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/01/20 12:37:37 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2006/11/02 03:30:54 | 000,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys
[2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys
[2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fdc.sys
[2008/01/19 03:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys
[2008/01/19 01:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys
[2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\flpydisk.sys
[2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2008/01/19 01:27:57 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/04/11 02:32:43 | 000,099,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2006/11/02 05:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2006/11/02 03:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys
[2009/04/11 00:42:48 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys
[2008/01/19 01:53:16 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys
[2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys
[2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys
[2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys
[2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys
[2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2006/11/02 05:49:25 | 000,016,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omgmt.sys
[2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2007/09/30 03:03:12 | 000,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys
[2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys
[2008/01/19 03:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2008/01/19 01:27:21 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys
[2008/01/19 01:56:23 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipfltdrv.sys
[2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys
[2008/01/19 01:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys
[2008/01/19 01:55:26 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys
[2008/01/19 01:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys
[2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys
[2008/01/19 03:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/11 00:38:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2008/01/19 01:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys
[2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys
[2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys
[2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/19 01:30:36 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/01/19 01:49:59 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2006/06/18 19:26:58 | 000,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys
[2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2008/01/19 01:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys
[2008/01/19 01:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/01/19 03:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/19 01:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys
[2010/10/24 22:25:38 | 000,165,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpFilter.sys
[2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys
[2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MpNWMon.sys
[2008/01/19 01:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys
[2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2011/02/22 09:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/02/22 09:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/02/22 09:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2006/11/02 05:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys
[2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys
[2008/01/19 01:28:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys
[2008/01/19 03:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys
[2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2008/01/19 01:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys
[2008/01/19 01:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys
[2008/01/19 01:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys
[2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2008/01/19 03:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys
[2008/01/19 01:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys
[2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2008/01/19 01:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/01/19 01:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys
[2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2008/01/19 01:56:28 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/01/19 01:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2010/04/05 16:00:40 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys
[2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2008/01/19 01:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys
[2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys
[2008/01/19 01:49:12 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:40 | 000,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS
[2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2006/11/02 04:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parport.sys
[2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parvdm.sys
[2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/04/11 02:32:52 | 000,043,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys
[2009/04/11 00:42:50 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys
[2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys
[2008/01/19 01:56:07 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys
[2008/01/19 01:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/19 01:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasl2tp.sys
[2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2008/01/19 01:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspptp.sys
[2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2008/01/19 02:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys
[2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2008/01/19 02:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys
[2009/04/11 00:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2008/04/16 15:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\drivers\RimUsb.sys
[2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/11 00:46:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/04/11 00:46:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rndismpx.sys
[2008/01/19 01:57:15 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys
[2008/01/19 01:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys
[2007/04/23 17:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\Rtnicxp.sys
[2007/09/27 21:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys
[2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys
[2008/01/19 03:42:10 | 000,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys
[2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serenum.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.sys
[2008/01/19 01:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2006/11/02 04:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys
[2006/11/02 04:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys
[2006/11/02 04:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 05:49:51 | 000,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS
[2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys
[2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2008/01/19 01:49:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2008/01/19 03:41:30 | 000,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys
[2009/04/10 22:52:40 | 000,684,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/02/18 10:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2011/02/18 10:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2011/02/18 10:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/11 02:32:54 | 000,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/04/11 00:42:47 | 000,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2008/01/19 03:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys
[2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys
[2008/01/19 01:49:56 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 10:01:59 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2008/01/19 01:57:10 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2008/01/19 02:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/19 02:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2008/01/19 02:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys
[2008/01/19 01:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2010/02/18 07:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2006/11/02 05:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS
[2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2006/11/02 05:50:04 | 000,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys
[2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys
[2008/01/19 01:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys
[2009/04/11 00:42:56 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/04/11 00:42:56 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2008/01/19 01:53:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys
[2008/01/19 01:53:17 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/04/11 00:42:57 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2008/01/19 02:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys
[2008/01/19 02:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/19 01:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys
[2008/01/19 01:53:38 | 000,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys
[2008/01/19 01:52:06 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys
[2006/11/02 04:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys
[2006/11/02 05:49:52 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS
[2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys
[2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys
[2008/01/19 01:52:12 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2008/01/19 03:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys
[2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys
[2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS
[2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS
[2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS
[2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys
[2008/01/19 01:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/04/11 00:22:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys
[2008/01/19 03:43:27 | 000,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/01/19 03:41:59 | 000,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/01/19 01:32:47 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2008/01/19 03:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2009/09/30 21:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2008/01/19 01:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/19 01:52:50 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys
[2008/01/19 01:53:04 | 000,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys
[2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys

< %systemroot%\system32\drivers\*.dll >
[2006/11/02 11:09:50 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wdfcoinstaller01005.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/07/10 10:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2007/11/12 04:25:18 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/12/09 09:44:34 | 000,014,582 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/06/10 08:33:41 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/12 04:01:32 | 000,000,371 | -H-- | M] () -- C:\IPH.PH
[2010/12/07 11:05:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/06/10 08:33:39 | 2450,804,736 | -HS- | M] () -- C:\pagefile.sys
[2011/06/10 08:37:11 | 000,000,586 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2007/11/12 04:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/11/19 01:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/11/12 04:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2010/02/18 21:00:45 | 000,000,000 | ---D | M] -- C:\Program Files\AOP
[2008/01/24 22:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2011/02/02 01:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/01/24 21:59:47 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2007/11/12 04:51:32 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2011/02/02 01:17:14 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/27 13:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/11/27 13:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2011/03/16 07:39:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/01/24 22:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/01/24 22:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/11/29 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\DATA
[2007/11/12 04:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess
[2010/12/15 09:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/06/01 09:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/01/24 22:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/03/24 23:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/01/24 22:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2008/01/24 22:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/11/27 13:36:17 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/24 22:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2001/01/01 00:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/03/16 07:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/03/16 07:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/24 01:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/20 00:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/19 23:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware(8)
[2010/11/25 09:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/14 00:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/01/26 10:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/04/25 18:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/06/23 22:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/12/15 07:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/11/25 08:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/01/27 07:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/08 20:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/01/26 11:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/02/10 23:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/11/12 04:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2008/04/14 15:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2008/01/24 22:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/02/10 23:10:21 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2011/02/02 01:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/28 07:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/01/24 22:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/11/29 12:36:23 | 000,000,000 | ---D | M] -- C:\Program Files\Robinson Curriculum
[2010/11/29 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\SENTENCE
[2011/01/04 10:11:39 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/01/26 10:36:20 | 000,000,000 | ---D | M] -- C:\Program Files\Startwrite
[2001/01/01 01:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\SterlingWare
[2010/11/29 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\STUDENTS
[2010/11/29 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\TABLISTS
[2010/06/12 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Transparent
[2010/12/07 11:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2008/06/23 22:14:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/02/19 22:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2008/02/10 23:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\Vongo
[2011/01/27 07:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2011/01/27 07:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/01/27 07:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/01/27 07:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/05/13 07:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/01/27 07:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/01/27 07:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2001/01/01 01:07:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/01/27 07:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/04/27 22:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/15 09:37:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/15 09:37:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/15 09:37:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/15 09:42:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/15 09:42:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/09/30 03:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/09/30 08:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SwSetup\Drivers\IMSM\Files\64\iastor.sys
[2007/09/30 03:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/30 08:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SwSetup\Drivers\IMSM\Files\32\iastor.sys
[2007/09/30 03:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/30 03:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

OTL Extras logfile created on: 6/10/2011 8:43:42 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.46% Memory free
4.21 Gb Paging File | 3.31 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 74.60 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.89 Gb Free Space | 16.13% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13317619-BB67-4783-B14F-1197674AE6F8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{276F33C0-5527-4537-9D4E-04BF59DC31FA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{64BB9CAC-0B94-4AB2-821C-84E551C8D088}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7ECDBDF2-A780-4E6C-A70F-30D51095A209}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{87A5998B-D758-4C95-86BE-A348F933125E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BC49673F-CA24-43CA-A114-D9BAF62CD0E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4E813E5-AF5E-4F60-92CF-14DA96CDD617}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED4AF667-5553-493F-A59A-E3128A04FAC0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007CC5D7-0E8E-44D5-B02E-42CA16FFC29A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{071656D0-931F-4C0B-B792-EEA7667B4B7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{0B72AD80-6DC8-42FE-AA76-E02395DB5832}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1304027B-9C86-487C-ABB9-5A6FF67C21A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{16805998-FEFB-4B80-9471-5DD3E6A0F088}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1D153740-F5F1-4477-A780-2F27D643099B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{214B838A-2898-4A48-82D8-666EDC35AFA3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{281C7F72-DC9A-4F9E-A4ED-54250F0BE42E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3204817B-1168-4D36-A556-614CE0E6A3E1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3ED663DE-60A1-419D-84D5-F9301BA7CE72}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{468A4364-6433-4127-BE91-82D43431FD6A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4C27ADE1-305E-4D82-A81C-653A1504EF9F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{50789C6E-2968-4795-B1A5-CB0903F58867}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{54019E5E-4DBB-4CF4-9480-4EC2873E3516}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{58650547-1B4C-428D-8960-B0ED89195DBB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5A51AE65-3F75-41B6-AD1E-51B1580C2587}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{5F3258DF-E58A-4022-AE80-193775E56132}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6534C5A5-7BAC-44F4-8FE5-963A63C057D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{75293B1A-BCE0-4740-9BED-9F71506B9328}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zsd96.tmp\symnrt.exe |
"{793B77D6-9E31-41AF-86BC-74D1383CBE7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FCFED6C-0C4E-4096-A4DB-CBD2EAAC799E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8D33FDD2-0130-4BE9-AD6F-6D30C78EBFAB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{90468331-40D5-4A8C-AA1A-93A4E20E07D0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9216DD16-5C98-4AE6-97C7-2735E4827751}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{947F097D-8B49-4ACA-80B6-1AA2B404327A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95E2F717-F762-45CD-97AD-77C9E5591DF6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{96BA7409-4F24-4808-AE89-500A8910A762}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{992DC8F3-A20D-4339-ABE6-3A023612468A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9C6CA932-F2CC-4F68-9C5E-C4832E2F4CB9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A69A8E55-B555-44FC-A873-BB574A24E680}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BFCA2A12-9A92-4F43-9DDB-068E3E20D08D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CFC3E763-6F9C-4A1F-AB3A-C289D4FA0A98}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DAD9DCD5-3B19-47CB-8E6F-ED8BE92184C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{DDB741A2-817C-420D-9440-C0194567D49A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E3CD7F8B-13AD-46BA-A142-7CC4C51F1166}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E9C8CDB1-B393-406A-8F2F-18836A7AB933}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zsd96.tmp\symnrt.exe |
"{FB5000AF-7BFD-4253-AD3C-591A4E2151D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{FD697DA7-C813-4EEA-A629-C973C6D7FE53}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{FF474905-9776-4B53-B8A4-052E3CC84284}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{2C0EE003-5F63-4858-9B9A-0817C6797B92}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5247E2EE-5B8A-40DB-90C1-0FF395808F3F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{97A399D2-3BC3-4ED2-82B1-6D11CD1BDBFA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B75DCDCB-9532-4743-B246-01B5CB951F6A}C:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe |
"TCP Query User{EEF975C5-4F36-4AAD-9161-319AE5DF9F85}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1257326F-4E25-4118-BDA7-FDE78A09CDE8}C:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\dtoj0ez4.e2o\g6xwba4p.ov5\west..kage_28b3eab364833aef_0001.0002_4a04786571555234\welcomehome.exe |
"UDP Query User{4559FB9C-BC74-4A11-A77D-DEF63E6F9D12}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4EC5EA7F-3551-42BB-BB1A-731CB7CA5C08}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{69843750-1FBB-44C0-BCC5-72CD12D26092}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{DF2B910E-3204-4379-8B0E-E85E0AF9BCD7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2243F21A-E132-44F7-BA13-024D0845C815}" = Microsoft SQL Server 2005 Backward compatibility
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB7AA30-9A34-4FDB-B0B0-ECE134E030B0}" = Sterling Math Facts
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{8322BC8D-5B9C-4F70-8FA2-6A059F840E88}" = e-Sword
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}" = RTC Client API v1.2 Setup
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SOSHOME22)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F1BA45A0-803C-43F0-9C1A-7095EF1B86DF}" = Brother HL-5250DN
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"Byki Express" = Byki Express
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"RealPlayer 12.0" = RealPlayer
"Robinson Curriculum" = Robinson Curriculum
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Startwrite" = Startwrite Startwrite 5.0 b209 Demo
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV 0.9.18
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2011 9:03:21 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/3/2011 9:45:52 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/4/2011 9:03:14 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/4/2011 5:47:21 PM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/4/2011 7:19:41 PM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/6/2011 9:27:55 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/6/2011 9:26:50 PM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/6/2011 9:32:56 PM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

Error - 6/6/2011 9:35:10 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/10/2011 8:34:10 AM | Computer Name = Owner-PC | Source = MSSQL$SOSHOME22 | ID = 19011
Description =

[ Media Center Events ]
Error - 2/10/2011 9:39:42 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• Then click the Run Fix button at the top.
  
• Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  
• If it asks to reboot the computer, allow it to reboot.
  
• If the program freezes, and the computer fails to reboot - let me know.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

here is the 2nd otl log. my comp did not reboot
OTL logfile created on: 6/10/2011 10:40:28 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.31% Memory free
4.21 Gb Paging File | 3.17 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.36 Gb Total Space | 76.77 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.89 Gb Free Space | 16.13% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 08:41:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 19:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/02 05:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 08:41:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 08:46:15 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE4E39F3-D8B6-44C6-B469-F81CE7D592F3}\MpKsleacfb6e8.sys -- (MpKsleacfb6e8)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/11 07:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/29 15:08:00 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 17:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/06/28 14:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://webmail.aol.com/39997/aol/en-us/Suite.aspx"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {0c2508e6-de4c-11db-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}:3.6
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cee613b&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/16 09:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/28 07:37:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 20:01:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 20:01:57 | 000,000,000 | ---D | M]

[2008/12/10 21:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/06/04 10:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions
[2011/03/08 18:14:18 | 000,000,000 | ---D | M] (Bible Fox Blue) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}
[2010/05/04 17:11:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/10 15:47:37 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2011/03/08 18:14:18 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/02/20 13:51:44 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\2020Player@2020Technologies.com
[2011/03/08 18:14:38 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\extension@virtusdesigns.com
[2009/01/13 10:45:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\moveplayer@movenetworks.com
[2011/03/08 18:14:37 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\noia2_option@kk.noia
[2011/04/08 05:54:33 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\personas@christopher.beard
[2011/03/08 18:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\extension@virtusdesigns.com\chrome
[2011/03/08 18:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\extension@virtusdesigns.com\defaults
[2011/03/08 18:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/01/10 15:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2010/01/10 15:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2011/01/24 01:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 10:11:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/27 15:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/07 18:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 01:51:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\063D7MA6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/08 20:01:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/08 20:01:51 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/09 09:40:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} http://plug-in.reallusion.com/CrazyTalk4.cab (CrazyTalk4 Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} http://www.reallusion.com/plug-in/rltts.cab (TTS Engine Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab (Live Collaboration)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/12 04:25:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 10:36:34 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/06/10 08:41:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/01 09:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1997/03/28 15:55:00 | 000,055,440 | ---- | C] (LEAD Technologies Inc.) -- C:\Program Files\LEAD.VBX

========== Files - Modified Within 30 Days ==========

[2011/06/10 10:36:35 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/06/10 10:33:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 10:33:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 10:15:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/10 08:41:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/10 08:38:48 | 000,632,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/10 08:38:48 | 000,116,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/10 08:36:19 | 000,009,602 | -HS- | M] () -- C:\Users\Owner\AppData\Local\5v658ex16os3r31s0
[2011/06/10 08:36:19 | 000,009,602 | -HS- | M] () -- C:\ProgramData\5v658ex16os3r31s0
[2011/06/10 08:35:57 | 000,000,285 | ---- | M] () -- C:\Users\Owner\Desktop\rkill - Shortcut.lnk
[2011/06/10 08:34:27 | 000,000,164 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/10 08:34:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 08:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 08:33:41 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 13:45:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2011/06/03 00:50:43 | 000,002,377 | ---- | M] () -- C:\Users\Owner\Desktop\Skype.lnk
[2011/06/02 22:32:19 | 000,048,836 | ---- | M] () -- C:\Users\Owner\Documents\bbsfhs.jpg
[2011/06/02 12:33:02 | 000,006,648 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/05/20 21:58:09 | 000,461,344 | ---- | M] () -- C:\Users\Owner\Documents\GATE.htm

========== Files Created - No Company Name ==========

[2011/06/10 08:35:57 | 000,000,285 | ---- | C] () -- C:\Users\Owner\Desktop\rkill - Shortcut.lnk
[2011/06/10 08:33:41 | 2137,014,272 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/06 16:26:43 | 000,009,602 | -HS- | C] () -- C:\Users\Owner\AppData\Local\5v658ex16os3r31s0
[2011/06/06 16:26:43 | 000,009,602 | -HS- | C] () -- C:\ProgramData\5v658ex16os3r31s0
[2011/06/02 22:32:17 | 000,048,836 | ---- | C] () -- C:\Users\Owner\Documents\bbsfhs.jpg
[2011/05/20 21:58:03 | 000,461,344 | ---- | C] () -- C:\Users\Owner\Documents\GATE.htm
[2011/01/04 21:02:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/07 18:51:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/07 18:51:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/07 18:51:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/07 18:51:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/07 18:51:45 | 000,000,000 | R--- | C] () -- C:\Windows\sed.exe
[2010/12/06 15:03:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/11/29 12:30:56 | 001,974,784 | ---- | C] () -- C:\Program Files\rcfiles.exe
[2010/11/29 12:30:56 | 000,517,104 | ---- | C] () -- C:\Windows\System32\LEAD45.DLL
[2010/11/29 12:30:56 | 000,000,164 | ---- | C] () -- C:\Program Files\RCSUPP~1.URL
[2010/11/27 13:37:01 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/27 13:37:01 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2010/11/27 13:36:45 | 000,000,147 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/11/27 13:36:45 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/11/27 13:36:45 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/11/27 13:36:44 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/11/27 13:36:42 | 000,014,441 | ---- | C] () -- C:\Windows\HL-5250DN.INI
[2010/10/22 23:58:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/22 23:58:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/07 21:31:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/16 08:58:49 | 000,023,087 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/08/10 19:19:09 | 000,002,704 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/06/23 22:37:15 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2008/02/17 00:26:16 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/15 11:38:25 | 000,047,616 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 09:26:53 | 000,006,648 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/01/24 22:01:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/12 04:39:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/08/20 08:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 08:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,324,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,632,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,116,408 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/11/07 21:54:02 | 000,699,584 | ---- | C] () -- C:\Program Files\robinson.exe
[2002/07/29 16:01:36 | 000,001,450 | ---- | C] () -- C:\Program Files\fcvp_w.dat
[2002/07/29 16:01:36 | 000,001,325 | ---- | C] () -- C:\Program Files\fcvp_s.dat
[2002/07/16 15:10:52 | 000,009,154 | ---- | C] () -- C:\Program Files\robinson.ini
[2002/07/16 15:09:26 | 001,420,800 | ---- | C] () -- C:\Program Files\robinson.wri
[2002/07/09 11:59:08 | 000,000,164 | ---- | C] () -- C:\Program Files\RCSupport.url
[2001/11/08 15:54:14 | 000,038,752 | ---- | C] () -- C:\Program Files\leaddib.drv
[1997/01/11 21:35:28 | 000,014,947 | ---- | C] () -- C:\Program Files\math.dat
[1997/01/11 21:35:28 | 000,005,468 | ---- | C] () -- C:\Program Files\phonics.dat
[1997/01/11 21:35:28 | 000,002,396 | ---- | C] () -- C:\Program Files\vdrill.dat

========== Custom Scans ==========


< files >

< C:\Users\Owner\AppData\Local\5v658ex16os3r31s0 >
[2011/06/10 08:36:19 | 000,009,602 | -HS- | M] () -- C:\Users\Owner\AppData\Local\5v658ex16os3r31s0

< C:\ProgramData\5v658ex16os3r31s0 >
[2011/06/10 08:36:19 | 000,009,602 | -HS- | M] () -- C:\ProgramData\5v658ex16os3r31s0

< C:\Users\Owner\AppData\Local\jox.exe >

< >

< :otl >

< O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< >

< :commands >

< [reboot] >

< End of report >

To my knowledge the program did NOT FREEZE, but it did NOT REBOOT either.

Please repeat my instructions and this time make sure you click the right button (Run Fix button, not the Run Scan) ...

After that MBAM and awsMBR

mbam log
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6832

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

12/31/2000 11:19:10 PM
mbam-log-2000-12-31 (23-19-02).txt

Scan type: Quick scan
Objects scanned: 161197
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\jox.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\jox.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Owner\AppData\Local\temp\0.30339600732145866.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\temp\0.2560686552992485.exe (Trojan.Dropper) -> No action taken.
c:\Users\Owner\AppData\Local\temp\0.8826801617107745.exe (Trojan.Dropper) -> No action taken.

here it is after I cleaned it
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6832

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

12/31/2000 11:23:14 PM
mbam-log-2000-12-31 (23-23-14).txt

Scan type: Quick scan
Objects scanned: 161197
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\jox.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\jox.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Owner\AppData\Local\temp\0.30339600732145866.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\0.2560686552992485.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\0.8826801617107745.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

aswMBR
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2000-12-31 23:24:54
-----------------------------
23:24:54.093 OS Version: Windows 6.0.6002 Service Pack 2
23:24:54.093 Number of processors: 2 586 0xF0D
23:24:54.094 ComputerName: OWNER-PC UserName: Owner
23:24:55.255 Initialize success
23:25:23.783 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:25:23.786 Disk 0 Vendor: FUJITSU_ 890B Size: 152627MB BusType: 3
23:25:23.805 Disk 0 MBR read successfully
23:25:23.809 Disk 0 MBR scan
23:25:23.812 Disk 0 unknown MBR code
23:25:23.818 Disk 0 scanning sectors +312576705
23:25:23.857 Disk 0 scanning C:\Windows\system32\drivers
23:25:30.549 Service scanning
23:25:31.799 Disk 0 trace - called modules:
23:25:31.827 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
23:25:31.833 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a7e9d8]
23:25:31.840 3 CLASSPNP.SYS[8819e8b3] -> nt!IofCallDriver -> [0x84072658]
23:25:31.847 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84076028]
23:25:31.855 Scan finished successfully
23:26:26.278 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
23:26:26.291 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Excellent. As far as I can see, your computer is CLEAN.



====================

Time to uninstall used tools.

• Double click OTL.exe to run it again and click the CleanUp button.
  
• If we used any other tools and they still remain on your desktop, please delete them manually.

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 25

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 25).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

Is everything running smooth now? Do you require any more assistance or shall I post my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean)?

Everything seems to be working fine now. Please post your ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean)

Allright! Now that we have you cleaned, we´ve got to make sure you stay clean.
Let me provide you with some recommendations:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Avira. 100 million users can´t be wrong. If you want high detection rates, this is your best free bet.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!