please please please HELP!! had vundo and now not sure

mobiusedge · February 24, 2010

I've been running Malwarebytes and it consistently finds stuff to remove. At first it was 27 files last week and now it's down to 2-3 per scan. I can't seem to clear this thing. It won't let me run my download of AVG, or McAfee or any antivirus program. It demolished my ridiculous Norton. At one point I had no windows defender and no task manager...but through cleaning it using hijack I was able to clear some of that and reinstall with microsoft fix.

Now when I try to browse on firefox it keeps bringing me to either fake sites or pro-virus-2010 and locking the system and I still can't run any antivirus (or install) except for malwarebytes even when I rename the files. I can't reinstall because my laptop no longer recognizes my cd rom.

Please please please help. I have to send out word files for work and am afraid if I don't clean this completely off I'll infect all of my professional affiliates.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 8:54:53 PM, on 2/23/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16982)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\wuauclt.exe

- Hide quoted text -

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10846 bytes

Elise · February 24, 2010

Hello , and welcome to Malwarebytes forum!

First of all I need a little more information in order to see what is running on your computer.

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

GMER

-------

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply, please include the following:

OTL report
GMER log

mobiusedge · February 25, 2010

Hi and thank you so very much for your help! Am at wit's end with this, after trying to work on it for a week.

I'm including the OTL reports. I was unable to get GMER to complete a run. I was unable to reach any of your links on this machine, as both firefox and explorer claimed they did not exist, so I downloaded them to USB on another PC and installed to desk -top from that. I used the link with the randomly generated GMER name.

OTL ran a scan, produced logs and then automatically went into running another scan which I could not close. So I went to task manager and did so. Then it restarted on it's own and when I tried to find task manager again, system crashed.

GMER ran for sometime and then system crashed. I tried it again, another crash. I attempted to run it in Safe Mode and about 6 minutes into it received an error message that the program was unable to perform and then it locked up and wouldn't run. I tried again, same thing.

Interesting that when I was initially able to run Task Manager (it won't any longer CNRTL ALT DELETE simply crashes my system) it showed multiple instances of Explorer running when my desk top shows nothing. Also I've tried to update Malwarebytes, it won't. I don't think I've any virus protection installed at this point. Norton has been dead since the onset of infection and it won't even let me uninstall. When I click on it I get ...nothing. Windows Defender is visually missing, even on C: prompt searches, but it won't let me install a new copy because it claims my Vista already has it (haha). Attempts to download AVG, ANTIVIRA, Microsoft security and McAfee this week have provided fruitless, I can't even install the newer version of hijack this, I've just got the latest beta. It won't let me install combofix, even from a USB.

I really (greatly) appreciate your help with this. I need the laptop for work and...it's not really working.... am splitting the logs into two posts as the system here said my post was too long ....

OTL Extras logfile created on: 2/24/2010 6:58:55 PM - Run 1

OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Mandelbrot Set\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.95 Gb Total Space | 123.42 Gb Free Space | 55.86% Space Free | Partition Type: NTFS

Drive D: | 11.93 Gb Total Space | 1.86 Gb Free Space | 15.57% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MANDELBROTSE-PC

Current User Name: Mandelbrot Set

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2058972278-2005446822-1674945532-1000\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"" =

"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1625A960-617F-4C07-9609-C3ACAF7280E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E28FB247-D4CA-43FE-9476-DE28068C7ED5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08EEE60A-3618-4E34-93D7-14D9E3D17F46}" = protocol=6 | dir=in | app=c:\program files\microsoft games\chess\chess.exe |

"{0AD5B223-8147-4E9A-B40B-8DF3ECAA4298}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{0D1A302D-8F2B-415C-86F9-DA1542419F2D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{0F607801-A4B6-4147-9064-46CB39DE27B1}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccsvchst.exe |

"{20DCE889-27D4-447F-9840-C3E0230C4342}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |

"{289029AE-46BA-43CB-9F16-F6BACE7EA1EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{28C3ABFA-31CF-4625-9894-78C32C773282}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3444A4EA-77B5-469D-AA4D-71455F31D642}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{357C9712-CAAF-4CD6-AED4-8D58C498A184}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |

"{3643A60E-DA65-4204-9733-FE4B08215FA5}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |

"{3F904ED3-98FD-4905-A902-5B8D25BC4F17}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{42B94392-C2B3-4B41-AE9D-0D112B661E96}" = protocol=6 | dir=in | app=c:\users\mandelbrot set\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{45AEBAB3-743C-4A9F-A278-BA597C8B0134}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{4D630C61-B791-4168-9D33-4A64A5F7450F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{54796431-66DD-47AF-80CB-CC806D8B9D64}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{57A55DCB-2730-478E-98EB-6CC3C4E96661}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{62438004-124B-487F-BDDB-677667741CFF}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |

"{670233F6-E20B-4B17-B484-B809C2C1072B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{6F209FEC-9483-4CD2-B5BA-B3885DD89B0A}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |

"{728CE06A-8678-4BCF-8355-56339D88A5A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7E0152FA-F611-4D14-896E-9A1DB1AF7AAE}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\kernel\tv\qpcapsvc.exe |

"{7F4D586F-1FB1-4F87-978D-12AB0058D589}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{8F96A033-C107-4059-B309-EF34092D92F5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{904EDA3B-C3DA-4A8E-A547-4E825A737C8D}" = protocol=17 | dir=in | app=c:\users\mandelbrot set\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{91D340FD-2951-4E5B-87C2-57F25A5923BC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{97FC2888-0F83-456D-B694-B39264C88932}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{9D005AC5-2F8B-49F6-B50E-02625174F38F}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\kernel\tv\qpcapsvc.exe |

"{9D8A49D0-2060-4C44-AA71-AECE24CBD001}" = protocol=17 | dir=in | app=c:\users\mandelbrot set\appdata\local\google\google talk plugin\googletalkplugin.dll |

"{A66F9A0D-A37A-477E-9D51-280E9E9D1000}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{AE828F8F-C1BE-4F59-BBC8-429FA9BEC020}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B3CC0A6F-B30B-4A35-A844-FF12FC4E0E0E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{B895E94E-8258-4EE3-A547-D4A05EC3833B}" = protocol=6 | dir=in | app=c:\users\mandelbrot set\appdata\local\google\google talk plugin\googletalkplugin.dll |

"{C9D2305A-47F9-4C8F-A28F-711D73752C2C}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |

"{D03E6D96-2E82-4B3C-B1C8-48029A001DF0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{D24CF6C7-1019-4DFE-91BD-7A718FACE2CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{D5C48FB0-1D13-4E8C-B89D-110E14EFE35B}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{EF9EEFBD-2826-49A8-ACA8-788FA6BDAD26}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccsvchst.exe |

"{F4B980D1-1063-4538-A797-B398389C2CF5}" = protocol=17 | dir=in | app=c:\program files\microsoft games\chess\chess.exe |

"{F7C87912-3158-4093-8127-A710A4DA185A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims

mobiusedge · February 25, 2010

OTL logfile created on: 2/24/2010 6:58:55 PM - Run 1

OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Mandelbrot Set\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.95 Gb Total Space | 123.42 Gb Free Space | 55.86% Space Free | Partition Type: NTFS

Drive D: | 11.93 Gb Total Space | 1.86 Gb Free Space | 15.57% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MANDELBROTSE-PC

Current User Name: Mandelbrot Set

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 18:51:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mandelbrot Set\Desktop\OTL.exe

PRC - [2010/02/17 16:17:40 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/18 04:56:05 | 000,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/07/13 13:03:10 | 000,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/07/13 13:02:50 | 000,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/06/01 23:55:22 | 000,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

PRC - [2007/09/30 19:34:54 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

PRC - [2007/09/30 19:34:54 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

PRC - [2007/09/30 19:34:14 | 000,181,544 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe

PRC - [2007/09/19 16:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

PRC - [2007/09/19 14:31:34 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

PRC - [2007/09/13 07:47:52 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

PRC - [2007/09/04 13:54:20 | 000,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

PRC - [2007/08/31 10:30:42 | 000,181,600 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

PRC - [2007/08/23 17:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2007/08/23 17:36:30 | 000,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

PRC - [2007/07/09 15:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

PRC - [2007/07/09 00:11:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe

PRC - [2007/05/16 10:12:20 | 000,671,744 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

PRC - [2007/05/08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

PRC - [2007/01/29 11:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe

PRC - [2007/01/09 02:25:30 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe

PRC - [2007/01/08 14:53:06 | 000,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

PRC - [2006/11/02 04:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

PRC - [2006/11/02 01:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2006/09/08 07:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe

PRC - [2006/05/02 14:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

========== Modules (SafeList) ==========

MOD - [2010/02/24 18:51:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mandelbrot Set\Desktop\OTL.exe

MOD - [2006/11/02 01:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/07/13 13:02:50 | 000,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2008/01/31 22:44:21 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008/01/18 23:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/18 23:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/11/01 23:45:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/30 19:34:54 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)

SRV - [2007/09/30 19:34:54 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)

SRV - [2007/09/19 16:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)

SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/31 10:15:06 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [On_Demand | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)

SRV - [2007/08/23 17:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2007/08/23 10:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/21 21:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

SRV - [2007/07/23 15:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007/07/09 15:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)

SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007/01/09 02:25:30 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/05/02 14:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)

SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/02/03 01:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100217.005\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/02/03 01:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100217.005\NAVENG.SYS -- (NAVENG)

DRV - [2010/01/18 18:25:46 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009/11/19 19:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100210.001\IDSvix86.sys -- (IDSvix86)

DRV - [2009/07/28 15:33:56 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/06/05 10:42:38 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)

DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/03/19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/02/19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2009/02/19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)

DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/08 18:21:15 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2008/06/18 16:26:21 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PzWDM.sys -- (PzWDM)

DRV - [2008/02/13 22:07:50 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)

DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2007/10/08 12:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2007/10/08 12:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)

DRV - [2007/10/01 07:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2007/09/18 21:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/08/26 14:20:34 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/08/08 13:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)

DRV - [2007/07/09 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/07/07 12:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/06/19 12:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/06/19 12:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/06/19 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/15 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 00:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/01 23:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/01 23:30:54 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel®

DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/11/01 22:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)

DRV - [2006/10/18 18:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2006/06/18 00:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2005/03/23 21:55:06 | 000,020,176 | R--- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000\S-1-5-21-2058972278-2005446822-1674945532-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000\S-1-5-21-2058972278-2005446822-1674945532-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.3

FF - prefs.js..extensions.enabledItems: {65B9E4DC-7266-4851-974A-13F0EADC11E9}:1.9.1

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{65B9E4DC-7266-4851-974A-13F0EADC11E9}: C:\Users\Mandelbrot Set\AppData\Local\{65B9E4DC-7266-4851-974A-13F0EADC11E9} [2010/02/17 20:32:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/17 16:17:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/17 16:17:44 | 000,000,000 | ---D | M]

[2009/01/26 12:40:15 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\Mozilla\Extensions

[2010/02/24 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\Mozilla\Firefox\Profiles\lrxe18b8.default\extensions

[2009/09/14 01:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandelbrot Set\AppData\Roaming\Mozilla\Firefox\Profiles\lrxe18b8.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2009/01/26 12:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/22 21:46:41 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

O4 - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-2058972278-2005446822-1674945532-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper: C:\Users\Mandelbrot Set\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/02 01:06:03 | 000,000,074 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{cf5cf58b-4c84-11dd-aa0c-001d7241bd59}\Shell - "" = AutoRun

O33 - MountPoints2\{cf5cf58b-4c84-11dd-aa0c-001d7241bd59}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{cf5cf5ac-4c84-11dd-aa0c-001d7241bd59}\Shell - "" = AutoRun

O33 - MountPoints2\{cf5cf5ac-4c84-11dd-aa0c-001d7241bd59}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 18:54:34 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Mandelbrot Set\Desktop\OTL.exe

[2010/02/24 00:00:21 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/02/24 00:00:21 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/02/24 00:00:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010/02/24 00:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/02/24 00:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/02/23 22:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/02/23 22:33:25 | 000,000,000 | ---D | C] -- C:\20980b54778acaad5d

[2010/02/23 21:19:25 | 000,000,000 | ---D | C] -- C:\6c53dffa12f1d59c80b3cd04d2

[2010/02/23 20:48:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/02/23 20:40:58 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/02/23 20:40:58 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/02/23 20:40:57 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/02/23 20:40:57 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/02/23 20:40:57 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/02/23 20:40:57 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/02/23 20:40:57 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/02/23 20:40:57 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/02/23 20:40:57 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/02/23 20:02:08 | 000,000,000 | ---D | C] -- C:\4a21c12cca5ba22efecae7

[2010/02/23 20:01:30 | 004,493,736 | ---- | C] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\Desktop\notwindows.exe

[2010/02/23 19:45:23 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Mandelbrot Set\Desktop\googoo.exe

[2010/02/23 00:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair

[2010/02/23 00:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mandelbrot Set\AppData\Roaming\Uniblue

[2010/02/23 00:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

[2010/02/20 16:03:26 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mandelbrot Set\HJTInstall.exe

[2010/02/19 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/02/19 22:41:08 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\Silverlight.exe

[2010/02/18 20:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/02/18 20:52:02 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Users\Mandelbrot Set\ccsetup228.exe

[2010/02/18 19:27:26 | 001,044,168 | ---- | C] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\vbrun60sp5.exe

[2010/02/18 19:08:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/02/18 19:08:20 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/02/18 19:04:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/02/18 19:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2010/02/18 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\Mandelbrot Set\AppData\Roaming\PC Tools

[2010/02/18 19:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/02/18 19:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010/02/18 18:32:48 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/02/18 18:32:38 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Users\Mandelbrot Set\Desktop\VundoFix.exe

[2010/02/18 07:47:00 | 000,000,000 | ---D | C] -- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP

[2010/02/18 07:38:10 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Mandelbrot Set\gumball.exe.exe

[2010/02/18 02:00:25 | 000,000,000 | ---D | C] -- C:\Users\Mandelbrot Set\AppData\Roaming\AVG8

[2010/02/17 23:06:01 | 000,000,000 | ---D | C] -- C:\Users\Mandelbrot Set\AppData\Roaming\Malwarebytes

[2010/02/17 23:03:08 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mandelbrot Set\Desktop\explorer.exe.exe

[2010/02/17 22:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/02/17 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/17 21:02:55 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mandelbrot Set\explorer.exe.exe

[2010/02/17 20:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/02/17 20:32:53 | 000,000,000 | ---D | C] -- C:\Users\Mandelbrot Set\AppData\Local\{65B9E4DC-7266-4851-974A-13F0EADC11E9}

[2010/02/10 08:31:04 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/02/10 08:30:59 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/02/10 08:29:21 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe

[2010/02/10 08:29:20 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll

[2010/02/10 08:28:58 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/02/10 08:28:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010/02/10 08:28:54 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010/02/10 08:28:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010/02/10 08:28:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2010/02/02 04:07:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/02/02 04:07:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/02/02 03:37:26 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll

[2010/02/02 03:37:25 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2010/02/02 03:37:23 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe

[2010/02/02 03:37:23 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl

[2010/02/02 03:37:22 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/02/02 03:37:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll

[2010/02/02 03:37:17 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll

[2010/02/02 03:37:11 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/02/02 03:15:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/02/02 03:15:07 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2010/02/02 03:14:56 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2010/02/01 19:46:30 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2010/02/01 19:46:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll

[2010/02/01 19:46:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE

[2010/02/01 19:46:28 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE

[2010/02/01 19:46:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE

[2010/02/01 19:46:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE

[2010/02/01 19:46:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe

[2010/02/01 19:46:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE

[2010/02/01 19:46:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE

[2010/02/01 19:46:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2010/02/01 19:44:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2010/02/01 19:44:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2010/02/01 19:44:11 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/02/01 19:44:04 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll

[2010/02/01 19:44:03 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll

[2010/02/01 19:43:54 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/02/01 19:43:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/02/01 19:43:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll

[2010/02/01 19:43:53 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/02/01 19:43:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/02/01 19:43:43 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2010/02/01 19:43:39 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/02/01 19:43:38 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/02/01 19:43:37 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/02/01 19:43:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/02/01 19:43:35 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/02/01 19:43:35 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2010/02/01 19:43:35 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2010/02/01 19:43:34 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/02/01 19:43:34 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2010/02/01 19:43:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/02/01 19:43:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/02/01 19:43:33 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/02/01 19:43:33 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll

[2010/02/01 19:43:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2010/02/01 19:43:32 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/02/01 19:43:32 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2010/02/01 19:43:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/02/01 19:43:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/02/01 19:43:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2010/02/01 19:43:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2010/02/01 19:43:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/02/01 19:43:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/02/01 19:42:10 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll

[2010/02/01 19:42:10 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll

[2010/02/01 19:42:09 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll

[2010/02/01 19:42:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll

[2010/02/01 19:42:07 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll

[2010/02/01 19:41:28 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2010/02/01 19:41:27 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2010/02/01 19:41:26 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2010/02/01 19:41:26 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe

[2010/02/01 19:41:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe

[2010/02/01 19:41:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll

[2010/02/01 19:40:52 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2010/02/01 19:40:52 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2010/02/01 19:40:48 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2010/02/01 19:40:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2010/02/01 19:40:17 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2010/02/01 19:40:17 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2010/02/01 19:40:14 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll

[2010/02/01 19:40:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010/02/01 19:40:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2010/02/01 19:40:10 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010/02/01 19:40:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2010/02/01 19:39:56 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll

[2010/02/01 19:35:44 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/02/01 19:35:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb

[2010/02/01 19:35:18 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb

[2010/02/01 19:32:31 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/02/01 19:32:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/02/01 19:32:30 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/02/01 19:30:22 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2010/02/01 19:30:06 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

[2010/02/01 19:29:35 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2010/02/01 19:29:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2010/02/01 19:29:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2010/02/01 19:29:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2010/02/01 19:29:32 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2008/07/15 11:09:27 | 000,308,600 | ---- | C] (Symantec Corporation) -- C:\ProgramData\NortonProtectionMemo.exe

[2007/11/01 23:40:30 | 000,160,768 | ---- | C] (Sonic Solutions) -- C:\Users\Mandelbrot Set\AppData\Local\idocijezoweqohar.dll

[2007/11/01 23:40:30 | 000,044,544 | ---- | C] (The GLib developer community) -- C:\Users\Mandelbrot Set\AppData\Local\SAPleni.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 19:06:01 | 003,145,728 | -HS- | M] () -- C:\Users\Mandelbrot Set\ntuser.dat

[2010/02/24 19:05:32 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A820D7B-3EA7-4DAD-8EE9-087BE78E5FA2}.job

[2010/02/24 18:54:32 | 000,028,190 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Roaming\nvModes.001

[2010/02/24 18:51:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mandelbrot Set\Desktop\OTL.exe

[2010/02/24 18:44:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/02/24 18:44:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/02/24 15:47:53 | 002,088,080 | ---- | M] () -- C:\Users\Mandelbrot Set\Documents\Windef2.nfo

[2010/02/24 15:20:55 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/02/24 15:20:55 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/02/24 15:20:55 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/02/24 15:20:17 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/02/24 14:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/02/24 03:20:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/02/24 03:20:25 | 000,362,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/02/24 03:18:08 | 001,550,870 | -H-- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\IconCache.db

[2010/02/24 00:36:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml

[2010/02/24 00:36:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml

[2010/02/23 23:37:29 | 000,002,535 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\HiJackThis.lnk

[2010/02/23 23:20:55 | 030,909,992 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\marymary.exe

[2010/02/23 20:01:31 | 004,493,736 | ---- | M] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\Desktop\notwindows.exe

[2010/02/23 19:55:28 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/02/23 19:45:24 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Mandelbrot Set\Desktop\googoo.exe

[2010/02/23 00:56:32 | 000,000,840 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\Free Window Registry Repair.lnk

[2010/02/23 00:55:49 | 000,798,000 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\RegpairSetup.exe

[2010/02/23 00:24:53 | 000,000,677 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\Fix it - Microsoft ATS.lnk

[2010/02/22 22:46:47 | 000,001,356 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\d3d9caps.dat

[2010/02/22 21:46:41 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/02/21 16:21:19 | 000,003,626 | ---- | M] () -- C:\Users\Mandelbrot Set\photo.jpg.part

[2010/02/21 16:20:11 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\photo.jpg

[2010/02/20 22:59:46 | 000,000,825 | ---- | M] () -- C:\Windows\lsrslt.ini

[2010/02/20 16:03:29 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mandelbrot Set\HJTInstall.exe

[2010/02/19 22:41:16 | 004,938,120 | ---- | M] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\Silverlight.exe

[2010/02/19 19:14:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\helpers32.dll

[2010/02/19 19:14:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ES15.exe

[2010/02/19 00:47:01 | 000,035,840 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/18 20:53:33 | 000,001,670 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\CCleaner.lnk

[2010/02/18 20:52:07 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\Mandelbrot Set\ccsetup228.exe

[2010/02/18 19:42:48 | 000,002,627 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\Microsoft Office Word 2007.lnk

[2010/02/18 19:27:26 | 001,044,168 | ---- | M] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\vbrun60sp5.exe

[2010/02/18 19:08:24 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/18 18:32:04 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Users\Mandelbrot Set\Desktop\VundoFix.exe

[2010/02/18 09:36:06 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\maletupe

[2010/02/18 07:48:05 | 000,124,364 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2010/02/18 07:38:11 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Mandelbrot Set\gumball.exe.exe

[2010/02/18 01:39:48 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\Isarudibotaxar.bin

[2010/02/18 01:10:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\15724.exe

[2010/02/18 00:50:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\19169.exe

[2010/02/18 00:30:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\26500.exe

[2010/02/18 00:10:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\6334.exe

[2010/02/17 23:50:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe

[2010/02/17 23:30:04 | 000,004,278 | ---- | M] () -- C:\Windows\System32\warnings.html

[2010/02/17 23:24:28 | 000,000,120 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\Yxasiqinicimay.dat

[2010/02/17 21:58:48 | 000,363,008 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\rkill.com

[2010/02/17 21:03:23 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mandelbrot Set\explorer.exe.exe

[2010/02/17 21:03:23 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mandelbrot Set\Desktop\explorer.exe.exe

[2010/02/17 20:39:36 | 001,401,344 | ---- | M] () -- C:\Users\Mandelbrot Set\HijackThis.msi

[2010/02/17 19:45:40 | 000,000,008 | ---- | M] () -- C:\ProgramData\mswintmp.dat

[2010/02/17 19:45:01 | 000,194,560 | ---- | M] () -- C:\Windows\System32\sshnas21.dll

[2010/02/15 20:00:10 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mandelbrot Set.job

[2010/02/12 16:27:42 | 000,441,177 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\LAUSD psy ed eval 2 2 2010.pdf

[2010/02/09 13:06:54 | 000,051,720 | ---- | M] () -- C:\Windows\System32\bufetoyo.exe

[2010/02/05 21:04:52 | 000,028,190 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Roaming\nvModes.dat

[2010/02/05 09:25:38 | 000,070,408 | ---- | M] () -- C:\Windows\System32\drivers\pctplsg.sys

[2010/02/02 07:44:34 | 000,099,912 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/02 03:37:07 | 062,717,952 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl

[2010/02/02 03:37:06 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf

[2010/02/02 03:37:06 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

[2010/02/02 03:12:38 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\maletupe

[2010/02/24 15:47:48 | 002,088,080 | ---- | C] () -- C:\Users\Mandelbrot Set\Documents\Windef2.nfo

[2010/02/23 23:18:42 | 030,909,992 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\marymary.exe

[2010/02/23 00:56:32 | 000,000,840 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\Free Window Registry Repair.lnk

[2010/02/23 00:55:48 | 000,798,000 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\RegpairSetup.exe

[2010/02/23 00:09:04 | 000,000,677 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\Fix it - Microsoft ATS.lnk

[2010/02/21 16:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Mandelbrot Set\photo.jpg

[2010/02/21 16:19:58 | 000,003,626 | ---- | C] () -- C:\Users\Mandelbrot Set\photo.jpg.part

[2010/02/20 20:45:13 | 000,000,825 | ---- | C] () -- C:\Windows\lsrslt.ini

[2010/02/20 20:29:06 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml

[2010/02/20 20:29:06 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml

[2010/02/18 20:53:33 | 000,001,670 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\CCleaner.lnk

[2010/02/18 19:08:24 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/18 19:04:06 | 000,070,408 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.sys

[2010/02/18 19:04:06 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat

[2010/02/18 07:46:57 | 000,124,364 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2010/02/18 01:10:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\15724.exe

[2010/02/18 00:50:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\19169.exe

[2010/02/18 00:30:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\26500.exe

[2010/02/18 00:10:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\6334.exe

[2010/02/17 22:33:01 | 000,363,008 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\rkill.com

[2010/02/17 20:49:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe

[2010/02/17 20:41:54 | 000,002,535 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\HiJackThis.lnk

[2010/02/17 20:39:34 | 001,401,344 | ---- | C] () -- C:\Users\Mandelbrot Set\HijackThis.msi

[2010/02/17 20:32:56 | 000,000,000 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\Isarudibotaxar.bin

[2010/02/17 20:32:55 | 000,000,120 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\Yxasiqinicimay.dat

[2010/02/17 20:29:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\helpers32.dll

[2010/02/17 20:29:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ES15.exe

[2010/02/17 20:29:10 | 000,004,278 | ---- | C] () -- C:\Windows\System32\warnings.html

[2010/02/17 19:45:40 | 000,000,008 | ---- | C] () -- C:\ProgramData\mswintmp.dat

[2010/02/17 19:45:01 | 000,194,560 | ---- | C] () -- C:\Windows\System32\sshnas21.dll

[2010/02/12 16:27:41 | 000,441,177 | ---- | C] () -- C:\Users\Mandelbrot Set\Desktop\LAUSD psy ed eval 2 2 2010.pdf

[2010/02/09 13:06:54 | 000,051,720 | ---- | C] () -- C:\Windows\System32\bufetoyo.exe

[2010/02/02 03:29:56 | 062,717,952 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl

[2010/02/02 03:29:56 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf

[2010/02/02 03:29:56 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

[2010/02/01 19:42:09 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf

[2009/03/14 17:58:17 | 000,000,862 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Roaming\wklnhst.dat

[2008/07/13 20:15:26 | 000,039,004 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Roaming\Comma Separated Values (Windows).ADR

[2008/06/30 21:50:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/02/13 22:07:50 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys

[2008/02/09 14:57:33 | 000,035,840 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2008/02/04 16:09:16 | 000,001,356 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\d3d9caps.dat

[2008/01/15 17:01:39 | 000,028,190 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Roaming\nvModes.001

[2008/01/14 09:39:01 | 000,028,190 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Roaming\nvModes.dat

[2008/01/12 21:45:42 | 000,000,000 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\QSwitch.txt

[2008/01/12 21:45:42 | 000,000,000 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\DSwitch.txt

[2008/01/12 21:45:42 | 000,000,000 | ---- | C] () -- C:\Users\Mandelbrot Set\AppData\Local\AtStart.txt

[2007/12/21 05:50:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/11/02 01:21:25 | 000,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AC9C6AC1

< End of report >

[2010/02/24 19:08:44 | 003,145,728 | -HS- | M] () -- C:\Users\Mandelbrot Set\ntuser.dat

[2010/02/24 19:08:27 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Local\Temp

[2010/02/24 19:05:32 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A820D7B-3EA7-4DAD-8EE9-087BE78E5FA2}.job

[2010/02/24 18:54:32 | 000,028,190 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Roaming\nvModes.001

[2010/02/24 18:51:50 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mandelbrot Set\Desktop\OTL.exe

[2010/02/24 15:47:53 | 002,088,080 | ---- | M] () -- C:\Users\Mandelbrot Set\Documents\Windef2.nfo

[2010/02/24 15:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2010/02/24 15:20:17 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/02/24 14:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/02/24 03:20:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/02/24 03:18:08 | 001,550,870 | -H-- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\IconCache.db

[2010/02/24 00:36:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml

[2010/02/24 00:36:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml

[2010/02/24 00:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira

[2010/02/24 00:00:15 | 000,000,000 | ---D | M] -- C:\Program Files\Avira

[2010/02/23 23:37:29 | 000,002,535 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\HiJackThis.lnk

[2010/02/23 23:20:55 | 030,909,992 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\marymary.exe

[2010/02/23 22:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials

[2010/02/23 21:26:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec

[2010/02/23 21:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared

[2010/02/23 20:02:10 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft

[2010/02/23 20:01:31 | 004,493,736 | ---- | M] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\Desktop\notwindows.exe

[2010/02/23 19:55:28 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/02/23 19:45:24 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Mandelbrot Set\Desktop\googoo.exe

[2010/02/23 02:05:02 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Local\Google

[2010/02/23 01:42:32 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\Mozilla

[2010/02/23 01:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/23 01:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair

[2010/02/23 00:56:32 | 000,000,840 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\Free Window Registry Repair.lnk

[2010/02/23 00:55:49 | 000,798,000 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\RegpairSetup.exe

[2010/02/23 00:41:40 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\Uniblue

[2010/02/23 00:24:53 | 000,000,677 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\Fix it - Microsoft ATS.lnk

[2010/02/23 00:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ATS

[2010/02/22 22:46:47 | 000,001,356 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\d3d9caps.dat

[2010/02/21 16:21:19 | 000,003,626 | ---- | M] () -- C:\Users\Mandelbrot Set\photo.jpg.part

[2010/02/21 16:20:11 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\photo.jpg

[2010/02/20 22:59:46 | 000,000,825 | ---- | M] () -- C:\Windows\lsrslt.ini

[2010/02/20 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Local\Microsoft

[2010/02/20 16:03:29 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mandelbrot Set\HJTInstall.exe

[2010/02/19 22:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight

[2010/02/19 22:41:16 | 004,938,120 | ---- | M] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\Silverlight.exe

[2010/02/19 00:47:01 | 000,035,840 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/18 22:36:43 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP

[2010/02/18 21:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor

[2010/02/18 20:53:33 | 000,001,670 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\CCleaner.lnk

[2010/02/18 20:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2010/02/18 20:52:07 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\Mandelbrot Set\ccsetup228.exe

[2010/02/18 19:42:48 | 000,002,627 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\Microsoft Office Word 2007.lnk

[2010/02/18 19:27:26 | 001,044,168 | ---- | M] (Microsoft Corporation) -- C:\Users\Mandelbrot Set\vbrun60sp5.exe

[2010/02/18 19:08:24 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/18 19:04:06 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\PC Tools

[2010/02/18 19:03:58 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\PC Tools

[2010/02/18 19:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Tools

[2010/02/18 19:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2010/02/18 18:32:04 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Users\Mandelbrot Set\Desktop\VundoFix.exe

[2010/02/18 08:44:18 | 000,000,000 | --SD | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\Microsoft

[2010/02/18 07:48:05 | 000,124,364 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2010/02/18 07:38:11 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Mandelbrot Set\gumball.exe.exe

[2010/02/18 02:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\AVG8

[2010/02/18 01:39:48 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\Isarudibotaxar.bin

[2010/02/18 01:33:38 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\U3

[2010/02/17 23:30:04 | 000,004,278 | ---- | M] () -- C:\Windows\System32\warnings.html

[2010/02/17 23:24:28 | 000,000,120 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\Yxasiqinicimay.dat

[2010/02/17 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Roaming\Malwarebytes

[2010/02/17 22:51:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes

[2010/02/17 21:58:48 | 000,363,008 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\rkill.com

[2010/02/17 21:03:23 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mandelbrot Set\explorer.exe.exe

[2010/02/17 21:03:23 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mandelbrot Set\Desktop\explorer.exe.exe

[2010/02/17 20:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro

[2010/02/17 20:39:36 | 001,401,344 | ---- | M] () -- C:\Users\Mandelbrot Set\HijackThis.msi

[2010/02/17 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Local\{65B9E4DC-7266-4851-974A-13F0EADC11E9}

[2010/02/17 19:45:40 | 000,000,008 | ---- | M] () -- C:\ProgramData\mswintmp.dat

[2010/02/15 20:00:10 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mandelbrot Set.job

[2010/02/12 16:27:42 | 000,441,177 | ---- | M] () -- C:\Users\Mandelbrot Set\Desktop\LAUSD psy ed eval 2 2 2010.pdf

[2010/02/11 07:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail

[2010/02/05 21:04:52 | 000,028,190 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Roaming\nvModes.dat

[2010/02/02 07:44:34 | 000,099,912 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/02 04:58:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2010/02/02 04:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2010/02/02 04:33:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help

[2010/02/02 04:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\microsoft shared

[2010/02/02 03:37:07 | 062,717,952 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl

[2010/02/02 03:37:06 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf

[2010/02/02 03:37:06 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

[2010/02/02 03:12:38 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini

[2010/02/01 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Mandelbrot Set\AppData\Local\QuickPlay

[2009/07/16 19:34:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2009/03/15 18:29:28 | 000,000,862 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Roaming\wklnhst.dat

[2008/07/14 09:55:00 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\ProgramData\NortonProtectionMemo.exe

[2008/07/13 20:15:26 | 000,039,004 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Roaming\Comma Separated Values (Windows).ADR

[2008/01/12 21:45:42 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\QSwitch.txt

[2008/01/12 21:45:42 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\DSwitch.txt

[2008/01/12 21:45:42 | 000,000,000 | ---- | M] () -- C:\Users\Mandelbrot Set\AppData\Local\AtStart.txt

[2007/11/02 01:22:32 | 000,000,371 | ---- | M] () -- C:\ProgramData\hpzinstall.log

[2007/11/01 23:40:30 | 000,160,768 | ---- | M] (Sonic Solutions) -- C:\Users\Mandelbrot Set\AppData\Local\idocijezoweqohar.dll

[2007/11/01 23:40:30 | 000,044,544 | ---- | M] (The GLib developer community) -- C:\Users\Mandelbrot Set\AppData\Local\SAPleni.dll

[2006/11/02 04:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 19:15:46 | 003,145,728 | -HS- | M] () -- C:\Users\Mandelbrot Set\ntuser.dat