Solved Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

[Resolved] Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

I have two occurrences of each of these two in files associated with MS Works. First I will post my Avira file, which detected two hidden objects.



Avira AntiVir Personal
Report file date: Monday, December 06, 2010 20:02

Scanning for 3124289 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : WORKGROUP

Version information:
BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 02:54:07
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 02:54:12
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 02:54:12
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 02:54:12
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 02:54:13
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 02:54:13
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 02:54:14
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 02:54:14
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 02:54:14
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 13:29:58
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 23:23:10
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 23:20:21
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 22:51:15
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 23:39:46
VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 23:36:29
VBASE023.VDF : 7.10.14.147 150528 Bytes 11/30/2010 23:12:50
VBASE024.VDF : 7.10.14.175 126464 Bytes 12/3/2010 22:24:43
VBASE025.VDF : 7.10.14.176 2048 Bytes 12/3/2010 22:24:44
VBASE026.VDF : 7.10.14.177 2048 Bytes 12/3/2010 22:24:44
VBASE027.VDF : 7.10.14.178 2048 Bytes 12/3/2010 22:24:44
VBASE028.VDF : 7.10.14.179 2048 Bytes 12/3/2010 22:24:44
VBASE029.VDF : 7.10.14.180 2048 Bytes 12/3/2010 22:24:44
VBASE030.VDF : 7.10.14.181 2048 Bytes 12/3/2010 22:24:44
VBASE031.VDF : 7.10.14.201 119296 Bytes 12/6/2010 01:00:52
Engineversion : 8.2.4.120
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/3/2010 01:37:17
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 22:51:24
AESBX.DLL : 8.1.3.2 254324 Bytes 11/23/2010 22:51:25
AERDL.DLL : 8.1.9.2 635252 Bytes 11/12/2010 02:54:23
AEPACK.DLL : 8.2.4.1 512375 Bytes 12/3/2010 01:37:15
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/23/2010 22:51:23
AEHEUR.DLL : 8.1.2.52 3109238 Bytes 12/3/2010 22:24:51
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/3/2010 01:37:09
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/3/2010 01:37:08
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 22:51:19
AECORE.DLL : 8.1.19.0 196984 Bytes 12/3/2010 01:37:08
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, December 06, 2010 20:02

Starting search for hidden objects.
c:\windows\explorer.exe
c:\WINDOWS\explorer.exe
[NOTE] The process is not visible.
c:\program files\synaptics\syntp\toshiba.exe
c:\Program Files\Synaptics\SynTP\Toshiba.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'SCServer.exe' - '37' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '112' Module(s) have been scanned
Scan process 'thunderbird.exe' - '76' Module(s) have been scanned
Scan process 'explorer.exe' - '110' Module(s) have been scanned
Scan process 'ivpsvmgr.exe' - '28' Module(s) have been scanned
Scan process 'alg.exe' - '31' Module(s) have been scanned
Scan process 'unsecapp.exe' - '37' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '54' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '14' Module(s) have been scanned
Scan process 'swupdtmr.exe' - '10' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'unsecapp.exe' - '36' Module(s) have been scanned
Scan process 'SeaPort.exe' - '46' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'EvtEng.exe' - '91' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '13' Module(s) have been scanned
Scan process 'aoltpspd.exe' - '22' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '41' Module(s) have been scanned
Scan process 'aoltsmon.exe' - '20' Module(s) have been scanned
Scan process 'AOLAcsd.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'RAMASST.exe' - '19' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'toscdspd.exe' - '18' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned
Scan process 'DefMgr.exe' - '25' Module(s) have been scanned
Scan process 'mswinext.exe' - '62' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '84' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '81' Module(s) have been scanned
Scan process 'Pelmiced.exe' - '29' Module(s) have been scanned
Scan process 'ICO.EXE' - '22' Module(s) have been scanned
Scan process 'avgnt.exe' - '45' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '22' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '29' Module(s) have been scanned
Scan process 'SmoothView.exe' - '17' Module(s) have been scanned
Scan process 'TPSMain.exe' - '32' Module(s) have been scanned
Scan process 'TFncKy.exe' - '26' Module(s) have been scanned
Scan process 'TvsTray.exe' - '20' Module(s) have been scanned
Scan process 'NDSTray.exe' - '69' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '19' Module(s) have been scanned
Scan process 'Ltmoh.exe' - '21' Module(s) have been scanned
Scan process 'thotkey.exe' - '33' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '173' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '79' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1177' files ).


Starting the file scan:

Begin scan in 'C:\' <SQ004013P03>


End of the scan: Monday, December 06, 2010 20:48
Used time: 45:54 Minute(s)

The scan has been done completely.

6324 Scanned directories
373531 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
373531 Files not concerned
7937 Archives were scanned
0 Warnings
0 Notes
565175 Objects were scanned with rootkit scan
2 Hidden objects were found

Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5258

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/6/2010 9:30:47 PM
mbam-log-2010-12-06 (21-30-47).txt

Scan type: Quick scan
Objects scanned: 145168
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 170):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF8B43000 \WINDOWS\system32\KDCOM.DLL
0xF8A53000 \WINDOWS\system32\BOOTVID.dll
0xF85F4000 ACPI.sys
0xF8B45000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF85E3000 pci.sys
0xF8643000 isapnp.sys
0xF8653000 ohci1394.sys
0xF8663000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8A57000 compbatt.sys
0xF8A5B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8C0B000 pciide.sys
0xF88C3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF85C5000 pcmcia.sys
0xF8673000 MountMgr.sys
0xF85A6000 ftdisk.sys
0xF8B47000 dmload.sys
0xF8580000 dmio.sys
0xF8A5F000 ACPIEC.sys
0xF8C0C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF88CB000 PartMgr.sys
0xF8683000 VolSnap.sys
0xF8568000 atapi.sys
0xF8536000 KR10N.sys
0xF851E000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF8693000 disk.sys
0xF86A3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF84FE000 fltmgr.sys
0xF84EC000 sr.sys
0xF84D6000 DRVMCDB.SYS
0xF86B3000 PxHelp20.sys
0xF84BF000 KSecDD.sys
0xF8432000 Ntfs.sys
0xF8405000 NDIS.sys
0xF83EB000 Mup.sys
0xF8713000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF86D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF83C3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF761D000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF7609000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF75E1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6F93000 \SystemRoot\system32\DRIVERS\NETwLx32.sys
0xF8963000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6F6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF896B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6F47000 \SystemRoot\system32\drivers\tifm21.sys
0xF6F33000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6F0B000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7C43000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8973000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6ED2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8B75000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF897B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7C33000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8983000 \SystemRoot\system32\drivers\pfc.sys
0xF898B000 \SystemRoot\system32\drivers\iviaspi.sys
0xF8B77000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7C23000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7C13000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6EAF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8D6F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8733000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF83A7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E98000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8743000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8753000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A03000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6E87000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8763000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A0B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A13000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8A1B000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF6E57000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8773000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B79000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6DF9000 \SystemRoot\system32\DRIVERS\update.sys
0xF7FBD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7FB9000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF8B7B000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF8793000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA19A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA176000 \SystemRoot\system32\drivers\portcls.sys
0xF87E3000 \SystemRoot\system32\drivers\drmk.sys
0xF87F3000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF8A43000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF88DB000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF8803000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xAA063000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF88FB000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8823000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8BB7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D26000 \SystemRoot\System32\Drivers\Null.SYS
0xF8BB9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8993000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF899B000 \SystemRoot\System32\drivers\vga.sys
0xF8BBB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8BBD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9AC7000 \SystemRoot\System32\Drivers\meiudf.sys
0xA9AB6000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF89AB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89A3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA9E9B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9AA3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9A4A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9A24000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA99FC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF8853000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA99DA000 \SystemRoot\System32\drivers\afd.sys
0xF8863000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF8873000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF89B3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA9918000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF89C3000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA989D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9805000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8883000 \SystemRoot\System32\Drivers\Fips.SYS
0xF89CB000 \SystemRoot\System32\Drivers\Cinemsup.SYS
0xA97E2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8BCB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA9E57000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7BE3000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xA9E3F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF89D3000 \SystemRoot\system32\DRIVERS\ADM851X.SYS
0xF89E3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF89F3000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF89EB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9899000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8723000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8903000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA9891000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xF890B000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0xF8893000 \SystemRoot\system32\DRIVERS\pelusblf.sys
0xF88A3000 \SystemRoot\system32\DRIVERS\pelmouse.sys
0xA9885000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA9662000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B6D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9E7B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF894B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8CC7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA94E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF87B3000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8D50000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA94A7000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA95EA000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF8B83000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA9910000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA948F000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA9479000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA94FA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA94DD000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xA94D5000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA911C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA93F1000 \SystemRoot\system32\drivers\sysaudio.sys
0xA90A1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA88C7000 \SystemRoot\system32\DRIVERS\srv.sys
0xA85D3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA80EA000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7D84000 \??\C:\DOCUME~1\LOUISP~1\LOCALS~1\Temp\axtcypow.sys
0xA9069000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA7D59000 \SystemRoot\system32\drivers\kmixer.sys
0xA80C6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
824 C:\WINDOWS\system32\smss.exe
1076 csrss.exe
1100 C:\WINDOWS\system32\winlogon.exe
1144 C:\WINDOWS\system32\services.exe
1156 C:\WINDOWS\system32\lsass.exe
1368 C:\WINDOWS\system32\svchost.exe
1416 svchost.exe
1560 C:\WINDOWS\system32\svchost.exe
1784 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1892 svchost.exe
2004 svchost.exe
528 C:\WINDOWS\system32\spoolsv.exe
604 C:\Program Files\Avira\AntiVir Desktop\sched.exe
908 svchost.exe
940 C:\WINDOWS\explorer.exe
1676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1684 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
1688 C:\Program Files\ltmoh\ltmoh.exe
1724 C:\WINDOWS\agrsmmsg.exe
1740 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
1744 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
1756 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
1628 C:\WINDOWS\system32\TPSMain.exe
1904 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
2024 C:\TOSHIBA\IVP\ISM\pinger.exe
188 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
300 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
336 C:\WINDOWS\system32\TPSBattM.exe
436 C:\WINDOWS\system32\ico.exe
596 C:\WINDOWS\system32\PELMICED.EXE
1544 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
208 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
264 C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
288 C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
1044 C:\WINDOWS\RTHDCPL.EXE
864 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
960 C:\WINDOWS\system32\ctfmon.exe
1632 C:\WINDOWS\system32\RAMASST.exe
1960 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2060 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
2072 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
2088 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2108 aoltpspd.exe
2152 C:\WINDOWS\system32\DVDRAMSV.exe
2240 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2256 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2300 C:\Program Files\Java\jre6\bin\jqs.exe
2340 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2492 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2904 unsecapp.exe
3164 C:\WINDOWS\system32\svchost.exe
3440 C:\WINDOWS\system32\wbem\unsecapp.exe
3464 wmiprvse.exe
3544 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
3616 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
2348 alg.exe
2632 C:\WINDOWS\system32\igfxsrvc.exe
3864 C:\Documents and Settings\Louis Paul Toscano\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541080G9SA00, Rev: MB4OC60D

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!

(In order to avoid having such a large post, I will I will divide this topic into two posts).

 

2nd Post: TR/Spy.Zbot.avca; Trojan/W32.Agent.122880.AF

For assistance removing the above, I will post the GMER scan log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 23:09:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9SA00 rev.MB4OC60D
Running: gmer.exe; Driver: C:\DOCUME~1\LOUISP~1\LOCALS~1\Temp\axtcypow.sys


---- System - GMER 1.0.15 ----

SSDT F8D48516 ZwCreateKey
SSDT F8D4850C ZwCreateThread
SSDT F8D4851B ZwDeleteKey
SSDT F8D48525 ZwDeleteValueKey
SSDT F8D4852A ZwLoadKey
SSDT F8D484F8 ZwOpenProcess
SSDT F8D484FD ZwOpenThread
SSDT F8D48534 ZwReplaceKey
SSDT F8D4852F ZwRestoreKey
SSDT F8D48520 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9922620]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6F6BEBF]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35272E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3526F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35263B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E352675 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352769 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352944 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2512] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00C17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2060] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00C17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A9069400
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

 

3rd Post: TR/Spy.Zbot.avca and Trojan/W32.Agent.122880.AF

These are the DDS logs used to remove Trojan/W32.Agent.122880.AF and TR/Spy.Zbot.avca

DDS log


DDS (Ver_10-12-05.01) - NTFSx86
Run by Louis Paul Toscano at 23:48:59.34 on Mon 12/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.109 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Louis Paul Toscano\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE "
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [PdxRegCl] "c:\program files\paradox\programs\PdxRegCl.exe" /s /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [RTHDCPL] RTHDCPL.EXE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289529905093
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289530386640
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\louisp~1\applic~1\mozilla\firefox\profiles\yboiftx0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\docume~1\louisp~1\applic~1\mozilla\firefox\profiles\yboiftx0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\louisp~1\applic~1\mozilla\firefox\profiles\yboiftx0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 61960]
R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [2010-11-11 22144]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2010-11-30 6607744]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-30 1691480]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [2010-11-12 19968]

=============== Created Last 30 ================

2010-12-07 02:24:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 02:24:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 02:24:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 00:47:40 -------- d-----w- c:\program files\ACW
2010-12-02 00:58:30 -------- d-----w- c:\program files\Power Point Extracted
2010-12-01 23:47:47 -------- d-----w- c:\program files\MSECache
2010-12-01 22:24:04 388096 ----a-r- c:\docume~1\louisp~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-01 20:26:32 -------- d-----w- c:\docume~1\louisp~1\applic~1\SUPERAntiSpyware.com
2010-12-01 20:26:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-01 19:52:54 -------- d-----w- c:\program files\CCleaner
2010-12-01 04:27:28 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-01 04:26:32 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-01 04:25:59 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-01 04:25:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-01 04:25:59 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-01 04:25:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-01 04:25:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-01 04:25:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-01 04:25:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-01 04:25:59 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-01 04:25:58 -------- d-----w- C:\9774dd8aed59d0d0da304aecc8f16278
2010-12-01 04:09:01 359016 ----a-w- c:\windows\vncutil.exe
2010-12-01 04:09:01 1833576 ----a-w- c:\windows\SkyTel.exe
2010-12-01 04:08:54 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-12-01 04:08:53 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-12-01 04:08:48 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-12-01 04:08:35 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-12-01 04:08:03 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2010-12-01 04:08:03 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2010-12-01 04:08:02 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2010-12-01 04:08:02 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2010-12-01 04:08:02 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2010-12-01 04:07:59 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2010-12-01 04:07:59 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2010-12-01 03:44:18 -------- d-----w- c:\program files\Microsoft
2010-12-01 03:44:13 -------- d-----w- c:\program files\MSN Toolbar
2010-12-01 03:43:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-12-01 03:43:21 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-12-01 03:17:34 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2010-12-01 03:17:34 6607744 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2010-12-01 03:17:34 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2010-12-01 03:16:40 -------- d-----w- c:\program files\common files\Intel
2010-12-01 02:41:17 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-12-01 02:31:41 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-12-01 02:31:28 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-12-01 02:31:25 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2010-12-01 02:31:20 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2010-12-01 02:31:11 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2010-12-01 02:31:04 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2010-12-01 02:31:03 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-12-01 02:31:03 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-12-01 02:30:37 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-12-01 02:30:36 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-12-01 02:30:08 -------- d-----w- C:\Intel
2010-12-01 02:27:57 -------- d-----w- c:\program files\SystemRequirementsLab
2010-12-01 01:44:35 -------- d-----w- c:\docume~1\louisp~1\locals~1\applic~1\Secunia PSI
2010-12-01 01:43:54 -------- d-----w- c:\program files\Secunia
2010-11-27 12:47:38 -------- d-----w- c:\docume~1\louisp~1\locals~1\applic~1\Temp
2010-11-27 08:53:47 -------- d-sha-r- C:\cmdcons
2010-11-27 08:37:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-24 07:14:37 -------- d-----w- c:\docume~1\louisp~1\applic~1\Malwarebytes
2010-11-24 07:14:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-24 06:17:25 -------- d-----w- c:\program files\Trend Micro
2010-11-24 05:24:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-24 04:35:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-24 04:28:01 -------- d-----w- c:\program files\ewido anti-spyware 4.0
2010-11-24 03:49:07 -------- d-----w- c:\program files\ewido anti-malware
2010-11-16 13:31:36 -------- d-----w- c:\windows\system32\NtmsData
2010-11-16 02:37:51 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-14 20:06:11 -------- d-----w- c:\windows\pss
2010-11-14 17:08:53 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-11-14 17:08:53 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-11-14 17:08:52 133616 ------w- c:\windows\system32\pxafs.dll
2010-11-14 17:05:44 -------- d-----w- c:\program files\Universal Extractor
2010-11-14 16:52:50 -------- d-----w- c:\docume~1\louisp~1\applic~1\Philipp Winterberg
2010-11-14 07:21:08 -------- d-----w- c:\docume~1\louisp~1\locals~1\applic~1\Ahead
2010-11-14 07:02:17 2146304 ------w- c:\windows\UNNMP.exe
2010-11-14 06:59:45 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-11-14 06:58:25 24064 ------w- c:\windows\system32\msxml3a.dll
2010-11-14 06:58:25 2023424 ------w- c:\windows\UNNeroVision.exe
2010-11-14 06:57:54 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-11-14 06:57:54 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-11-14 06:57:54 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-11-14 06:57:54 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-11-14 06:57:53 38912 ------w- c:\windows\system32\picn20.dll
2010-11-14 06:57:53 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-11-14 06:57:53 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-11-14 06:46:18 -------- d-----w- c:\program files\common files\Sonic
2010-11-14 06:44:38 -------- d-----w- c:\program files\common files\Sonic Shared
2010-11-13 04:43:15 -------- d-----w- c:\program files\SpywareBlaster
2010-11-13 04:42:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 04:42:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-13 01:49:23 -------- d-----w- c:\docume~1\louisp~1\applic~1\Office Genuine Advantage
2010-11-12 23:32:06 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-11-12 23:31:52 -------- d-----w- c:\program files\common files\xing shared
2010-11-12 23:31:39 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-11-12 23:31:34 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-11-12 23:21:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 23:21:48 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-12 21:05:59 508448 ------w- c:\windows\system32\pvdt40.ocx
2010-11-12 21:05:59 28672 ------w- c:\windows\system32\PlugFile.dll
2010-11-12 21:05:59 192272 ------w- c:\windows\system32\MCI32.OCX
2010-11-12 21:05:59 1113088 ------w- c:\windows\system32\Webster.ocx
2010-11-12 21:05:58 210944 ------w- c:\windows\system32\Msvcrt10.dll
2010-11-12 21:05:38 -------- d-----w- c:\program files\Rand McNally
2010-11-12 21:00:59 -------- d-----w- C:\palm
2010-11-12 21:00:48 -------- d-----w- c:\program files\Synergy Solutions, Inc
2010-11-12 20:57:58 -------- d-----w- c:\program files\Documents To Go
2010-11-12 20:49:56 7812 ----a-w- c:\windows\system32\visorusb.dll
2010-11-12 20:49:56 19968 ----a-w- c:\windows\system32\drivers\VisorUsb.sys
2010-11-12 20:49:53 -------- d-----w- c:\program files\Palm
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-11-12 20:46:26 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-12 20:45:08 -------- d-----w- c:\docume~1\louisp~1\locals~1\applic~1\Apple
2010-11-12 20:44:41 -------- d-----w- c:\docume~1\louisp~1\locals~1\applic~1\Apple Computer
2010-11-12 20:27:30 -------- d-----w- c:\windows\system32\Adobe
2010-11-12 13:14:48 -------- d-----w- c:\docume~1\louisp~1\applic~1\Smart Panel
2010-11-12 05:46:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-11-12 05:44:40 -------- d-----w- c:\windows\system32\LogFiles
2010-11-12 05:28:58 -------- d-----w- c:\docume~1\louisp~1\applic~1\Avira
2010-11-12 04:51:49 -------- d-----w- c:\program files\MSXML 4.0
2010-11-12 04:47:17 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-12 04:46:44 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-12 04:46:44 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-12 04:46:43 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-12 04:46:28 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-12 04:45:18 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-12 04:45:14 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-12 04:44:41 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-12 04:43:00 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-12 04:41:52 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-12 04:41:52 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-12 04:41:39 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-12 04:40:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-12 04:37:50 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-12 04:37:47 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-12 04:36:40 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-12 04:36:36 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-12 03:46:43 -------- d-----w- c:\windows\system32\scripting
2010-11-12 03:46:42 -------- d-----w- c:\windows\l2schemas
2010-11-12 03:46:41 -------- d-----w- c:\windows\system32\en
2010-11-12 03:46:41 -------- d-----w- c:\windows\system32\bits
2010-11-12 03:43:05 -------- d-----w- c:\windows\ServicePackFiles
2010-11-12 03:40:27 -------- d-----w- c:\windows\network diagnostic
2010-11-12 03:28:37 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-11-12 03:13:25 20352 ----a-w- c:\windows\system32\drivers\hidbatt.sys
2010-11-12 03:13:21 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-12 03:13:13 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-12 03:13:13 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-12 03:13:10 -------- d-----w- c:\windows\system32\PreInstall
2010-11-12 03:13:05 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-12 03:05:14 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-12 03:05:13 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-12 02:52:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-12 02:52:37 -------- d-----w- c:\program files\Avira
2010-11-12 02:52:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-12 02:47:22 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-12 02:47:22 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-12 02:47:22 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-12 02:47:22 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-12 02:47:22 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-12 02:04:51 -------- d-----w- c:\program files\Paradox Runtime
2010-11-12 02:04:12 -------- d-----w- c:\windows\Downloaded Installations
2010-11-12 02:02:51 -------- d-----w- c:\program files\Paradox
2010-11-12 02:01:39 77824 ----a-w- c:\windows\system32\LLClientMiddleWare2.dll
2010-11-12 02:01:39 36864 ----a-w- c:\windows\system32\LLInstances2.dll
2010-11-12 02:01:39 32768 ----a-w- c:\windows\system32\XLLDFRequest2.dll
2010-11-12 02:01:39 32768 ----a-w- c:\windows\system32\LLClasses2.dll
2010-11-12 02:01:38 40448 ----a-w- c:\windows\system32\regobj.dll
2010-11-12 02:01:38 137000 ----a-w- c:\windows\system32\Msmapi32.ocx
2010-11-12 02:01:37 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-11-12 02:01:37 -------- d-----w- c:\program files\WordPerfect OfficeReady 1.5
2010-11-12 01:59:09 65536 ----a-r- c:\docume~1\louisp~1\applic~1\microsoft\installer\{f428d0fb-765d-40eb-bdd8-a1e7f5c597fa}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-11-12 01:56:26 -------- d-----w- c:\program files\WordPerfect Office X3
2010-11-12 01:56:26 -------- d-----w- c:\program files\common files\Corel
2010-11-12 01:56:26 -------- d-----w- c:\program files\common files\Borland Shared
2010-11-12 01:56:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2010-11-12 01:56:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Borland
2010-11-12 01:45:22 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-11-12 01:44:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\UDL
2010-11-12 01:44:19 -------- d-----w- c:\program files\Epson Software
2010-11-12 01:44:00 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL
2010-11-12 01:44:00 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL
2010-11-12 01:43:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-12 01:42:49 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-12 01:41:13 80024 ----a-w- c:\windows\system32\PICSDK.dll
2010-11-12 01:41:13 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
2010-11-12 01:41:13 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
2010-11-12 01:41:13 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2010-11-12 01:41:13 108704 ----a-w- c:\windows\system32\PICEntry.dll
2010-11-12 01:40:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-11-12 01:40:46 71680 ----a-w- c:\windows\system32\escwiad.dll
2010-11-12 01:35:14 163840 ----a-w- c:\windows\system32\PhotoImpression Screen Saver.scr
2010-11-12 01:33:39 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-11-12 01:33:24 708696 ----a-w- c:\windows\system32\python21.dll
2010-11-12 01:33:24 57344 ----a-w- c:\windows\system32\PyWinTypes21.dll
2010-11-12 01:33:24 290919 ----a-w- c:\windows\system32\pythoncom21.dll
2010-11-12 01:33:22 -------- d-----w- c:\program files\common files\Python
2010-11-12 01:31:26 96768 ----a-w- c:\windows\SlantAdj.dll
2010-11-12 01:31:26 73216 ----a-w- c:\windows\ADE.DLL
2010-11-12 01:31:26 3136 ----a-w- c:\windows\Ade001.bin
2010-11-12 01:30:55 -------- d-----w- c:\program files\Smart Panel
2010-11-12 01:30:35 176128 ----a-w- c:\windows\system32\ESWIA30.dll
2010-11-12 01:30:34 64000 ----a-w- c:\windows\system32\ESFW30.BIN
2010-11-12 01:30:34 278528 ----a-w- c:\windows\system32\esint30.dll
2010-11-12 01:30:33 217088 ----a-w- c:\windows\system32\ESDTR.dll
2010-11-12 01:30:32 -------- d-----w- c:\program files\EPSON
2010-11-12 01:26:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-12 00:41:48 -------- d-----w- c:\docume~1\louisp~1\locals~1\applic~1\Thunderbird
2010-11-12 00:27:50 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-12 00:19:45 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2010-11-12 00:19:44 94263 ----a-w- c:\windows\DLA.EXE
2010-11-12 00:19:44 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2010-11-12 00:19:44 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2010-11-12 00:19:44 5628 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2010-11-12 00:19:44 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2010-11-12 00:19:44 -------- d-----w- c:\windows\system32\DLA
2010-11-12 00:19:27 48128 ----a-w- c:\windows\system32\mpgvideo.ax
2010-11-12 00:19:27 47616 ----a-w- c:\windows\system32\mpgaudio.ax
2010-11-12 00:19:27 192512 ----a-w- c:\windows\system32\AdavVideoDec.dll
2010-11-12 00:19:27 126976 ----a-w- c:\windows\system32\AdavAudioDec.dll
2010-11-12 00:19:27 110592 ----a-w- c:\windows\system32\ArcSpl.ax
2010-11-12 00:17:16 212480 ----a-w- c:\windows\pcdlib32.dll
2010-11-12 00:17:13 139264 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr
2010-11-12 00:16:46 69632 ----a-w- c:\windows\system32\MCSysUtil.dll
2010-11-12 00:16:46 50176 ----a-w- c:\windows\system32\CSH.DLL
2010-11-12 00:16:46 4528 ----a-r- c:\windows\system32\SETBROWS.EXE
2010-11-12 00:16:46 163840 ----a-w- c:\windows\system32\MCCoreUtil.dll
2010-11-12 00:16:46 135168 ----a-w- c:\windows\system32\XML30Lib.dll
2010-11-12 00:16:45 -------- d-----w- c:\program files\Metamail Inc
2010-11-10 17:49:36 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-10 17:49:36 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-11-03 00:36:50 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 00:36:38 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 00:36:38 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 00:36:26 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 00:36:02 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-03 00:35:52 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 00:35:40 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-03 00:35:40 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 00:35:40 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-10-28 15:46:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

============= FINISH: 23:50:39.28 ===============

Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2010 7:27:20 PM
System Uptime: 12/6/2010 9:10:45 PM (2 hours ago)

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 60.263 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP21: 12/3/2010 1:09:26 PM - System Checkpoint
RP22: 12/3/2010 7:33:33 PM - DirectXAttempt
RP23: 12/3/2010 7:33:33 PM - DirectXAttempt
RP24: 12/6/2010 3:17:14 AM - System Checkpoint
RP25: 12/6/2010 6:10:15 AM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Software Suite
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
Documents To Go 2.00
DVD-RAM Driver
EPSON Copy Utility
Epson Easy Photo Print 2
EPSON NX300 Series Printer Uninstall
EPSON PERF 1670 Guide
EPSON Photo Print
EPSON Scan
EPSON Smart Panel
F5U216 Ver2.11
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Install SimpleSketch
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java Auto Updater
Java(TM) 6 Update 22
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Metamail (Toshiba Registration Utility)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mouse Suite
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.6)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyConnect Special Offer
Nero Suite
Office 2003 Trial Assistant
OGA Notifier 2.0.0048.0
Palm Desktop
Paradox
Paradox Runtime
Presto! BizCard 4.1 Eng
Pure Networks Port Magic
Quicken 2006
QuickTime
Rand McNally StreetFinder Deluxe 2000
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
sat_screensaver_30mb
ScanToWeb
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SimpleSketch
Sonic CinePlayer
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Universal Extractor 1.6.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
Update Manager
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office X3
WordPerfect OfficeReady
Yahoo! Music Engine

==== Event Viewer Messages From Past Week ========

12/6/2010 9:40:45 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/6/2010 3:33:06 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFCLOC. Reference error message: Insufficient system resources exist to complete the requested service. .
12/6/2010 3:33:06 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll. Reference error message: The operation completed successfully. .
12/6/2010 3:17:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'content' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/3/2010 6:19:03 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
12/3/2010 6:19:02 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
12/3/2010 6:18:52 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
12/3/2010 1:26:36 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
12/3/2010 1:09:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'E_S6DDC.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/1/2010 7:30:43 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'change.log' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
12/1/2010 2:57:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/1/2010 2:57:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Cinemsup Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
12/1/2010 2:57:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 2:57:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 2:57:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 2:57:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2010 2:57:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2010 2:14:07 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
12/1/2010 1:51:53 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2010 1:51:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
11/30/2010 10:42:57 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
11/30/2010 10:42:57 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
11/30/2010 10:42:57 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
11/30/2010 10:17:43 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
11/30/2010 10:06:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
11/30/2010 10:06:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL. Reference error message: The operation completed successfully. .
11/30/2010 10:06:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
11/29/2010 12:11:26 AM, error: Service Control Manager [7034] - The TOSHIBA Application Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:26 AM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:26 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:26 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:26 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/29/2010 12:11:25 AM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:25 AM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:25 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:21 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 12:11:21 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

broni, sorry for making three posts. I had already sent the first one before I realized that one more would not be large enough. For markmadras' benefit, I had to run MBRCheck in the same way you specified how to run Rkill, right clicking and choosing to run as administrator. In fact, I had to establish a password since MBR would not run without it. Anyway, the log file for ComboFix follows. I will not know how well it works until I leave the computer unattended for a while, since that is when the corrupted program boxes pop up.

ComboFix 10-12-07.01 - Louis Paul Toscano 12/07/2010 22:05:22.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.202 [GMT -5:00]
Running from: c:\documents and settings\Louis Paul Toscano\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-07 02:24 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 02:24 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 02:24 . 2010-12-07 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 00:47 . 2010-12-04 00:47 -------- d-----w- c:\program files\ACW
2010-12-02 00:58 . 2010-12-02 00:58 -------- d-----w- c:\program files\Power Point Extracted
2010-12-01 23:47 . 2010-12-01 23:47 -------- d-----w- c:\program files\MSECache
2010-12-01 20:26 . 2010-12-01 20:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-01 19:52 . 2010-12-01 19:52 -------- d-----w- c:\program files\CCleaner
2010-12-01 04:27 . 2010-12-01 04:27 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-01 04:27 . 2010-12-01 04:27 -------- d-----w- c:\program files\MSBuild
2010-12-01 04:26 . 2010-12-01 04:26 -------- d-----w- c:\program files\Reference Assemblies
2010-12-01 04:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-01 04:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-01 04:25 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-01 04:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-01 04:25 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-01 04:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-01 04:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-01 04:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-01 04:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-01 04:25 . 2010-12-01 04:26 -------- d-----w- C:\9774dd8aed59d0d0da304aecc8f16278
2010-12-01 04:09 . 2010-11-03 00:36 359016 ----a-w- c:\windows\vncutil.exe
2010-12-01 04:09 . 2010-11-03 00:36 1833576 ----a-w- c:\windows\SkyTel.exe
2010-12-01 04:08 . 2010-11-03 00:36 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-12-01 04:08 . 2010-11-03 00:36 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-12-01 04:08 . 2009-11-18 12:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-12-01 04:08 . 2009-11-18 12:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-12-01 04:08 . 2006-02-07 20:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-12-01 04:08 . 2006-02-07 20:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-12-01 04:08 . 2006-02-07 20:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-01 04:08 . 2006-02-07 20:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-01 04:08 . 2005-11-14 04:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-01 04:07 . 2010-12-01 04:07 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-01 04:07 . 2010-12-01 04:07 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-12-01 03:44 . 2010-12-01 03:44 -------- d-----w- c:\program files\Microsoft
2010-12-01 03:44 . 2010-12-01 03:44 -------- d-----w- c:\program files\MSN Toolbar
2010-12-01 03:43 . 2010-12-01 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-12-01 03:43 . 2010-12-01 03:44 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-12-01 03:18 . 2010-12-01 03:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-12-01 03:18 . 2010-12-01 03:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-12-01 03:17 . 2010-08-16 12:26 6607744 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2010-12-01 03:17 . 2010-02-24 22:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2010-12-01 03:17 . 2010-02-24 22:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2010-12-01 03:16 . 2010-12-01 03:16 -------- d-----w- c:\program files\Common Files\Intel
2010-12-01 02:41 . 2008-02-15 17:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-12-01 02:31 . 2008-02-15 18:12 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-12-01 02:31 . 2008-02-15 18:12 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-12-01 02:31 . 2008-02-15 18:12 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2010-12-01 02:31 . 2008-02-15 18:12 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2010-12-01 02:31 . 2008-02-15 18:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2010-12-01 02:31 . 2008-02-15 18:12 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2010-12-01 02:31 . 2008-02-15 17:49 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-12-01 02:31 . 2008-02-15 17:49 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-12-01 02:30 . 2006-11-10 13:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-12-01 02:30 . 2008-03-07 17:56 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-12-01 02:30 . 2010-12-01 02:30 -------- d-----w- C:\Intel
2010-12-01 02:27 . 2010-12-01 02:28 -------- d-----w- c:\program files\SystemRequirementsLab
2010-12-01 01:43 . 2010-12-01 01:43 -------- d-----w- c:\program files\Secunia
2010-11-27 08:37 . 2010-11-27 08:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-27 08:37 . 2010-11-27 08:37 -------- d-----w- c:\program files\Java
2010-11-24 07:14 . 2010-11-24 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-24 06:17 . 2010-11-24 06:17 -------- d-----w- c:\program files\Trend Micro
2010-11-24 05:24 . 2010-11-24 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-24 04:28 . 2010-11-24 04:56 -------- d-----w- c:\program files\ewido anti-spyware 4.0
2010-11-24 03:49 . 2010-11-24 05:12 -------- d-----w- c:\program files\ewido anti-malware
2010-11-16 13:31 . 2010-12-07 01:43 -------- d-----w- c:\windows\system32\NtmsData
2010-11-16 02:37 . 2010-11-16 02:37 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-14 17:08 . 2009-06-22 19:00 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-11-14 17:08 . 2009-06-22 19:00 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-11-14 17:08 . 2009-06-23 19:48 133616 ------w- c:\windows\system32\pxafs.dll
2010-11-14 17:05 . 2010-11-14 17:06 -------- d-----w- c:\program files\Universal Extractor
2010-11-14 07:02 . 2004-09-13 13:17 2146304 ------w- c:\windows\UNNMP.exe
2010-11-14 06:59 . 2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-11-14 06:58 . 2004-07-26 18:09 2023424 ------w- c:\windows\UNNeroVision.exe
2010-11-14 06:58 . 2001-03-08 23:30 24064 ------w- c:\windows\system32\msxml3a.dll
2010-11-14 06:57 . 2010-11-14 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-11-14 06:57 . 2004-07-20 21:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-11-14 06:57 . 2004-07-20 21:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-11-14 06:57 . 2004-07-20 21:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-11-14 06:57 . 2004-07-09 13:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-11-14 06:57 . 2004-07-20 21:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-11-14 06:57 . 2001-06-26 12:15 38912 ------w- c:\windows\system32\picn20.dll
2010-11-14 06:57 . 2000-06-26 15:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-11-14 06:57 . 2010-11-14 06:59 -------- d-----w- c:\program files\Common Files\Ahead
2010-11-14 06:57 . 2010-11-14 07:01 -------- d-----w- c:\program files\Ahead
2010-11-14 06:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-14 06:46 . 2010-11-14 06:46 -------- d-----w- c:\program files\Common Files\Sonic
2010-11-14 06:44 . 2010-11-14 06:45 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-11-14 06:35 . 2010-11-14 06:41 -------- d-----w- c:\program files\CyberLink
2010-11-13 17:47 . 2010-11-13 17:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-11-13 04:44 . 2010-12-07 14:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-13 04:43 . 2010-12-07 14:26 -------- d-----w- c:\program files\SpywareBlaster
2010-11-13 04:42 . 2010-12-01 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-13 04:42 . 2010-11-13 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 01:49 . 2010-11-13 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-11-12 23:31 . 2010-11-12 23:31 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-12 23:31 . 2010-11-12 23:31 -------- d-----w- c:\program files\real
2010-11-12 23:21 . 2010-11-27 08:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:05 . 1998-07-02 16:57 28672 ------w- c:\windows\system32\PlugFile.dll
2010-11-12 21:05 . 1998-06-01 13:40 508448 ------w- c:\windows\system32\pvdt40.ocx
2010-11-12 21:05 . 1998-05-06 17:23 192272 ------w- c:\windows\system32\MCI32.OCX
2010-11-12 21:05 . 1997-03-05 15:00 1113088 ------w- c:\windows\system32\Webster.ocx
2010-11-12 21:05 . 1998-05-06 17:23 210944 ------w- c:\windows\system32\Msvcrt10.dll
2010-11-12 21:05 . 2010-11-12 21:05 -------- d-----w- c:\program files\Rand McNally
2010-11-12 21:00 . 2010-11-12 21:00 -------- d-----w- C:\palm
2010-11-12 21:00 . 2010-11-12 21:00 -------- d-----w- c:\program files\Synergy Solutions, Inc
2010-11-12 20:57 . 2010-11-12 20:57 -------- d-----w- c:\program files\Documents To Go
2010-11-12 20:49 . 2000-03-17 19:11 7812 ----a-w- c:\windows\system32\visorusb.dll
2010-11-12 20:49 . 2000-03-17 19:11 19968 ----a-w- c:\windows\system32\drivers\VisorUsb.sys
2010-11-12 20:49 . 2010-11-12 21:14 -------- d-----w- c:\program files\Palm
2010-11-12 20:46 . 2010-11-12 20:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-11-12 20:45 . 2010-11-12 20:46 -------- d-----w- c:\program files\QuickTime
2010-11-12 20:45 . 2010-11-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-11-12 20:45 . 2010-11-12 20:45 -------- d-----w- c:\program files\Common Files\Apple
2010-11-12 20:45 . 2010-11-12 20:45 -------- d-----w- c:\program files\Apple Software Update
2010-11-12 20:45 . 2010-11-12 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-11-12 20:27 . 2010-11-12 20:30 -------- d-----w- c:\windows\system32\Adobe
2010-11-12 20:20 . 2010-11-27 04:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-12 20:11 . 2010-11-12 20:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-12 05:57 . 2010-11-12 05:57 -------- d-----w- c:\windows\Sun
2010-11-12 05:46 . 2010-11-12 05:46 -------- d-----w- c:\program files\Windows Media Connect 2
2010-11-12 05:44 . 2010-11-12 05:45 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-11-12 05:44 . 2010-11-12 05:44 -------- d-----w- c:\windows\system32\LogFiles
2010-11-12 05:39 . 2010-11-12 05:39 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 00:36 . 2006-01-19 21:26 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 00:36 . 2006-01-19 21:26 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 00:36 . 2006-01-19 21:26 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 00:36 . 2006-01-19 21:26 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 00:36 . 2006-01-19 21:26 6188648 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-11-03 00:36 . 2006-01-19 21:26 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-03 00:35 . 2006-01-19 21:26 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 00:35 . 2006-01-19 21:26 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-03 00:35 . 2006-01-19 21:26 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 00:35 . 2006-01-19 21:26 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-10-28 15:46 . 2006-01-19 21:25 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-01-19 18:53 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-01-19 18:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-01-19 18:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-01-19 18:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-01-19 18:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-01-19 18:53 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-01-19 18:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-01-19 18:53 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"THotkey "= "c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe "= "NDSTray.exe" [BU]
"Tvs "= "c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TFncKy "= "TFncKy.exe" [BU]
"TPSMain "= "TPSMain.exe" [2005-06-01 282624]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"QuickFinder Scheduler "= "c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"PdxRegCl "= "c:\program files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 49152]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"UpdateManager "= "c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2006-10-23 56128]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IntelZeroConfig "= "c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-19 1400832]
"IntelWireless "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]
"MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"RTHDCPL "= "RTHDCPL.EXE" [2010-11-03 19580520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-19 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk
backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Louis Paul Toscano\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\1137707962\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA30.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2010 9:52 PM 135336]
R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [11/11/2010 9:07 PM 22144]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [11/30/2010 10:17 PM 6607744]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/30/2010 11:08 PM 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [11/12/2010 3:49 PM 19968]
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1286734880-2245071080-3680907127-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1286734880-2245071080-3680907127-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\documents and settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2008)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-12-07 22:16:56
ComboFix-quarantined-files.txt 2010-12-08 03:16

Pre-Run: 64,528,060,416 bytes free
Post-Run: 64,535,347,200 bytes free

- - End Of File - - 409BB46CD9EA4EB4C9DFBD9CD8A63F63

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

broni, how do you want these logs? You limited me to two postings. One will not accommodate the first log since it is two big. I had to restart after the first attempt at the OTL posting since the program box corruption occurred and the Paste command did not work. I could not get back into IE7. I will try to do the Extras log here:

OTL Extras logfile created on: 12/8/2010 6:44:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Louis Paul Toscano\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 184.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 60.12 Gb Free Space | 80.93% Space Free | Partition Type: NTFS

Computer Name: WORKGROUP | User Name: Louis Paul Toscano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1137707962\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1137707962\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA30.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA30.EXE:*:Enabled:EPSON Driver Update -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Sonic CinePlayer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{601FEBB1-507A-459D-88D3-E8ED349154D9}" = SimpleSketch
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}" = WordPerfect OfficeReady
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Intel(R) PROSet/Wireless WiFi Software
"{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}" = EPSON Photo Print
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2658D01-DC92-43AB-AD6B-04852B89F3A6}" = Paradox Runtime
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D6540C25-6E4E-4DB0-B96D-989E257D9E5C}" = Paradox
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}" = F5U216 Ver2.11
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEDBE2DF-4141-44A9-8614-9832B16637E6}" = Mouse Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DocsToGo200 Uninstall" = Documents To Go 2.00
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"Silent Package Run-Time Sample" = EPSON PERF 1670 Guide
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetFinder" = Rand McNally StreetFinder Deluxe 2000
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"Universal Extractor_is1" = Universal Extractor 1.6.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Music Engine" = Yahoo! Music Engine

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Install SimpleSketch" = Install SimpleSketch
"Pilot Desktop" = Palm Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2010 10:33:17 PM | Computer Name = WORKGROUP | Source = MsiInstaller | ID = 1013
Description = Product: Intel(R) Network Connections -- The installed version of
Intel PROSet is not supported for upgrades. You must uninstall it before installing
this version.

Error - 11/30/2010 10:39:10 PM | Computer Name = WORKGROUP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17091, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 12:50:08 AM | Computer Name = WORKGROUP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17091, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 12:50:08 AM | Computer Name = WORKGROUP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17091, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 4:03:17 AM | Computer Name = WORKGROUP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
. Error code = 0x80131047

Error - 12/3/2010 8:47:48 PM | Computer Name = WORKGROUP | Source = ACW_DE | ID = 2
Description =

Error - 12/3/2010 8:48:40 PM | Computer Name = WORKGROUP | Source = ACW_DE | ID = 2
Description =

Error - 12/3/2010 11:47:27 PM | Computer Name = WORKGROUP | Source = Application Hang | ID = 1002
Description = Hanging application METAMAIL SECURE VIEWER.EXE, version 4.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2010 12:34:55 AM | Computer Name = WORKGROUP | Source = Application Error | ID = 1000
Description = Faulting application mbrcheck.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/7/2010 12:38:48 AM | Computer Name = WORKGROUP | Source = Application Error | ID = 1000
Description = Faulting application mbrcheck.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 12/1/2010 4:13:28 PM | Computer Name = WORKGROUP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 12/1/2010 4:13:28 PM | Computer Name = WORKGROUP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 12/1/2010 4:13:38 PM | Computer Name = WORKGROUP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 12/1/2010 4:13:38 PM | Computer Name = WORKGROUP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 12/1/2010 4:13:38 PM | Computer Name = WORKGROUP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 12/1/2010 5:33:12 PM | Computer Name = WORKGROUP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12/1/2010 5:33:30 PM | Computer Name = WORKGROUP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12/1/2010 6:47:51 PM | Computer Name = WORKGROUP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12/1/2010 6:48:08 PM | Computer Name = WORKGROUP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12/1/2010 8:30:43 PM | Computer Name = WORKGROUP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'change.log' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.


< End of report >

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

OTL logfile created on: 12/8/2010 6:44:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Louis Paul Toscano\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 184.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 60.12 Gb Free Space | 80.93% Space Free | Partition Type: NTFS

Computer Name: WORKGROUP | User Name: Louis Paul Toscano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 06:41:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\OTL.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 17:37:18 | 001,400,832 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/07/19 17:26:06 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/17 11:12:14 | 000,288,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 06:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEJA.EXE
PRC - [2007/04/11 13:13:04 | 000,151,552 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2006/10/23 13:54:36 | 000,056,128 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/01/05 17:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/20 14:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/11/30 15:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/02 19:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/06 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/01 00:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 23:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 19:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 03:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/18 06:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2003/10/20 12:37:58 | 000,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/08 06:41:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/16 14:51:26 | 000,114,688 | ---- | M] (ELECOM Electronics Ltd.) -- C:\WINDOWS\system32\pelscrll.dll
MOD - [2007/03/16 14:51:22 | 000,069,632 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pelhooks.dll
MOD - [2007/03/16 14:51:18 | 000,036,864 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pelcomm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/12/20 14:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2010/11/23 17:51:27 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/02 19:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/08/16 07:26:32 | 006,607,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel(R)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/19 22:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/14 10:01:06 | 000,231,424 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/17 20:08:44 | 000,018,944 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2007/04/11 17:08:08 | 000,017,920 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 14:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 13:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 05:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 03:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/10/27 16:05:10 | 000,022,144 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADM851X.sys -- (ADM851X)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000/03/17 14:11:16 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?_bc=1 "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= "
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/12 18:31:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/11/30 22:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/01 02:38:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 18:31:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 00:08:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/12 18:31:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/11 19:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Extensions
[2010/11/11 19:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/06 17:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\extensions
[2010/11/13 11:02:08 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/12/04 21:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/03 22:14:32 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\searchplugins\bing.xml
[2010/11/13 10:58:19 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\yboiftx0.default\searchplugins\free-weather-by-zip-code.xml
[2010/12/06 17:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/27 03:37:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/27 03:37:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/17 10:27:51 | 000,425,113 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14671 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PdxRegCl] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289529905093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1289530386640 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/19 15:13:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 06:41:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\OTL.exe
[2010/12/07 22:54:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/07 22:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/07 22:03:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/07 22:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/07 22:03:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/07 22:01:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/06 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Desktop\GMER
[2010/12/06 21:24:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/06 21:24:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/06 21:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/06 21:23:57 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/03 22:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\SystemRequirementsLab
[2010/12/03 19:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/12/03 18:18:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\TFC.exe
[2010/12/01 19:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Power Point Extracted
[2010/12/01 18:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/12/01 17:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/12/01 15:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\SUPERAntiSpyware.com
[2010/12/01 15:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/01 15:21:19 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\SUPERAntiSpyware.exe
[2010/12/01 15:01:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Louis Paul Toscano\Recent
[2010/12/01 14:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/01 14:29:42 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ccsetup301.exe
[2010/12/01 14:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/30 23:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/11/30 23:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/11/30 23:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/11/30 23:25:58 | 000,000,000 | ---D | C] -- C:\9774dd8aed59d0d0da304aecc8f16278
[2010/11/30 23:09:01 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/11/30 23:08:53 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/11/30 23:08:35 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/11/30 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/11/30 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/11/30 22:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/30 22:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/11/30 22:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/11/30 22:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/11/30 22:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/11/30 21:30:08 | 000,000,000 | ---D | C] -- C:\Intel
[2010/11/30 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/11/30 20:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Secunia PSI
[2010/11/30 20:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/11/27 07:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Temp
[2010/11/27 03:53:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/27 03:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/24 02:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Malwarebytes
[2010/11/24 02:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/24 01:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/24 00:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/23 23:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/23 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\ewido anti-spyware 4.0
[2010/11/23 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\ewido anti-malware
[2010/11/17 08:33:28 | 000,018,944 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\PELMOUSE.SYS
[2010/11/17 08:33:28 | 000,017,920 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\pelusblf.sys
[2010/11/17 08:33:19 | 000,049,152 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pmpopo.dll
[2010/11/17 08:33:18 | 000,241,664 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pelutil.dll
[2010/11/17 08:33:18 | 000,225,280 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\hPppm.dll
[2010/11/17 08:33:18 | 000,114,688 | ---- | C] (ELECOM Electronics Ltd.) -- C:\WINDOWS\System32\pelscrll.dll
[2010/11/17 08:33:18 | 000,069,632 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pelhooks.dll
[2010/11/17 08:33:18 | 000,057,344 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICONSPY.EXE
[2010/11/17 08:33:18 | 000,056,128 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ico.exe
[2010/11/17 08:33:18 | 000,036,864 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\pelcomm.dll
[2010/11/17 08:33:17 | 000,126,976 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Twister.DLL
[2010/11/17 08:33:17 | 000,094,208 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelzoom.dll
[2010/11/17 08:33:17 | 000,045,056 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\SetupNT.exe
[2010/11/17 08:33:17 | 000,045,056 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ergo5b.dll
[2010/11/17 08:33:17 | 000,028,672 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\UnInst.exe
[2010/11/17 08:33:17 | 000,024,576 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelsetup.dll
[2010/11/17 08:33:17 | 000,018,944 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelmouse.sys
[2010/11/17 08:33:17 | 000,017,920 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelusblf.sys
[2010/11/17 08:33:17 | 000,008,704 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelvendr.sys
[2010/11/17 08:33:16 | 000,303,104 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PelSetup.exe
[2010/11/17 08:33:16 | 000,229,376 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMUninst.exe
[2010/11/17 08:33:16 | 000,159,854 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMaria.DLL
[2010/11/17 08:33:16 | 000,061,952 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMRESHP.DLL
[2010/11/17 08:33:16 | 000,040,960 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMTilt3.DLL
[2010/11/17 08:33:16 | 000,040,960 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMTILT.DLL
[2010/11/17 08:33:16 | 000,036,864 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMUninNT.exe
[2010/11/17 08:33:15 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\Notifier.dll
[2010/11/17 08:33:15 | 000,151,552 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELMICED.EXE
[2010/11/17 08:33:15 | 000,065,536 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMIBM.DLL
[2010/11/17 08:33:15 | 000,045,056 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMMO32R.DLL
[2010/11/17 08:33:15 | 000,045,056 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PELRESS.DLL
[2010/11/17 08:33:15 | 000,015,040 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PINSTNPD.EXE
[2010/11/17 08:33:15 | 000,014,848 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\PMMo32.DLL
[2010/11/17 08:33:14 | 000,619,467 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\HPbdo.dll
[2010/11/17 08:33:14 | 000,061,440 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\LaunHelp.exe
[2010/11/17 08:33:14 | 000,040,960 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\LaunHelp-backup.exe
[2010/11/17 08:33:13 | 000,290,816 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\HPWHEEL.dll
[2010/11/17 08:33:12 | 000,077,824 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Dynex5B.dll
[2010/11/17 08:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dynex
[2010/11/16 08:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/14 15:06:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/14 12:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2010/11/14 11:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Philipp Winterberg
[2010/11/14 02:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Ahead
[2010/11/14 01:59:45 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/11/14 01:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010/11/14 01:57:54 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010/11/14 01:57:54 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010/11/14 01:57:54 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2010/11/14 01:57:54 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010/11/14 01:57:53 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010/11/14 01:57:53 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/11/14 01:57:53 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/11/14 01:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/11/14 01:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/11/14 01:57:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents\My DVDs
[2010/11/14 01:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic
[2010/11/14 01:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/11/14 01:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Sonic
[2010/11/14 01:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/11/14 00:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Corel User Files
[2010/11/14 00:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Corel
[2010/11/13 12:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/11/12 23:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/12 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/11/12 23:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/12 23:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/12 20:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/11/12 20:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Office Genuine Advantage
[2010/11/12 18:32:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents\My Videos
[2010/11/12 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/12 18:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2010/11/12 18:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/11/12 18:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Real
[2010/11/12 18:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/12 16:05:59 | 001,113,088 | ---- | C] (Home Page Software Inc. -- info@homepagesw.com) -- C:\WINDOWS\System32\Webster.ocx
[2010/11/12 16:05:59 | 000,508,448 | ---- | C] (ProtoView Development Corp.) -- C:\WINDOWS\System32\pvdt40.ocx
[2010/11/12 16:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Rand McNally
[2010/11/12 16:00:59 | 000,000,000 | ---D | C] -- C:\palm
[2010/11/12 16:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Synergy Solutions, Inc
[2010/11/12 15:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Apple Computer
[2010/11/12 15:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Documents To Go
[2010/11/12 15:49:56 | 000,019,968 | ---- | C] (Handspring, Inc) -- C:\WINDOWS\System32\drivers\VisorUsb.sys
[2010/11/12 15:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Palm
[2010/11/12 15:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/12 15:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/12 15:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/12 15:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Apple
[2010/11/12 15:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/12 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/11/12 15:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Apple Computer
[2010/11/12 15:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/11/12 15:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/12 15:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/12 15:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\AdobeUM
[2010/11/12 08:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Smart Panel
[2010/11/12 00:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/12 00:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Sun
[2010/11/12 00:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/11/12 00:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/11/12 00:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/11/12 00:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/12 00:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Avira
[2010/11/11 23:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/11/11 23:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/11/11 23:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/11/11 22:54:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/11 22:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/11 22:46:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/11 22:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/11 22:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/11 22:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/11 22:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/11 22:36:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/11 22:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/11 22:13:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/11 22:12:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/11 21:52:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/11/11 21:52:38 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/11 21:52:38 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/11 21:52:38 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/11/11 21:52:38 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/11/11 21:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/11 21:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/11 21:47:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/11 21:07:29 | 000,049,457 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\FTSER2K.SYS
[2010/11/11 21:07:29 | 000,042,752 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\ser2pl.sys
[2010/11/11 21:07:29 | 000,018,102 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\FTDIBUS.SYS
[2010/11/11 21:07:29 | 000,010,496 | ---- | C] (ASIX Electronics Corp.) -- C:\WINDOWS\System32\drivers\AX88172.SYS
[2010/11/11 21:07:29 | 000,010,496 | ---- | C] (ASIX Electronics Corp.) -- C:\WINDOWS\System32\AX88172.SYS
[2010/11/11 21:07:28 | 000,414,208 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\Ftdiunin.exe
[2010/11/11 21:07:28 | 000,049,457 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\FTSER2K.SYS
[2010/11/11 21:07:28 | 000,042,752 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2010/11/11 21:07:28 | 000,018,102 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\FTDIBUS.SYS
[2010/11/11 21:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\F5U216 Ver2.11
[2010/11/11 21:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Runtime
[2010/11/11 21:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/11/11 21:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox
[2010/11/11 21:01:39 | 000,077,824 | ---- | C] (KMT Software, Inc.) -- C:\WINDOWS\System32\LLClientMiddleWare2.dll
[2010/11/11 21:01:39 | 000,036,864 | ---- | C] (KMT Software, Inc.) -- C:\WINDOWS\System32\LLInstances2.dll
[2010/11/11 21:01:39 | 000,032,768 | ---- | C] (KMT Software, Inc.) -- C:\WINDOWS\System32\XLLDFRequest2.dll
[2010/11/11 21:01:39 | 000,032,768 | ---- | C] (KMT Software, Inc.) -- C:\WINDOWS\System32\LLClasses2.dll
[2010/11/11 21:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\WordPerfect OfficeReady 1.5
[2010/11/11 20:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/11/11 20:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\WordPerfect Office X3
[2010/11/11 20:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/11/11 20:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2010/11/11 20:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2010/11/11 20:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/11/11 20:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2010/11/11 20:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/11/11 20:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/11/11 20:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\InstallShield
[2010/11/11 20:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/11/11 20:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Leadertech
[2010/11/11 20:35:14 | 000,163,840 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Screen Saver.scr
[2010/11/11 20:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2010/11/11 20:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2010/11/11 20:33:24 | 000,708,696 | ---- | C] (Digital Creations 2) -- C:\WINDOWS\System32\python21.dll
[2010/11/11 20:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Python
[2010/11/11 20:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Panel
[2010/11/11 20:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/11/11 20:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/11/11 20:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/11 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

[2010/11/11 20:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/11 20:01:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/11/11 20:00:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/11/11 20:00:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/11/11 19:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Macromedia
[2010/11/11 19:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Downloads
[2010/11/11 19:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Thunderbird
[2010/11/11 19:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Thunderbird
[2010/11/11 19:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/11/11 19:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Mozilla
[2010/11/11 19:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla
[2010/11/11 19:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/11 19:27:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft
[2010/11/11 19:27:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data
[2010/11/11 19:27:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis Paul Toscano\Favorites
[2010/11/11 19:27:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Louis Paul Toscano\Cookies
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\You've Got Pictures Screensaver
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\toshiba
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Microsoft
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Intuit
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Intel
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Identities
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Desktop
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\ApplicationHistory
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\AOL
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Adobe
[2010/11/11 19:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Adobe
[2010/11/11 19:27:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Louis Paul Toscano\SendTo
[2010/11/11 19:27:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis Paul Toscano\Start Menu
[2010/11/11 19:27:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents\My Pictures
[2010/11/11 19:27:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents\My Music
[2010/11/11 19:27:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis Paul Toscano\My Documents
[2010/11/11 19:27:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Louis Paul Toscano\Templates
[2010/11/11 19:27:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Louis Paul Toscano\PrintHood
[2010/11/11 19:27:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Louis Paul Toscano\NetHood
[2010/11/11 19:27:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings
[2010/11/11 19:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Yahoo
[2010/11/11 19:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\WINDOWS
[2010/11/11 19:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}
[2010/11/11 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/11/11 19:26:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/11/11 19:19:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2010/11/11 19:19:27 | 000,192,512 | ---- | C] (Arcsoft) -- C:\WINDOWS\System32\AdavVideoDec.dll
[2010/11/11 19:19:27 | 000,126,976 | ---- | C] (Arcsoft (HZ)) -- C:\WINDOWS\System32\AdavAudioDec.dll
[2010/11/11 19:19:27 | 000,110,592 | ---- | C] (Arcsoft Co. (hangzhou, PRC)) -- C:\WINDOWS\System32\ArcSpl.ax
[2010/11/11 19:19:27 | 000,048,128 | ---- | C] (Arcsoft Inc.) -- C:\WINDOWS\System32\mpgvideo.ax
[2010/11/11 19:19:27 | 000,047,616 | ---- | C] (Arcsoft Inc.) -- C:\WINDOWS\System32\mpgaudio.ax
[2010/11/11 19:17:16 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\pcdlib32.dll
[2010/11/11 19:17:13 | 000,139,264 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoBase Screen Saver.scr
[2010/11/11 19:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/11/11 19:16:46 | 000,163,840 | ---- | C] (Metamail Corp.) -- C:\WINDOWS\System32\MCCoreUtil.dll
[2010/11/11 19:16:46 | 000,135,168 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\XML30Lib.dll
[2010/11/11 19:16:46 | 000,069,632 | ---- | C] (Metamail Corp.) -- C:\WINDOWS\System32\MCSysUtil.dll
[2010/11/11 19:16:46 | 000,050,176 | ---- | C] (Blue Sky Software Corporation) -- C:\WINDOWS\System32\CSH.DLL
[2010/11/11 19:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Metamail Inc
[2006/01/19 16:30:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2010/12/08 06:44:24 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1286734880-2245071080-3680907127-1005.job
[2010/12/08 06:44:24 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1286734880-2245071080-3680907127-1005.job
[2010/12/08 06:41:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\OTL.exe
[2010/12/07 22:02:51 | 003,986,114 | R--- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ComboFix.exe
[2010/12/07 14:26:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 08:34:42 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\NewAppellateAppeals.doc
[2010/12/07 07:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 00:38:57 | 000,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 00:38:57 | 000,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/06 23:48:34 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\dds.scr
[2010/12/06 23:34:28 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\MBRCheck.exe
[2010/12/06 23:28:42 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\WORD Copy of GMER Scan.doc
[2010/12/06 21:38:04 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\gmer.zip
[2010/12/06 21:24:29 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 21:23:57 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/06 19:47:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/05 08:43:35 | 000,105,240 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\OldLWDDraft.wpd
[2010/12/05 08:40:42 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect X3.lnk
[2010/12/04 12:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/03 23:04:07 | 000,003,833 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/12/03 22:48:04 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyConnectâ„¢ Special Offer.lnk
[2010/12/03 22:24:08 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/03 18:18:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\TFC.exe
[2010/12/02 15:49:08 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Sweeney.doc
[2010/12/02 15:47:16 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\DVRSCert.doc
[2010/12/01 20:36:29 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/01 17:48:51 | 000,011,631 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\hijackthis2
[2010/12/01 17:25:47 | 000,002,585 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\HiJackThis.lnk
[2010/12/01 17:22:42 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\HiJackThis.msi
[2010/12/01 15:26:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/01 15:25:46 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Files named log.fnd
[2010/12/01 15:21:19 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\SUPERAntiSpyware.exe
[2010/12/01 14:52:57 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/01 14:29:46 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ccsetup301.exe
[2010/12/01 01:35:36 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\unbrand.vbs
[2010/11/30 19:13:48 | 000,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI
[2010/11/29 22:57:38 | 000,093,007 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\TreasuryAppeal.wpd
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 03:53:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/26 23:56:44 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/11/24 01:40:16 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Help2GoLog.doc
[2010/11/23 22:23:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\housecall.guid.cache
[2010/11/23 17:51:27 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/21 07:28:01 | 000,097,487 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\LWDFinalAppeal.wpd
[2010/11/17 16:19:11 | 000,054,265 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\NewLWDDraft.wpd
[2010/11/17 15:12:02 | 000,015,095 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\DraftOfProceduralHistory.wpd
[2010/11/17 10:27:51 | 000,425,113 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/15 21:37:52 | 000,001,056 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/15 20:19:36 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\FinalLWDAppealDraftCopy2.doc
[2010/11/15 17:46:07 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/15 17:45:50 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Windows Media Player.lnk
[2010/11/14 20:28:14 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\FinalLWDAppealDraft.doc
[2010/11/14 15:08:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/14 11:24:08 | 002,209,585 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\pxengine4_18_16a.zip
[2010/11/14 02:01:32 | 000,001,268 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/11/14 02:01:32 | 000,001,250 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/11/14 01:45:32 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start MyDVD.lnk
[2010/11/14 01:44:45 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start CinePlayer.lnk
[2010/11/12 23:53:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101117-102751.backup
[2010/11/12 23:43:18 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\SpywareBlaster.lnk
[2010/11/12 23:42:21 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/12 23:42:21 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Spybot - Search & Destroy.lnk
[2010/11/12 21:06:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\wklnhst.dat
[2010/11/12 21:06:20 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Microsoft Works.LNK
[2010/11/12 18:32:01 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/12 18:31:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/12 16:08:41 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AddressFinder.lnk
[2010/11/12 16:08:41 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StreetFinder Deluxe 2000.lnk
[2010/11/12 15:57:59 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Documents To Go.lnk
[2010/11/12 15:50:05 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Palm Desktop.lnk
[2010/11/12 15:46:16 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/12 14:54:14 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2010/11/12 08:14:50 | 000,000,029 | ---- | M] () -- C:\WINDOWS\DEBUGSM.INI
[2010/11/12 00:47:16 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/12 00:47:16 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/12 00:45:48 | 000,000,876 | ---- | M] () -- C:\WINDOWS\$_hpcst$.hpc
[2010/11/12 00:44:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/11/11 22:54:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/11 22:39:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/11 21:52:56 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/11 21:04:56 | 000,000,309 | ---- | M] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/11/11 21:01:54 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect OfficeReady.lnk
[2010/11/11 20:58:49 | 000,001,029 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/11/11 20:58:41 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Presentations X3.lnk
[2010/11/11 20:58:40 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quattro Pro X3.lnk
[2010/11/11 20:52:35 | 000,000,092 | ---- | M] () -- C:\Program FilesES_uninst.ini
[2010/11/11 20:52:32 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/11/11 20:46:42 | 000,000,044 | ---- | M] () -- C:\WINDOWS\EPSNX300.ini
[2010/11/11 20:45:55 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NX300 Series Information Center.lnk
[2010/11/11 20:44:40 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2010/11/11 20:36:41 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Perfection 1670 Reference Guide.lnk
[2010/11/11 20:35:15 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
[2010/11/11 20:34:38 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Presto! BizCard 4.1 (English Version).lnk
[2010/11/11 20:33:28 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Smart Panel.lnk
[2010/11/11 20:30:06 | 000,000,111 | ---- | M] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2010/11/11 20:27:32 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/11 19:38:24 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/11/11 19:38:24 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/11/11 19:34:52 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/11 19:34:52 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/11 19:27:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/11 19:22:45 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/11 19:20:30 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/11/11 19:20:24 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/11/11 19:19:45 | 000,000,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/11/11 19:17:11 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArcSoft Products.lnk
[2010/11/11 19:16:48 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Register with Toshiba.lnk
[2010/11/11 19:16:03 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk

========== Files Created - No Company Name ==========

[2010/12/07 22:03:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/07 22:03:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/07 22:03:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/07 22:03:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/07 22:03:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/07 21:57:36 | 003,986,114 | R--- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ComboFix.exe
[2010/12/06 23:48:33 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\dds.scr
[2010/12/06 23:34:27 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\MBRCheck.exe
[2010/12/06 23:28:41 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\WORD Copy of GMER Scan.doc
[2010/12/06 21:38:02 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\gmer.zip
[2010/12/06 21:24:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 16:46:17 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\NewAppellateAppeals.doc
[2010/12/03 22:24:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/03 19:35:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/01 17:36:23 | 000,011,631 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\hijackthis2
[2010/12/01 17:24:02 | 000,002,585 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\HiJackThis.lnk
[2010/12/01 17:22:40 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\HiJackThis.msi
[2010/12/01 15:26:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/01 15:25:46 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Files named log.fnd
[2010/12/01 14:52:57 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/01 01:35:06 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\unbrand.vbs
[2010/11/30 21:31:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/11/30 19:13:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2010/11/29 23:54:09 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\DVRSCert.doc
[2010/11/29 23:41:17 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Sweeney.doc
[2010/11/29 01:35:09 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1286734880-2245071080-3680907127-1005.job
[2010/11/27 03:53:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/27 03:53:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/26 23:56:44 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/11/24 01:40:16 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\Help2GoLog.doc
[2010/11/23 22:23:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\housecall.guid.cache
[2010/11/17 08:33:19 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\xMouse.cpl
[2010/11/17 08:33:14 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\HorizontalScroll.exe
[2010/11/15 21:41:12 | 000,015,095 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\DraftOfProceduralHistory.wpd
[2010/11/15 21:37:51 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/15 20:19:36 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\FinalLWDAppealDraftCopy2.doc
[2010/11/15 10:37:38 | 000,054,265 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\NewLWDDraft.wpd
[2010/11/15 10:37:07 | 000,105,240 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\OldLWDDraft.wpd
[2010/11/14 11:24:05 | 002,209,585 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\pxengine4_18_16a.zip
[2010/11/14 02:02:18 | 000,052,521 | ---- | C] () -- C:\WINDOWS\UNNMP.cfg
[2010/11/14 02:01:32 | 000,001,268 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/11/14 02:01:32 | 000,001,250 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/11/14 01:58:26 | 000,110,791 | ---- | C] () -- C:\WINDOWS\UNNeroVision.cfg
[2010/11/14 01:46:14 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start MyDVD.lnk
[2010/11/14 01:44:50 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start CinePlayer.lnk
[2010/11/14 00:45:02 | 000,093,007 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\TreasuryAppeal.wpd
[2010/11/14 00:44:10 | 000,097,487 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\LWDFinalAppeal.wpd
[2010/11/12 23:43:18 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\SpywareBlaster.lnk
[2010/11/12 23:42:21 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/12 23:42:21 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Spybot - Search & Destroy.lnk
[2010/11/12 22:13:02 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\My Documents\FinalLWDAppealDraft.doc
[2010/11/12 21:06:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\wklnhst.dat
[2010/11/12 21:06:20 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Microsoft Works.LNK
[2010/11/12 19:30:50 | 000,003,833 | ---- | C] () -- C:\WINDOWS\machine.ver
[2010/11/12 18:32:23 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1286734880-2245071080-3680907127-1005.job
[2010/11/12 18:32:01 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/12 16:08:41 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AddressFinder.lnk
[2010/11/12 16:08:41 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StreetFinder Deluxe 2000.lnk
[2010/11/12 16:05:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2010/11/12 16:05:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/11/12 15:57:59 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Documents To Go.lnk
[2010/11/12 15:50:05 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Palm Desktop.lnk
[2010/11/12 15:49:56 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2010/11/12 15:46:15 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/12 15:45:08 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/12 08:14:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/11/12 00:45:48 | 000,000,876 | ---- | C] () -- C:\WINDOWS\$_hpcst$.hpc
[2010/11/12 00:44:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/11/11 22:29:45 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/11 22:29:33 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/11 22:28:37 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/11 21:52:56 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/11 21:07:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\Un2k.exe
[2010/11/11 21:07:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/11/11 21:03:32 | 000,000,309 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/11/11 21:01:54 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect OfficeReady.lnk
[2010/11/11 21:01:38 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2010/11/11 20:58:41 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect X3.lnk
[2010/11/11 20:58:41 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quattro Pro X3.lnk
[2010/11/11 20:58:41 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Presentations X3.lnk
[2010/11/11 20:45:55 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NX300 Series Information Center.lnk
[2010/11/11 20:44:40 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2010/11/11 20:41:13 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/11 20:41:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/11 20:41:13 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/11 20:41:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/11 20:41:13 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/11 20:41:13 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/11 20:41:13 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/11 20:41:13 | 000,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010/11/11 20:41:13 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/11 20:41:13 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010/11/11 20:41:13 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010/11/11 20:41:13 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010/11/11 20:41:13 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010/11/11 20:41:13 | 000,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010/11/11 20:41:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/11 20:41:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/11 20:41:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/11 20:41:13 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/11 20:41:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/11 20:41:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/11 20:41:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/11 20:41:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/11 20:40:51 | 000,000,092 | ---- | C] () -- C:\Program FilesES_uninst.ini
[2010/11/11 20:40:49 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/11/11 20:40:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSNX300.ini
[2010/11/11 20:36:41 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Perfection 1670 Reference Guide.lnk
[2010/11/11 20:35:15 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
[2010/11/11 20:34:38 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Presto! BizCard 4.1 (English Version).lnk
[2010/11/11 20:34:33 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2010/11/11 20:33:28 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Smart Panel.lnk
[2010/11/11 20:33:24 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2010/11/11 20:33:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/11/11 20:31:26 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/11/11 20:31:26 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2010/11/11 20:31:26 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/11/11 20:30:34 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ESFW30.BIN
[2010/11/11 20:30:06 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2010/11/11 20:17:07 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2010/11/11 19:38:24 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/11/11 19:38:24 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/11/11 19:34:52 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/11 19:34:52 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/11 19:27:50 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\Windows Media Player.lnk
[2010/11/11 19:27:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/11 19:27:40 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2010/11/11 19:27:39 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/11 19:22:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/11 19:20:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/11/11 19:17:11 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArcSoft Products.lnk
[2010/11/11 19:16:48 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Register with Toshiba.lnk
[2010/11/11 19:16:46 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2010/11/11 19:16:03 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/01/19 17:29:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/19 17:29:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/19 17:29:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/19 17:29:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/19 17:29:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/19 17:29:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/19 16:56:27 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/19 16:51:50 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/19 16:42:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/01/19 16:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/19 16:39:38 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/19 16:39:38 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/19 16:32:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/19 16:32:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/19 16:32:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/19 16:32:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/19 16:30:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/19 15:18:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/19 15:10:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/19 13:57:27 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/19 07:06:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/17 14:24:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/11/11 20:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/11/11 20:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/11/23 23:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/30 22:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/12/07 09:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/11 20:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/01/19 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/11 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Leadertech
[2010/11/14 12:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Philipp Winterberg
[2010/11/12 08:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Smart Panel
[2010/12/03 22:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\SystemRequirementsLab
[2010/11/11 19:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Thunderbird
[2006/01/19 16:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis Paul Toscano\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/01/19 15:13:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/01 14:47:46 | 000,024,936 | ---- | M] () -- C:\AVSCAN-20101201-091312-EFB9446A.LOG
[2010/12/06 20:57:35 | 000,022,320 | ---- | M] () -- C:\AVSCAN-20101206-200159-FFA7BA2E.LOG
[2010/11/14 15:08:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/27 03:53:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/07 22:16:57 | 000,026,182 | ---- | M] () -- C:\ComboFix.txt
[2006/01/19 15:13:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/29 16:20:10 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
[2010/11/12 23:52:08 | 000,125,669 | ---- | M] () -- C:\immudebug.log
[2006/01/19 15:13:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/01/19 17:00:39 | 000,001,224 | -H-- | M] () -- C:\IPH.PH
[2006/01/19 15:13:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/11 22:39:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/07 07:40:49 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/11/11 20:52:35 | 000,000,092 | ---- | M] () -- C:\Program FilesES_uninst.ini

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/01/19 15:13:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/08 19:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
[2006/01/19 16:54:51 | 032,694,346 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\sat_screensaver_30mb.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/01/19 07:05:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/01/19 07:05:38 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/01/19 07:05:38 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/11/11 22:47:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/15 17:46:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/06 13:19:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/01 14:29:46 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ccsetup301.exe
[2010/12/07 22:02:51 | 003,986,114 | R--- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ComboFix.exe
[2010/11/30 21:56:57 | 036,611,192 | ---- | M] (Intel(R) Corporation) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\ICS_x32.exe
[2010/11/27 00:17:32 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\jre-6u22-windows-i586.exe
[2010/12/06 21:23:57 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/06 23:34:28 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Desktop\MBRCheck.exe
[2010/12/08 06:41:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\OTL.exe
[2010/11/14 02:04:19 | 001,312,845 | ---- | M] (Sonic Solutions ) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\PatchGdiPlus.EXE
[2010/12/01 19:54:56 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\PowerPointViewer.exe
[2010/12/01 15:21:19 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\SUPERAntiSpyware.exe
[2010/12/03 18:18:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\TFC.exe
[2010/11/30 23:07:32 | 031,726,733 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Louis Paul Toscano\Desktop\WDM_R254.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2001/03/20 23:49:00 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Driver Cache\DrvUpdt.exe
[2005/07/06 04:12:00 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e1000msg.dll
[2005/10/10 22:30:28 | 000,199,680 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100a325.inf
[2006/02/06 17:08:52 | 000,225,032 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100a325.PNF
[2005/10/07 03:26:34 | 000,199,269 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100ant5.inf
[2006/02/06 17:08:52 | 000,224,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100ant5.PNF
[2005/10/18 16:03:18 | 000,033,791 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.cat
[2005/05/18 19:38:26 | 000,005,178 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.din
[2005/10/13 01:39:00 | 000,292,274 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.inf
[2006/02/06 17:08:52 | 000,277,636 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.PNF
[2005/10/10 02:31:42 | 000,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100b325.sys
[2005/06/15 19:48:24 | 000,036,864 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100bmsg.dll
[2005/05/18 19:51:12 | 000,005,182 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100bnt5.din
[2005/10/10 02:37:16 | 000,152,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100bnt5.sys
[2005/07/13 04:06:44 | 000,002,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5032.din
[2005/09/14 05:23:02 | 000,172,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\E1e5032.SYS
[2005/10/13 02:31:50 | 000,014,286 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.cat
[2005/07/13 04:06:44 | 000,002,790 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.din
[2005/10/06 04:45:22 | 000,184,583 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.inf
[2006/02/06 17:08:52 | 000,216,012 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.PNF
[2005/09/14 05:24:08 | 000,179,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\E1e5132.sys
[2005/06/22 22:59:00 | 000,017,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\EtCo32.dll
[2005/11/09 01:50:48 | 000,379,243 | ---- | M] () -- C:\WINDOWS\Driver Cache\GIGA.exe
[2005/09/27 17:41:00 | 000,009,157 | ---- | M] () -- C:\WINDOWS\Driver Cache\iamt.cat
[2005/06/28 22:57:00 | 000,002,570 | ---- | M] () -- C:\WINDOWS\Driver Cache\IAMT.din
[2005/08/20 19:32:16 | 000,031,802 | ---- | M] () -- C:\WINDOWS\Driver Cache\IAMT.inf
[2006/02/06 17:08:52 | 000,026,988 | ---- | M] () -- C:\WINDOWS\Driver Cache\IAMT.PNF
[2005/08/20 19:31:50 | 000,032,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\IAMT03.sys
[2005/08/20 19:32:06 | 000,039,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\IAMT2K.sys
[2005/08/20 19:31:58 | 000,038,528 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\IAMTXP.sys
[2006/02/06 17:08:52 | 000,030,800 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1
[2005/09/27 17:41:00 | 000,007,449 | ---- | M] () -- C:\WINDOWS\Driver Cache\iresol.cat
[2005/06/19 14:48:48 | 000,010,946 | ---- | M] () -- C:\WINDOWS\Driver Cache\iresol.inf
[2006/02/06 17:08:52 | 000,012,556 | ---- | M] () -- C:\WINDOWS\Driver Cache\iresol.PNF
[2005/11/09 01:18:16 | 000,379,240 | ---- | M] () -- C:\WINDOWS\Driver Cache\LANF.exe
[2005/06/14 10:08:42 | 000,020,480 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\NicCo32.dll
[2005/05/18 19:28:12 | 000,021,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\NicIn32.dll
[2005/06/15 01:27:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\PROUnstl.exe
[2006/01/13 19:28:12 | 000,008,614 | ---- | M] () -- C:\WINDOWS\Driver Cache\tcusb.cat
[2006/01/13 19:28:12 | 000,003,193 | ---- | M] () -- C:\WINDOWS\Driver Cache\tcusb.inf
[2006/02/06 17:08:52 | 000,008,856 | ---- | M] () -- C:\WINDOWS\Driver Cache\tcusb.PNF
[2006/01/13 19:28:12 | 000,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\Driver Cache\tcusb.sys
[2005/10/18 20:19:46 | 000,000,013 | ---- | M] () -- C:\WINDOWS\Driver Cache\verfile.tic

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/15 17:46:03 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/07 22:51:56 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Cookies\desktop.ini
[2010/12/08 06:44:22 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Louis Paul Toscano\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/08/01 00:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[2005/10/02 22:51:04 | 004,673,840 | ---- | M] () -- C:\WINDOWS\Installer\welcomeTour.exe
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 04:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 04:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 04:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 04:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PdxRegCl deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Louis Paul Toscano
->Temp folder emptied: 1107805 bytes
->Temporary Internet Files folder emptied: 21915453 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 35689 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Louis Paul Toscano
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12092010_081932

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
Mozilla Firefox (3.6.12) Firefox Out of Date!
Mozilla Thunderbird (3.1.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

ESET did not find any threats when it ran; but I did not uninstall the files it created, as was my option. Any parting recommendations?

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

Thank you. I doubt you want to see any logs. Secunia just ran and gave it a 100% score. I think I will keep it and not mess with it any further.

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

The last couple of time I opened IE7 it opened slow, but the last thing I have to do is defrag, which I have not done in a long time.

 

Trojan/W32.Agent.122880.AF; TR/Spy.Zbot.avca

About defrag, should I do it in Safe Mode?