Solved Infected with Fraud.sysGuard

[Resolved] Infected with Fraud.sysGuard

A friend gave me his HP notebook with Vista Home Premium installed to clean out. Spybot detected Fraud.sysguard. Reading on other sites that the cleaning is rather involved and would like some opinions. The PC is an HP not sure of model but has 32 bit Vista home Premium installed with 320 gig hard drive, 2 gig of RAM. Symptoms include no internet access, CD drive inoperable, control panel missing or hid, system restore deactivated and no control over it. AVG turned off and won't restart as well as updates disabled. Slow response to commands and will not shut down as it only gets to saving settings and hangs up. Is this enough to perhaps offer some suggestions?
Thanks for any input. John

 

Fraud.Sysguard

I hope I posted this correctly as I don't want to upset the mod's. To recap, this is a HP G70 with Vista SP1 with 2 Ghz Intel processor, 3 gig of RAM.
After following your instructions I now have the reports you requested except for DDS would not generate an attach,txt file.

Mbam reports this:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/29/2011 10:07:45 PM
mbam-log-2011-01-29 (22-07-45).txt

Scan type: Quick scan
Objects scanned: 143610
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0B0D33D-8E8B-4F94-B06C-F50EE16DA0FE}_is1 (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\CHEIF\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\perfect optimizer\aamd532.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\ActiveX.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Apps.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\components.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Config.db (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\FreeUse.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\installdll.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\License.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\miraclelib.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\perfectoptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\report.html (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SERes.DLL (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\sqlite3.dll (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\unins000.dat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\unins000.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\website.url (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\about.bmp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\head.bmp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\lng2const.xml (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\logo.ico (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\Menu.xml (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\perfectoptimzer.chm (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\register.jpg (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\smalllogo.bmp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\splash.jpg (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\config\website.url (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\campus_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\default_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\home_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\interner_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\notebook_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\office_model.bat (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\CHEIF\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer\perfect optimizer.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\CHEIF\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer\uninstall.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\Users\CHEIF\AppData\Roaming\microsoft\Windows\start menu\Programs\perfect optimizer\Website.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

GMER report:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-29 23:33:32
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: gmer.exe; Driver: C:\Users\CHEIF\AppData\Local\Temp\kgldypob.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3684] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

---- EOF - GMER 1.0.15 ----

MBR Check report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G70 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 194):
0x8224E000 \SystemRoot\system32\ntkrnlpa.exe
0x8221B000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046D000 \SystemRoot\system32\PSHED.dll
0x8047E000 \SystemRoot\system32\BOOTVID.dll
0x80486000 \SystemRoot\system32\CLFS.SYS
0x804C7000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\system32\drivers\isapnp.sys
0x80717000 \SystemRoot\system32\drivers\mpio.sys
0x80733000 \SystemRoot\System32\drivers\partmgr.sys
0x80742000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80745000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8074F000 \SystemRoot\system32\drivers\volmgr.sys
0x8075E000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A8000 \SystemRoot\system32\drivers\intelide.sys
0x807AF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807BD000 \SystemRoot\system32\drivers\aliide.sys
0x807C4000 \SystemRoot\system32\drivers\amdide.sys
0x807CB000 \SystemRoot\system32\drivers\cmdide.sys
0x807D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E3000 \SystemRoot\system32\drivers\msdsm.sys
0x805A7000 \SystemRoot\system32\drivers\nvraid.sys
0x805C2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x805E3000 \SystemRoot\system32\drivers\pciide.sys
0x805EA000 \SystemRoot\system32\drivers\viaide.sys
0x8A601000 \SystemRoot\system32\drivers\iastorv.sys
0x8A6A2000 \SystemRoot\system32\drivers\atapi.sys
0x8A6AA000 \SystemRoot\system32\drivers\ataport.SYS
0x8A6C8000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8A6E2000 \SystemRoot\system32\drivers\storport.sys
0x8A723000 \SystemRoot\system32\drivers\msahci.sys
0x8A72D000 \SystemRoot\system32\drivers\hpcisss.sys
0x8A738000 \SystemRoot\system32\drivers\adp94xx.sys
0x8A7A2000 \SystemRoot\system32\drivers\adpahci.sys
0x8A80E000 \SystemRoot\system32\drivers\adpu160m.sys
0x8A829000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8A84F000 \SystemRoot\system32\drivers\adpu320.sys
0x8A875000 \SystemRoot\system32\drivers\djsvs.sys
0x8A889000 \SystemRoot\system32\drivers\arc.sys
0x8A89F000 \SystemRoot\system32\drivers\arcsas.sys
0x8A8B5000 \SystemRoot\system32\drivers\elxstor.sys
0x8A949000 \SystemRoot\system32\drivers\i2omp.sys
0x8A953000 \SystemRoot\system32\drivers\iirsp.sys
0x8A963000 \SystemRoot\system32\drivers\iteatapi.sys
0x8A96F000 \SystemRoot\system32\drivers\iteraid.sys
0x8A97B000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8A995000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8A9AD000 \SystemRoot\system32\drivers\megasas.sys
0x8AA0C000 \SystemRoot\system32\drivers\megasr.sys
0x8AAC3000 \SystemRoot\system32\drivers\mraid35x.sys
0x8AACE000 \SystemRoot\system32\drivers\nfrd960.sys
0x8AADC000 \SystemRoot\system32\drivers\nvstor.sys
0x8AC00000 \SystemRoot\system32\drivers\ql2300.sys
0x8AD38000 \SystemRoot\system32\drivers\ql40xx.sys
0x8AD8D000 \SystemRoot\system32\drivers\sisraid2.sys
0x8AD9A000 \SystemRoot\system32\drivers\sisraid4.sys
0x8ADAF000 \SystemRoot\system32\drivers\symc8xx.sys
0x8ADBB000 \SystemRoot\system32\drivers\sym_hi.sys
0x8ADC6000 \SystemRoot\system32\drivers\sym_u3.sys
0x8AAE9000 \SystemRoot\system32\drivers\uliahci.sys
0x8ADD1000 \SystemRoot\system32\drivers\ulsata.sys
0x8AB25000 \SystemRoot\system32\drivers\ulsata2.sys
0x8AB51000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AB72000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ABA4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE7B000 \SystemRoot\system32\drivers\ndis.sys
0x8AF86000 \SystemRoot\system32\drivers\msrpc.sys
0x8AFB1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B005000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B30F000 \SystemRoot\system32\drivers\wd.sys
0x8B317000 \SystemRoot\system32\drivers\volsnap.sys
0x8B350000 \SystemRoot\System32\Drivers\spldr.sys
0x8B358000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B36D000 \SystemRoot\System32\Drivers\mup.sys
0x8B37C000 \SystemRoot\System32\drivers\ecache.sys
0x8B3A3000 \SystemRoot\system32\drivers\disk.sys
0x8B3B4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B109000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B3F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EA03000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F0E6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F185000 \SystemRoot\System32\drivers\watchdog.sys
0x8F192000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F19D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F1EA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B118000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F408000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F4EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F4FF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F504000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F50F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F53F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F541000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F54C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F550000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F568000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F596000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5B8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F5C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B13A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B14E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B163000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F5F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B173000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B19D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B1A7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1B4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B1E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8ABB4000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8A9B7000 \SystemRoot\system32\drivers\portcls.sys
0x8FA05000 \SystemRoot\system32\drivers\drmk.sys
0x8FA2A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FA68000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FC0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FCC4000 \SystemRoot\system32\drivers\modem.sys
0x8FCD1000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FCF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FCFB000 \SystemRoot\System32\Drivers\Null.SYS
0x8FD02000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FD12000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8FD19000 \SystemRoot\System32\drivers\vga.sys
0x8FD25000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FD46000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FD4E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FD56000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FD61000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FD6F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FD78000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FD8E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FDC0000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FB6B000 \SystemRoot\system32\drivers\afd.sys
0x8FDD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FDEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FE0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FE47000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FE5A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FE64000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FE7B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FE92000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FEB3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FEC0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FECB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97470000 \SystemRoot\System32\win32k.sys
0x8FED5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FEDF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97690000 \SystemRoot\System32\TSDDD.dll
0x976B0000 \SystemRoot\System32\cdd.dll
0x976C0000 \SystemRoot\System32\ATMFD.DLL
0x8FEEE000 \SystemRoot\system32\drivers\luafv.sys
0x8FF09000 \SystemRoot\system32\drivers\spsys.sys
0x8FFB8000 \SystemRoot\system32\DRIVERS\elagopro.sys
0x8FFBF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FFCF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FBC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAE0A000 \SystemRoot\system32\drivers\HTTP.sys
0xAAE77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAE94000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAEAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAAEC2000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAEE2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAF01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAF3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAAF52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAAF7A000 \SystemRoot\System32\DRIVERS\srv.sys
0xAAFE0000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0xAAFE2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAB60F000 \SystemRoot\system32\drivers\peauth.sys
0xAB6ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB6F7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB703000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAB70B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAB721000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAB733000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAB75B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAB770000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAB782000 \??\C:\Users\CHEIF\AppData\Local\Temp\kgldypob.sys
0x77330000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
528 csrss.exe
572 C:\Windows\System32\wininit.exe
584 csrss.exe
616 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1204 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\wlanext.exe
1704 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1952 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2016 C:\Windows\System32\svchost.exe
2028 C:\Program Files\SMINST\BLService.exe
368 C:\Program Files\CyberLink\Shared files\RichVideo.exe
12 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\SearchIndexer.exe
1828 C:\Windows\System32\drivers\XAudio.exe
360 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2476 C:\Windows\System32\taskeng.exe
2540 C:\Windows\System32\dwm.exe
2608 C:\Windows\explorer.exe
2720 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2740 C:\Windows\System32\hkcmd.exe
2756 C:\Windows\System32\igfxpers.exe
2776 C:\Program Files\HP\QuickPlay\QPService.exe
2832 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2896 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
2912 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2920 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2928 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2936 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
2944 C:\Windows\ehome\ehtray.exe
2960 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2972 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3060 C:\Windows\System32\igfxsrvc.exe
3180 C:\Windows\ehome\ehmsas.exe
3516 C:\Windows\System32\wbem\unsecapp.exe
3600 WmiPrvSE.exe
3684 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
2228 WUDFHost.exe
2572 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2680 C:\Windows\System32\mobsync.exe
3048 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2424 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1428 C:\Program Files\Windows Media Player\wmpnetwk.exe
2160 C:\Windows\System32\wuauclt.exe
3584 taskeng.exe
3916 RacAgent.exe
2884 C:\Windows\System32\SearchProtocolHost.exe
3556 C:\Windows\System32\SearchFilterHost.exe
4020 C:\Users\CHEIF\Desktop\VISta Repair\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cd100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


DDS Report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G70 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 194):
0x8224E000 \SystemRoot\system32\ntkrnlpa.exe
0x8221B000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046D000 \SystemRoot\system32\PSHED.dll
0x8047E000 \SystemRoot\system32\BOOTVID.dll
0x80486000 \SystemRoot\system32\CLFS.SYS
0x804C7000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\system32\drivers\isapnp.sys
0x80717000 \SystemRoot\system32\drivers\mpio.sys
0x80733000 \SystemRoot\System32\drivers\partmgr.sys
0x80742000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80745000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8074F000 \SystemRoot\system32\drivers\volmgr.sys
0x8075E000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A8000 \SystemRoot\system32\drivers\intelide.sys
0x807AF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807BD000 \SystemRoot\system32\drivers\aliide.sys
0x807C4000 \SystemRoot\system32\drivers\amdide.sys
0x807CB000 \SystemRoot\system32\drivers\cmdide.sys
0x807D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E3000 \SystemRoot\system32\drivers\msdsm.sys
0x805A7000 \SystemRoot\system32\drivers\nvraid.sys
0x805C2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x805E3000 \SystemRoot\system32\drivers\pciide.sys
0x805EA000 \SystemRoot\system32\drivers\viaide.sys
0x8A601000 \SystemRoot\system32\drivers\iastorv.sys
0x8A6A2000 \SystemRoot\system32\drivers\atapi.sys
0x8A6AA000 \SystemRoot\system32\drivers\ataport.SYS
0x8A6C8000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8A6E2000 \SystemRoot\system32\drivers\storport.sys
0x8A723000 \SystemRoot\system32\drivers\msahci.sys
0x8A72D000 \SystemRoot\system32\drivers\hpcisss.sys
0x8A738000 \SystemRoot\system32\drivers\adp94xx.sys
0x8A7A2000 \SystemRoot\system32\drivers\adpahci.sys
0x8A80E000 \SystemRoot\system32\drivers\adpu160m.sys
0x8A829000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8A84F000 \SystemRoot\system32\drivers\adpu320.sys
0x8A875000 \SystemRoot\system32\drivers\djsvs.sys
0x8A889000 \SystemRoot\system32\drivers\arc.sys
0x8A89F000 \SystemRoot\system32\drivers\arcsas.sys
0x8A8B5000 \SystemRoot\system32\drivers\elxstor.sys
0x8A949000 \SystemRoot\system32\drivers\i2omp.sys
0x8A953000 \SystemRoot\system32\drivers\iirsp.sys
0x8A963000 \SystemRoot\system32\drivers\iteatapi.sys
0x8A96F000 \SystemRoot\system32\drivers\iteraid.sys
0x8A97B000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8A995000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8A9AD000 \SystemRoot\system32\drivers\megasas.sys
0x8AA0C000 \SystemRoot\system32\drivers\megasr.sys
0x8AAC3000 \SystemRoot\system32\drivers\mraid35x.sys
0x8AACE000 \SystemRoot\system32\drivers\nfrd960.sys
0x8AADC000 \SystemRoot\system32\drivers\nvstor.sys
0x8AC00000 \SystemRoot\system32\drivers\ql2300.sys
0x8AD38000 \SystemRoot\system32\drivers\ql40xx.sys
0x8AD8D000 \SystemRoot\system32\drivers\sisraid2.sys
0x8AD9A000 \SystemRoot\system32\drivers\sisraid4.sys
0x8ADAF000 \SystemRoot\system32\drivers\symc8xx.sys
0x8ADBB000 \SystemRoot\system32\drivers\sym_hi.sys
0x8ADC6000 \SystemRoot\system32\drivers\sym_u3.sys
0x8AAE9000 \SystemRoot\system32\drivers\uliahci.sys
0x8ADD1000 \SystemRoot\system32\drivers\ulsata.sys
0x8AB25000 \SystemRoot\system32\drivers\ulsata2.sys
0x8AB51000 \SystemRoot\system32\drivers\vsmraid.sys
0x8AB72000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ABA4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE7B000 \SystemRoot\system32\drivers\ndis.sys
0x8AF86000 \SystemRoot\system32\drivers\msrpc.sys
0x8AFB1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B005000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B30F000 \SystemRoot\system32\drivers\wd.sys
0x8B317000 \SystemRoot\system32\drivers\volsnap.sys
0x8B350000 \SystemRoot\System32\Drivers\spldr.sys
0x8B358000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B36D000 \SystemRoot\System32\Drivers\mup.sys
0x8B37C000 \SystemRoot\System32\drivers\ecache.sys
0x8B3A3000 \SystemRoot\system32\drivers\disk.sys
0x8B3B4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B109000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B3F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EA03000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F0E6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F185000 \SystemRoot\System32\drivers\watchdog.sys
0x8F192000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F19D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F1EA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B118000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F408000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F4EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F4FF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F504000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F50F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F53F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F541000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F54C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F550000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F568000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F596000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5A1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5B8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F5C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B13A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B14E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B163000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F5F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B173000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B19D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B1A7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1B4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B1E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8ABB4000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8A9B7000 \SystemRoot\system32\drivers\portcls.sys
0x8FA05000 \SystemRoot\system32\drivers\drmk.sys
0x8FA2A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FA68000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FC0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FCC4000 \SystemRoot\system32\drivers\modem.sys
0x8FCD1000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FCF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FCFB000 \SystemRoot\System32\Drivers\Null.SYS
0x8FD02000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FD12000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8FD19000 \SystemRoot\System32\drivers\vga.sys
0x8FD25000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FD46000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FD4E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FD56000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FD61000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FD6F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FD78000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FD8E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FDC0000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FB6B000 \SystemRoot\system32\drivers\afd.sys
0x8FDD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FDEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FE0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FE47000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FE5A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FE64000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FE7B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FE92000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FEB3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FEC0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FECB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97470000 \SystemRoot\System32\win32k.sys
0x8FED5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FEDF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97690000 \SystemRoot\System32\TSDDD.dll
0x976B0000 \SystemRoot\System32\cdd.dll
0x976C0000 \SystemRoot\System32\ATMFD.DLL
0x8FEEE000 \SystemRoot\system32\drivers\luafv.sys
0x8FF09000 \SystemRoot\system32\drivers\spsys.sys
0x8FFB8000 \SystemRoot\system32\DRIVERS\elagopro.sys
0x8FFBF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FFCF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FBC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAE0A000 \SystemRoot\system32\drivers\HTTP.sys
0xAAE77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAE94000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAEAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAAEC2000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAEE2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAF01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAF3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAAF52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAAF7A000 \SystemRoot\System32\DRIVERS\srv.sys
0xAAFE0000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0xAAFE2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAB60F000 \SystemRoot\system32\drivers\peauth.sys
0xAB6ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAB6F7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB703000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAB70B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAB721000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xAB733000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAB75B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAB770000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAB782000 \??\C:\Users\CHEIF\AppData\Local\Temp\kgldypob.sys
0x77330000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
528 csrss.exe
572 C:\Windows\System32\wininit.exe
584 csrss.exe
616 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1204 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\wlanext.exe
1704 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1952 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2016 C:\Windows\System32\svchost.exe
2028 C:\Program Files\SMINST\BLService.exe
368 C:\Program Files\CyberLink\Shared files\RichVideo.exe
12 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\SearchIndexer.exe
1828 C:\Windows\System32\drivers\XAudio.exe
360 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2476 C:\Windows\System32\taskeng.exe
2540 C:\Windows\System32\dwm.exe
2608 C:\Windows\explorer.exe
2720 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2740 C:\Windows\System32\hkcmd.exe
2756 C:\Windows\System32\igfxpers.exe
2776 C:\Program Files\HP\QuickPlay\QPService.exe
2832 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2896 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
2912 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2920 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2928 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2936 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
2944 C:\Windows\ehome\ehtray.exe
2960 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2972 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3060 C:\Windows\System32\igfxsrvc.exe
3180 C:\Windows\ehome\ehmsas.exe
3516 C:\Windows\System32\wbem\unsecapp.exe
3600 WmiPrvSE.exe
3684 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
2228 WUDFHost.exe
2572 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2680 C:\Windows\System32\mobsync.exe
3048 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2424 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1428 C:\Program Files\Windows Media Player\wmpnetwk.exe
2160 C:\Windows\System32\wuauclt.exe
3584 taskeng.exe
3916 RacAgent.exe
2884 C:\Windows\System32\SearchProtocolHost.exe
3556 C:\Windows\System32\SearchFilterHost.exe
4020 C:\Users\CHEIF\Desktop\VISta Repair\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cd100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

Sorry about that, babysitting doesn't go well with some other taks sometimes.
Here is the DDS file :

DDS (Ver_10-12-12.02) - NTFSx86
Run by CHEIF at 0:19:01.18 on Sun 01/30/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1735 [GMT -5:00]

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Users\CHEIF\Desktop\VISta Repair\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5 "
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0 "
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg "& "inst=NzctNDg0MjcyMjk4LUJBKzEtS1YzKzctWEwrMS1UNS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMQ "& "prod=90 "& "ver=10.0.1187
StartupFolder: c:\users\cheif\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Azada/Images/stg_drm.ocx
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://media.keytrain.com/player/IE/awswaxd.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Azada/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Norton Internet Security;Norton Internet Security; "c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]

=============== Created Last 30 ================

2011-01-29 01:32:31 -------- d-sh--w- c:\users\cheif\appdata\roaming\.#
2011-01-29 01:32:31 -------- d-----w- c:\program files\common files\SWF Studio
2011-01-28 04:33:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-28 04:20:54 -------- d-----w- C:\ComboFix
2011-01-28 02:25:19 13082760 ----a-w- c:\program files\uninstall information\SAS_389E.COM
2011-01-27 02:40:13 -------- d-----w- C:\MGTools
2011-01-27 02:13:59 98816 ----a-w- c:\windows\sed.exe
2011-01-27 02:13:59 89088 ----a-w- c:\windows\MBR.exe
2011-01-27 02:13:59 256512 ----a-w- c:\windows\PEV.exe
2011-01-27 02:13:59 161792 ----a-w- c:\windows\SWREG.exe
2011-01-27 01:26:50 -------- d-----w- c:\progra~2\Martau
2011-01-27 01:00:27 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-01-26 04:58:42 -------- d-----w- c:\users\cheif\appdata\roaming\Malwarebytes
2011-01-26 04:58:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 04:58:25 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-26 04:58:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-26 04:58:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 04:08:41 -------- d-----w- c:\users\cheif\appdata\roaming\SUPERAntiSpyware.com
2011-01-26 04:08:41 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

==================== Find3M ====================

2010-11-06 11:10:29 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:10:13 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:10:13 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:09:57 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-05 00:53:47 171520 ----a-w- c:\windows\system32\taskeng.exe

============= FINISH: 0:19:32.87 ===============

DDS only generated the one file. Any ideas?

 

I left a reply Sunday that has not been posted yet. Given the weather across the country I delayed posting again. I still can not get DDS to generate an Attach.txt file. Do you have any suggestions ? Thanks. John

 

Okay, had to install Avast in safe mode. Restarted and Avast found and removed 2 files:
C:\Users\Cheif\Shared\saving able the sex (complete).wma
C:\WindowsSystem32\ssblinkx.scr
ComboFix 11-01-31.02 - CHEIF 02/03/2011 23:14:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.2000 [GMT -5:00]
Running from: c:\users\CHEIF\Desktop\combofix.exe.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 04:20 . 2011-02-04 04:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-04 04:20 . 2011-02-04 04:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 03:08 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-04 03:08 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-04 03:08 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-04 03:08 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-04 03:08 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-04 03:08 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-04 03:08 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-04 03:08 . 2011-02-04 03:08 -------- d-----w- c:\programdata\Alwil Software
2011-02-04 03:08 . 2011-02-04 03:08 -------- d-----w- c:\program files\Alwil Software
2011-02-02 04:17 . 2011-02-02 04:17 -------- d-----w- C:\ebc0a97224a0f48ac06673a2
2011-02-02 03:27 . 2011-02-02 03:27 -------- d-----w- C:\dda168cf5641c6984a74996db66a
2011-02-02 01:51 . 2011-01-28 22:41 624128 ----a-w- C:\dds.scr
2011-02-01 02:52 . 2011-02-01 03:46 -------- d-----w- C:\416531a0f9b195f465ec
2011-01-29 01:32 . 2011-01-29 01:32 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-01-28 02:25 . 2011-01-22 19:24 13082760 ----a-w- c:\program files\Uninstall Information\SAS_389E.COM
2011-01-27 02:40 . 2011-01-29 03:27 -------- d-----w- C:\MGTools
2011-01-27 01:26 . 2011-01-27 01:26 -------- d-----w- c:\programdata\Martau
2011-01-27 01:00 . 2011-01-27 01:08 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-01-26 04:58 . 2011-01-26 04:58 -------- d-----w- c:\users\CHEIF\AppData\Roaming\Malwarebytes
2011-01-26 04:58 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 04:58 . 2011-01-26 04:58 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 04:58 . 2011-01-27 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 04:58 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-26 04:08 . 2011-01-26 04:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-29 03:27 . 2011-01-28 05:04 144037 ----a-w- C:\MGlogs.zip
2010-12-09 22:37 . 2010-12-09 22:37 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-06 11:10 . 2010-12-15 03:48 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:10 . 2010-12-15 03:48 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:10 . 2010-12-15 03:48 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:09 . 2010-12-15 03:48 603648 ----a-w- c:\windows\system32\schedsvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"EasyLinkAdvisor "= "c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL "= "start http:" [X]

c:\users\CHEIF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-07 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 23:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-02-03 23:24:04
ComboFix-quarantined-files.txt 2011-02-04 04:23
ComboFix2.txt 2011-02-04 02:37
ComboFix3.txt 2011-01-27 04:53

Pre-Run: 218,278,187,008 bytes free
Post-Run: 218,309,955,584 bytes free

- - End Of File - - B2C1091FE303DA6A7B00E92C27D4706E

Combofix

So what is next for this sick puppy? Thanks, John

 

Hopefully Norton artifacts are gone but OTL hung up while trying to create a restore point. Any ideas? John

 

Had to split the results, also had to run in safe mode.
OTL Extras logfile created on: 2/6/2011 6:47:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\CHEIF\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.20 Gb Total Space | 206.18 Gb Free Space | 71.79% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: NICKS_LAPTOP | User Name: CHEIF | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe" = F:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe:*:Enabled:SpybotSD
"F:\FirefoxPortable\App\Firefox\firefox.exe" = F:\FirefoxPortable\App\Firefox\firefox.exe:*:Enabled:Firefox

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe" = F:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe:*:Enabled:SpybotSD
"F:\FirefoxPortable\App\Firefox\firefox.exe" = F:\FirefoxPortable\App\Firefox\firefox.exe:*:Enabled:Firefox


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01759EFB-2BA4-4DA1-A542-DBB93D7CC84C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F84ABB8-E517-4DBE-93BF-22C908F89AEB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{242853D9-7876-4100-8E0D-1D24D3DC2949}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D64AA98-8680-4C92-818C-46857442BDD8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{399D9079-8DD3-40BA-81F7-7C3777359DFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46E82EE0-08FB-46A3-80E2-8C0FDFCF4BE8}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D165480-4903-4E1F-B457-190E855622C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D6A753B-1013-45B0-B290-59AEF1963B24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{716C8993-BAF6-46EC-BB78-351D1BEF24B8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7201B30A-E0C1-4582-A2B3-21661E45C6DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B36C408-C2CF-47BC-8E3D-03CAC900B84D}" = rport=139 | protocol=6 | dir=out | app=system |
"{7FE5C5A1-CF94-4273-9EDD-645D81F5E727}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{913D39B4-63D8-4D91-B683-7394B99329B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9B009778-8B22-48A4-8E5E-6317B5090B02}" = lport=137 | protocol=17 | dir=in | app=system |
"{A49E9A8F-03A9-4B40-A193-BAA40441678C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA032D50-4A7B-4849-8D92-EDE3D0199FE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE0C2624-778C-45C1-892F-805842218F35}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE9FD4E4-9AB7-4E16-A11A-A358D3E00BF5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B498A2C9-659D-4501-8978-02CC3C8A3638}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB7AC1DC-E0BC-4D85-8BD8-E1F238BE4FD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0D4D60B-227D-4E11-9F4D-88B5B7876D69}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CD523100-CD4E-478C-957F-F72CFC2F1D14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0A2B70A-DA44-44E1-9F8B-39121C3DA534}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E22AAC6F-9207-4D5D-B46F-BF45BD78171A}" = lport=445 | protocol=6 | dir=in | app=system |
"{F853A275-E6F7-488E-BD83-A69C549B8895}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA0E607A-159D-4740-B2BB-AF2A23D8E9E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEDAF10E-091B-47ED-87A2-53661CCFE98C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1B1B58-6262-4847-80CA-A537670464B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E778722-B2E9-4A3B-9316-130DF06EFEDB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0EE3B6A1-B840-4EB1-B62B-2C1FCEB2571E}" = protocol=17 | dir=in | app=c:\users\cheif\appdata\local\temp\7zs1d32.tmp\symnrt.exe |
"{12FA4675-92D1-4845-A937-A4271125F652}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1ACC40E2-1ED9-4C6F-B41F-5E745593C816}" = dir=in | app=c:\windows\system32\nlsdata001132.exe |
"{1EA4339F-698C-40EB-832C-16D30C803466}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2C58BAFA-065A-4924-95C4-D5CFA3031652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{334410D8-7373-4DCD-8D2E-82E519D5EA92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B10B4CE-1A62-4C13-BCF9-BC6BE0010CEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53BB67FA-F2DE-4192-83AF-F021E9EDFE2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C885659-E152-48EA-9BC7-E8769B4179C0}" = dir=in | app=c:\windows\system32\nlsdata001132.exe |
"{5F91396F-583C-4603-9269-CE01E903B254}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{78CCDE07-1E88-423E-A83E-16AC88F767A3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7DE6C0E9-33BA-44F8-8294-215B530CB23A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{848BC054-F85A-46E4-9A3D-6ADC828A100F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8A43CCFA-CB0B-469A-9F8D-9A15462DB6F2}" = protocol=6 | dir=out | app=system |
"{902AC5B9-C099-4142-A931-78C7CC097FD2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D2777E2-F8A7-4CA6-A3E3-2D80506A87F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0418E16-7043-4CAD-9D83-C46AD2D4D170}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{AE10BD3B-1F97-4ABE-849B-66A85192FAC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B4C32B14-FEB0-4342-9F11-A7ED937CD31E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B63806AA-844D-4EA4-BB38-E0E53A7D5CF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B8481EE3-311C-4A01-B93A-CDB52EF83AB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B986310D-7FC2-4581-86A6-9174413B4751}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BD763B2C-FD80-45E0-9B17-09FF7DE08084}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7FFF67D-A77F-44CA-BB62-B22C023854D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CCDBB5D8-4466-48A1-981B-E45CBB783B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D15119C6-12A8-48EB-8B5C-AF258F1065D6}" = dir=in | app=c:\windows\system32\nlsdata001132.exe |
"{E8DB5D0D-A37D-4E0B-9F8B-310EDFEC2B53}" = protocol=6 | dir=in | app=c:\users\cheif\appdata\local\temp\7zs1d32.tmp\symnrt.exe |
"TCP Query User{3E0D25BC-A5A2-4D48-9589-D6A668B59DB7}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{82E1EA14-CBFE-490B-9D50-50F8AE444422}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{E2FD2188-C607-4A9C-954F-797F0251A432}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{DE99C074-808C-43BF-B8F1-3B9E171A5747}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{E3F5314E-5D29-42F4-993F-12CC45665AD1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F73F5AEE-BEA0-48A5-8F34-9EE28DBE6ED7}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2276E169-3C2B-44B9-92A1-87E630C9FDD0}" = Quake Live Internet Explorer Plugin
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Fundamentals of Anatomy and Physiology_is1" = Fundamentals of Anatomy and Physiology
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2010 4:03:00 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 1024
Description =

Error - 12/27/2010 4:36:26 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 11606
Description =

Error - 12/27/2010 4:36:26 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 11606
Description =

Error - 12/27/2010 4:36:26 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 1024
Description =

Error - 12/27/2010 4:37:03 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 11606
Description =

Error - 12/27/2010 4:37:03 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 11606
Description =

Error - 12/27/2010 4:37:03 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 1024
Description =

Error - 12/27/2010 4:37:31 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 11606
Description =

Error - 12/27/2010 4:37:31 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 11606
Description =

Error - 12/27/2010 4:37:31 AM | Computer Name = NICKS_LAPTOP | Source = MsiInstaller | ID = 1024
Description =

[ Media Center Events ]
Error - 10/6/2009 8:02:10 PM | Computer Name = NICKS_LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/2/2010 1:31:42 PM | Computer Name = NICKS_LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/17/2010 9:44:05 PM | Computer Name = NICKS_LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 9:13:17 PM | Computer Name = NICKS_LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

The other file.

OTL logfile created on: 2/6/2011 6:47:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\CHEIF\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.20 Gb Total Space | 206.18 Gb Free Space | 71.79% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: NICKS_LAPTOP | User Name: CHEIF | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/23 13:22:40 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/23 13:22:40 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/23 13:22:40 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/09/19 19:43:50 | 000,061,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/07/06 15:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F C6 5D 01 1E 0A 01 4F 91 39 5D 9B 7B 1D DB 03 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F C6 5D 01 1E 0A 01 4F 91 39 5D 9B 7B 1D DB 03 [binary data]

IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/01/31 21:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions
[2011/01/26 23:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable
[2011/01/26 23:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

O1 HOSTS File: ([2011/01/26 21:28:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Azada/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://media.keytrain.com/player/IE/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Azada/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\CHEIF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CHEIF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 18:35:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/05 00:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/04 21:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/02/03 23:24:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/03 23:23:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/03 23:12:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/03 22:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/03 22:08:25 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/03 22:08:25 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/03 22:08:23 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/03 22:08:23 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/03 22:08:22 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/03 22:08:12 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/03 22:08:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/03 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/03 22:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/03 21:29:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/03 21:29:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/03 21:29:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/01 23:17:22 | 000,000,000 | ---D | C] -- C:\ebc0a97224a0f48ac06673a2
[2011/02/01 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\Desktop\VS Revo Group
[2011/02/01 22:27:31 | 000,000,000 | ---D | C] -- C:\dda168cf5641c6984a74996db66a
[2011/01/31 23:09:14 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\Desktop\Malwarebytes' Anti-Malware
[2011/01/31 21:52:42 | 000,000,000 | ---D | C] -- C:\416531a0f9b195f465ec
[2011/01/29 22:32:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/29 20:39:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/28 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/01/28 20:30:02 | 000,000,000 | R--D | C] -- C:\Users\CHEIF\Desktop\VISta Repair
[2011/01/26 23:07:25 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\AppData\Roaming\Mozilla
[2011/01/26 21:40:13 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/01/26 21:13:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/26 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2011/01/26 20:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/26 20:00:27 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/01/25 23:58:42 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\AppData\Roaming\Malwarebytes
[2011/01/25 23:58:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/25 23:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/25 23:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/25 23:58:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/25 23:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/25 23:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

========== Files - Modified Within 30 Days ==========

[2011/02/06 18:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/06 18:40:27 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/06 18:40:27 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/06 18:34:13 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/02/06 18:33:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 18:33:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/02/06 17:39:04 | 000,932,288 | ---- | M] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/03 22:08:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/03 22:08:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/03 19:51:28 | 004,263,406 | R--- | M] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2011/02/03 19:50:08 | 058,833,152 | ---- | M] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2011/01/31 23:09:17 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 21:07:41 | 000,003,180 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110131_210729.reg
[2011/01/31 19:26:12 | 000,624,128 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.com
[2011/01/31 17:14:46 | 000,720,344 | ---- | M] () -- C:\Users\CHEIF\Desktop\rkill.com
[2011/01/30 18:38:24 | 000,624,640 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.pif
[2011/01/29 22:32:16 | 237,733,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/28 22:27:37 | 000,144,037 | ---- | M] () -- C:\MGlogs.zip
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.scr
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/01/28 17:40:04 | 000,080,384 | ---- | M] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/01/28 17:39:12 | 000,296,448 | ---- | M] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe
[2011/01/28 17:37:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/26 23:32:35 | 000,309,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/26 23:06:12 | 000,005,846 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110126_230552.reg
[2011/01/26 22:10:25 | 000,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat
[2011/01/26 21:28:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/26 21:01:12 | 000,006,648 | ---- | M] () -- C:\Users\CHEIF\AppData\Local\d3d9caps.dat
[2011/01/25 22:25:20 | 000,001,308 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110125_222200.reg
[2011/01/25 18:06:43 | 000,113,536 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110125_180541.reg
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/07 21:45:43 | 000,000,943 | ---- | M] () -- C:\Users\CHEIF\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 19:06:45 | 000,000,104 | ---- | M] () -- C:\Users\CHEIF\Desktop\Control Panel - Shortcut.lnk
[2011/01/07 18:54:10 | 000,107,520 | ---- | M] () -- C:\Windows\System32\umstartup.etl

========== Files Created - No Company Name ==========

[2011/02/06 17:44:47 | 000,932,288 | ---- | C] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/03 22:08:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/03 21:29:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/03 21:29:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/03 21:29:27 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/03 21:29:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/03 21:29:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/03 21:19:32 | 058,833,152 | ---- | C] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2011/02/03 21:00:06 | 004,263,406 | R--- | C] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2011/02/01 22:07:45 | 000,624,128 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.com
[2011/02/01 20:54:46 | 000,624,640 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.pif
[2011/02/01 20:51:22 | 000,624,128 | ---- | C] () -- C:\dds.scr
[2011/01/31 23:23:28 | 000,296,448 | ---- | C] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe
[2011/01/31 23:13:08 | 000,080,384 | ---- | C] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/01/31 23:09:17 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 21:07:33 | 000,003,180 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110131_210729.reg
[2011/01/31 17:18:09 | 000,720,344 | ---- | C] () -- C:\Users\CHEIF\Desktop\rkill.com
[2011/01/29 23:41:46 | 000,624,128 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.scr
[2011/01/29 22:31:58 | 237,733,933 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/28 00:04:59 | 000,144,037 | ---- | C] () -- C:\MGlogs.zip
[2011/01/28 00:04:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/28 00:04:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/26 23:05:56 | 000,005,846 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110126_230552.reg
[2011/01/26 21:34:38 | 000,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
[2011/01/25 22:25:12 | 000,001,308 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110125_222200.reg
[2011/01/25 18:05:45 | 000,113,536 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110125_180541.reg
[2011/01/07 19:06:45 | 000,000,104 | ---- | C] () -- C:\Users\CHEIF\Desktop\Control Panel - Shortcut.lnk
[2010/11/28 13:17:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/08 22:54:48 | 000,006,648 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\d3d9caps.dat
[2009/04/27 16:48:10 | 000,001,372 | ---- | C] () -- C:\Users\CHEIF\AppData\Roaming\wklnhst.dat
[2009/04/07 18:21:17 | 000,029,184 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\QSwitch.txt
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\DSwitch.txt
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\AtStart.txt
[2009/03/15 14:20:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/15 14:20:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/15 14:19:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/15 14:19:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/15 14:17:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 14:16:57 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 14:10:22 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 14:05:26 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 14:03:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 14:02:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/10/29 16:34:23 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\AVG10
[2010/12/25 20:03:39 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Big Fish Games
[2010/01/04 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\DriverCure
[2010/03/28 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Facebook
[2009/04/23 00:09:22 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\LimeWire
[2010/12/25 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\SpinTop
[2009/04/27 16:49:05 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Template
[2010/12/25 01:29:15 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\WildTangent
[2011/02/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/01/07 16:30:17 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/01/06 18:28:02 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2011/02/03 23:28:17 | 000,010,060 | ---- | M] () -- C:\after avast combo log.txt
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2011/02/03 23:24:04 | 000,010,060 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/28 22:27:37 | 000,144,037 | ---- | M] () -- C:\MGlogs.zip
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/06 18:43:46 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/07 21:45:43 | 000,000,286 | -HS- | M] () -- C:\Users\CHEIF\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/29 16:16:28 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\CHEIF\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2011/02/03 19:51:28 | 004,263,406 | R--- | M] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2010/11/28 13:02:54 | 012,461,624 | ---- | M] () -- C:\Users\CHEIF\Desktop\epson12220.exe
[2010/11/28 13:14:49 | 021,361,976 | ---- | M] () -- C:\Users\CHEIF\Desktop\epson13451.exe
[2011/01/28 17:37:02 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\john sec.exe
[2011/01/28 17:40:04 | 000,080,384 | ---- | M] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/02/06 17:39:04 | 000,932,288 | ---- | M] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/03 19:50:08 | 058,833,152 | ---- | M] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2010/07/17 23:26:13 | 006,259,064 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\Silverlight.exe
[2011/01/28 17:37:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 17:39:12 | 000,296,448 | ---- | M] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/03 19:22:19 | 000,000,402 | -HS- | M] () -- C:\Users\CHEIF\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/06 18:34:13 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/03/15 14:20:13 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/10/23 14:10:40 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/15 14:19:19 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/10/23 14:05:13 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/15 14:17:30 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 14:19:52 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/10/23 14:03:34 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/23 14:10:12 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/15 14:20:23 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

 

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:ECE19DD1

< End of report >
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/23 13:22:40 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/23 13:22:40 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/23 13:22:40 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/09/19 19:43:50 | 000,061,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/07/06 15:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F C6 5D 01 1E 0A 01 4F 91 39 5D 9B 7B 1D DB 03 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F C6 5D 01 1E 0A 01 4F 91 39 5D 9B 7B 1D DB 03 [binary data]

IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/01/31 21:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions
[2011/01/26 23:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable
[2011/01/26 23:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

O1 HOSTS File: ([2011/01/26 21:28:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Azada/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://media.keytrain.com/player/IE/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Azada/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\CHEIF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CHEIF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 18:35:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/05 00:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/04 21:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/02/03 23:24:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/03 23:23:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/03 23:12:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/03 22:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/03 22:08:25 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/03 22:08:25 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/03 22:08:23 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/03 22:08:23 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/03 22:08:22 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/03 22:08:12 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/03 22:08:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/03 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/03 22:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/03 21:29:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/03 21:29:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/03 21:29:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/01 23:17:22 | 000,000,000 | ---D | C] -- C:\ebc0a97224a0f48ac06673a2
[2011/02/01 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\Desktop\VS Revo Group
[2011/02/01 22:27:31 | 000,000,000 | ---D | C] -- C:\dda168cf5641c6984a74996db66a
[2011/02/01 22:23:49 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\john sec.exe
[2011/01/31 23:09:14 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\Desktop\Malwarebytes' Anti-Malware
[2011/01/31 21:52:42 | 000,000,000 | ---D | C] -- C:\416531a0f9b195f465ec
[2011/01/29 22:32:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/29 20:39:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/28 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/01/28 20:30:02 | 000,000,000 | R--D | C] -- C:\Users\CHEIF\Desktop\VISta Repair
[2011/01/26 23:07:25 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\AppData\Roaming\Mozilla
[2011/01/26 21:40:13 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/01/26 21:13:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/26 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2011/01/26 20:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/26 20:00:27 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/01/25 23:58:42 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\AppData\Roaming\Malwarebytes
[2011/01/25 23:58:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/25 23:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/25 23:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/25 23:58:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/25 23:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/25 23:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

========== Files - Modified Within 30 Days ==========

[2011/02/06 18:50:19 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/06 18:50:19 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/06 18:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/06 18:34:13 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/02/06 18:33:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 18:33:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/02/06 17:39:04 | 000,932,288 | ---- | M] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/03 22:08:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/03 22:08:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/03 19:51:28 | 004,263,406 | R--- | M] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2011/02/03 19:50:08 | 058,833,152 | ---- | M] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2011/01/31 23:09:17 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 21:07:41 | 000,003,180 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110131_210729.reg
[2011/01/31 19:26:12 | 000,624,128 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.com
[2011/01/31 17:14:46 | 000,720,344 | ---- | M] () -- C:\Users\CHEIF\Desktop\rkill.com
[2011/01/30 18:38:24 | 000,624,640 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.pif
[2011/01/29 22:32:16 | 237,733,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/28 22:27:37 | 000,144,037 | ---- | M] () -- C:\MGlogs.zip
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.scr
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/01/28 17:40:04 | 000,080,384 | ---- | M] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/01/28 17:39:12 | 000,296,448 | ---- | M] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe
[2011/01/28 17:37:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 17:37:02 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\john sec.exe
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/26 23:32:35 | 000,309,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/26 23:06:12 | 000,005,846 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110126_230552.reg
[2011/01/26 22:10:25 | 000,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat
[2011/01/26 21:28:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/26 21:01:12 | 000,006,648 | ---- | M] () -- C:\Users\CHEIF\AppData\Local\d3d9caps.dat
[2011/01/25 22:25:20 | 000,001,308 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110125_222200.reg
[2011/01/25 18:06:43 | 000,113,536 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110125_180541.reg
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/07 21:45:43 | 000,000,943 | ---- | M] () -- C:\Users\CHEIF\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 19:06:45 | 000,000,104 | ---- | M] () -- C:\Users\CHEIF\Desktop\Control Panel - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/02/06 17:44:47 | 000,932,288 | ---- | C] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/03 22:08:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/03 21:29:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/03 21:29:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/03 21:29:27 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/03 21:29:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/03 21:29:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/03 21:19:32 | 058,833,152 | ---- | C] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2011/02/03 21:00:06 | 004,263,406 | R--- | C] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2011/02/01 22:07:45 | 000,624,128 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.com
[2011/02/01 20:54:46 | 000,624,640 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.pif
[2011/02/01 20:51:22 | 000,624,128 | ---- | C] () -- C:\dds.scr
[2011/01/31 23:23:28 | 000,296,448 | ---- | C] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe
[2011/01/31 23:13:08 | 000,080,384 | ---- | C] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/01/31 23:09:17 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 21:07:33 | 000,003,180 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110131_210729.reg
[2011/01/31 17:18:09 | 000,720,344 | ---- | C] () -- C:\Users\CHEIF\Desktop\rkill.com
[2011/01/29 23:41:46 | 000,624,128 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.scr
[2011/01/29 22:31:58 | 237,733,933 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/28 00:04:59 | 000,144,037 | ---- | C] () -- C:\MGlogs.zip
[2011/01/28 00:04:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/28 00:04:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/26 23:05:56 | 000,005,846 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110126_230552.reg
[2011/01/26 21:34:38 | 000,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
[2011/01/25 22:25:12 | 000,001,308 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110125_222200.reg
[2011/01/25 18:05:45 | 000,113,536 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110125_180541.reg
[2011/01/07 19:06:45 | 000,000,104 | ---- | C] () -- C:\Users\CHEIF\Desktop\Control Panel - Shortcut.lnk
[2010/11/28 13:17:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/08 22:54:48 | 000,006,648 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\d3d9caps.dat
[2009/04/27 16:48:10 | 000,001,372 | ---- | C] () -- C:\Users\CHEIF\AppData\Roaming\wklnhst.dat
[2009/04/07 18:21:17 | 000,029,184 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\QSwitch.txt
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\DSwitch.txt
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\AtStart.txt
[2009/03/15 14:20:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/15 14:20:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/15 14:19:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/15 14:19:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/15 14:17:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 14:16:57 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 14:10:22 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 14:05:26 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 14:03:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 14:02:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/10/29 16:34:23 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\AVG10
[2010/12/25 20:03:39 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Big Fish Games
[2010/01/04 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\DriverCure
[2010/03/28 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Facebook
[2009/04/23 00:09:22 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\LimeWire
[2010/12/25 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\SpinTop
[2009/04/27 16:49:05 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Template
[2010/12/25 01:29:15 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\WildTangent
[2011/02/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/01/07 16:30:17 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/01/06 18:28:02 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2011/02/03 23:28:17 | 000,010,060 | ---- | M] () -- C:\after avast combo log.txt
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2011/02/03 23:24:04 | 000,010,060 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/28 22:27:37 | 000,144,037 | ---- | M] () -- C:\MGlogs.zip
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/06 18:43:46 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/07 21:45:43 | 000,000,286 | -HS- | M] () -- C:\Users\CHEIF\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/29 16:16:28 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\CHEIF\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2011/02/03 19:51:28 | 004,263,406 | R--- | M] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2010/11/28 13:02:54 | 012,461,624 | ---- | M] () -- C:\Users\CHEIF\Desktop\epson12220.exe
[2010/11/28 13:14:49 | 021,361,976 | ---- | M] () -- C:\Users\CHEIF\Desktop\epson13451.exe
[2011/01/28 17:37:02 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\john sec.exe
[2011/01/28 17:40:04 | 000,080,384 | ---- | M] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/02/06 17:39:04 | 000,932,288 | ---- | M] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/03 19:50:08 | 058,833,152 | ---- | M] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2010/07/17 23:26:13 | 006,259,064 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\Silverlight.exe
[2011/01/28 17:37:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 17:39:12 | 000,296,448 | ---- | M] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/03 19:22:19 | 000,000,402 | -HS- | M] () -- C:\Users\CHEIF\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/06 18:34:13 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/03/15 14:20:13 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/10/23 14:10:40 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/15 14:19:19 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/10/23 14:05:13 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/15 14:17:30 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 14:19:52 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/10/23 14:03:34 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/23 14:10:12 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/15 14:20:23 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:ECE19DD1

< End of report >

 

It has been running for 95 minutes and stuck at the same place. The program is trying to creqte a restore point but it won't. The restore function has been disabled along with other several other problems that caused this thing to be dumped in my lap. Would a large hammer help this thing ? LOL

 

Okay, one file generated and here it is:
OTL logfile created on: 2/8/2011 4:25:24 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\CHEIF\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.20 Gb Total Space | 203.26 Gb Free Space | 70.77% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 1.84 Gb Free Space | 24.71% Space Free | Partition Type: FAT32

Computer Name: NICKS_LAPTOP | User Name: CHEIF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 09:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/06/10 06:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/01/20 21:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/23 13:22:40 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/23 13:22:40 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/23 13:22:40 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/09/19 19:43:50 | 000,061,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/07/06 15:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F C6 5D 01 1E 0A 01 4F 91 39 5D 9B 7B 1D DB 03 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F C6 5D 01 1E 0A 01 4F 91 39 5D 9B 7B 1D DB 03 [binary data]

IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/01/31 21:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions
[2011/01/26 23:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable
[2011/01/26 23:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHEIF\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

O1 HOSTS File: ([2011/01/26 21:28:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979439865-2991328606-800905139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Azada/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://media.keytrain.com/player/IE/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Azada/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\CHEIF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CHEIF\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/13 20:07:24 | 000,000,000 | ---D | M] - F:\Autoruns -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 18:35:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/05 00:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/04 21:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/02/03 23:24:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/03 23:23:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/03 23:12:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/03 22:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/03 22:08:25 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/03 22:08:25 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/03 22:08:23 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/03 22:08:23 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/03 22:08:22 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/03 22:08:12 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/03 22:08:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/03 22:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/03 22:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/03 21:29:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/03 21:29:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/03 21:29:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/01 23:17:22 | 000,000,000 | ---D | C] -- C:\ebc0a97224a0f48ac06673a2
[2011/02/01 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\Desktop\VS Revo Group
[2011/02/01 22:27:31 | 000,000,000 | ---D | C] -- C:\dda168cf5641c6984a74996db66a
[2011/01/31 23:09:14 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\Desktop\Malwarebytes' Anti-Malware
[2011/01/31 21:52:42 | 000,000,000 | ---D | C] -- C:\416531a0f9b195f465ec
[2011/01/29 22:32:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/29 20:39:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 21:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/28 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/01/28 20:30:02 | 000,000,000 | R--D | C] -- C:\Users\CHEIF\Desktop\VISta Repair
[2011/01/26 23:07:25 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\AppData\Roaming\Mozilla
[2011/01/26 21:40:13 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/01/26 21:13:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/26 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2011/01/26 20:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/26 20:00:27 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/01/25 23:58:42 | 000,000,000 | ---D | C] -- C:\Users\CHEIF\AppData\Roaming\Malwarebytes
[2011/01/25 23:58:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/25 23:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/25 23:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/25 23:58:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/25 23:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/25 23:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

========== Files - Modified Within 30 Days ==========

[2011/02/08 16:28:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/08 16:28:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/08 16:22:37 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/02/08 16:22:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 16:22:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 16:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/08 16:22:04 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/07 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/06 17:39:04 | 000,932,288 | ---- | M] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/03 22:08:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/03 22:08:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/03 19:51:28 | 004,263,406 | R--- | M] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2011/02/03 19:50:08 | 058,833,152 | ---- | M] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2011/01/31 23:09:17 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 21:07:41 | 000,003,180 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110131_210729.reg
[2011/01/31 19:26:12 | 000,624,128 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.com
[2011/01/31 17:14:46 | 000,720,344 | ---- | M] () -- C:\Users\CHEIF\Desktop\rkill.com
[2011/01/30 18:38:24 | 000,624,640 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.pif
[2011/01/29 22:32:16 | 237,733,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/28 22:27:37 | 000,144,037 | ---- | M] () -- C:\MGlogs.zip
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\Users\CHEIF\Desktop\dds.scr
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/01/28 17:40:04 | 000,080,384 | ---- | M] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/01/28 17:39:12 | 000,296,448 | ---- | M] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe
[2011/01/28 17:37:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/26 23:32:35 | 000,309,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/26 23:06:12 | 000,005,846 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110126_230552.reg
[2011/01/26 22:10:25 | 000,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat
[2011/01/26 21:28:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/26 21:01:12 | 000,006,648 | ---- | M] () -- C:\Users\CHEIF\AppData\Local\d3d9caps.dat
[2011/01/25 22:25:20 | 000,001,308 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110125_222200.reg
[2011/01/25 18:06:43 | 000,113,536 | ---- | M] () -- C:\Users\CHEIF\Documents\cc_20110125_180541.reg
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/02/07 17:18:07 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/06 17:44:47 | 000,932,288 | ---- | C] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/03 22:08:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/03 21:29:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/03 21:29:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/03 21:29:27 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/03 21:29:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/03 21:29:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/03 21:19:32 | 058,833,152 | ---- | C] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2011/02/03 21:00:06 | 004,263,406 | R--- | C] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2011/02/01 22:07:45 | 000,624,128 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.com
[2011/02/01 20:54:46 | 000,624,640 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.pif
[2011/02/01 20:51:22 | 000,624,128 | ---- | C] () -- C:\dds.scr
[2011/01/31 23:23:28 | 000,296,448 | ---- | C] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe
[2011/01/31 23:13:08 | 000,080,384 | ---- | C] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/01/31 23:09:17 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 21:07:33 | 000,003,180 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110131_210729.reg
[2011/01/31 17:18:09 | 000,720,344 | ---- | C] () -- C:\Users\CHEIF\Desktop\rkill.com
[2011/01/29 23:41:46 | 000,624,128 | ---- | C] () -- C:\Users\CHEIF\Desktop\dds.scr
[2011/01/29 22:31:58 | 237,733,933 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/28 00:04:59 | 000,144,037 | ---- | C] () -- C:\MGlogs.zip
[2011/01/28 00:04:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/28 00:04:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/26 23:05:56 | 000,005,846 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110126_230552.reg
[2011/01/26 21:34:38 | 000,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
[2011/01/25 22:25:12 | 000,001,308 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110125_222200.reg
[2011/01/25 18:05:45 | 000,113,536 | ---- | C] () -- C:\Users\CHEIF\Documents\cc_20110125_180541.reg
[2010/11/28 13:17:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/08 22:54:48 | 000,006,648 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\d3d9caps.dat
[2009/04/27 16:48:10 | 000,001,372 | ---- | C] () -- C:\Users\CHEIF\AppData\Roaming\wklnhst.dat
[2009/04/07 18:21:17 | 000,029,184 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\QSwitch.txt
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\DSwitch.txt
[2009/04/03 19:22:43 | 000,000,000 | ---- | C] () -- C:\Users\CHEIF\AppData\Local\AtStart.txt
[2009/03/15 14:20:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/15 14:20:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/15 14:19:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/15 14:19:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/15 14:17:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 14:16:57 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 14:10:22 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 14:05:26 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 14:03:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 14:02:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/10/29 16:34:23 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\AVG10
[2010/12/25 20:03:39 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Big Fish Games
[2010/01/04 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\DriverCure
[2010/03/28 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Facebook
[2009/04/23 00:09:22 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\LimeWire
[2010/12/25 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\SpinTop
[2009/04/27 16:49:05 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\Template
[2010/12/25 01:29:15 | 000,000,000 | ---D | M] -- C:\Users\CHEIF\AppData\Roaming\WildTangent
[2011/02/07 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/01/07 16:30:17 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/01/06 18:28:02 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/02/03 23:28:17 | 000,010,060 | ---- | M] () -- C:\after avast combo log.txt
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2011/02/03 23:24:04 | 000,010,060 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/28 17:41:04 | 000,624,128 | ---- | M] () -- C:\dds.scr
[2011/02/08 16:22:04 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/28 22:27:37 | 000,144,037 | ---- | M] () -- C:\MGlogs.zip
[2011/01/28 00:04:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/08 16:22:03 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/07 21:45:43 | 000,000,286 | -HS- | M] () -- C:\Users\CHEIF\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/29 16:16:28 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\CHEIF\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2011/02/03 19:51:28 | 004,263,406 | R--- | M] () -- C:\Users\CHEIF\Desktop\combofix.exe.exe
[2010/11/28 13:02:54 | 012,461,624 | ---- | M] () -- C:\Users\CHEIF\Desktop\epson12220.exe
[2010/11/28 13:14:49 | 021,361,976 | ---- | M] () -- C:\Users\CHEIF\Desktop\epson13451.exe
[2011/01/28 17:37:02 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\john sec.exe
[2011/01/28 17:40:04 | 000,080,384 | ---- | M] () -- C:\Users\CHEIF\Desktop\MBRCheck.exe
[2011/02/06 17:39:04 | 000,932,288 | ---- | M] () -- C:\Users\CHEIF\Desktop\Norton_Removal_Tool.exe
[2011/02/06 18:28:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\OTL.exe
[2011/02/03 19:50:08 | 058,833,152 | ---- | M] () -- C:\Users\CHEIF\Desktop\setup_av_free_3.exe
[2010/07/17 23:26:13 | 006,259,064 | ---- | M] (Microsoft Corporation) -- C:\Users\CHEIF\Desktop\Silverlight.exe
[2011/01/28 17:37:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\CHEIF\Desktop\TFC.exe
[2011/01/28 17:39:12 | 000,296,448 | ---- | M] () -- C:\Users\CHEIF\Desktop\zw0mx62t.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/03 19:22:19 | 000,000,402 | -HS- | M] () -- C:\Users\CHEIF\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/08 16:22:37 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/03/15 14:20:13 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/10/23 14:10:40 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/15 14:19:19 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/10/23 14:05:13 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/15 14:17:30 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 14:19:52 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/10/23 14:03:34 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/23 14:10:12 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/15 14:20:23 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:ECE19DD1

< End of report >