Jump to content

Antimalware doctor will not remove


Recommended Posts

So i keep removing anitmalware doctor but after i restart my computer it's back. Please help here are all my logs i have been dealing with this bug for 3 days now. Thank you for the help and i hope i did this all right sorry if i didn't.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4904

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

10/21/2010 12:38:40 PM

mbam-log-2010-10-21 (12-38-40).txt

Scan type: Quick scan

Objects scanned: 161079

Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-10-21.02) - NTFSx86

Run by Heather at 14:22:55.56 on Thu 10/21/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13

Microsoft

Attach.zip

Link to post
Share on other sites

Hello escobarphotog

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

No problem and you are welcome :D

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/10/18 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Itxu
    [2010/10/18 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Akyfu
    [2010/10/18 15:14:05 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
    [2010/10/18 15:14:03 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
    [2010/10/18 15:12:17 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\522EEE08355A4E824D8C6236F92C8869
    [2010/10/18 15:14:43 | 000,000,182 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\46861.bat

    :Commands
    [resethosts]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

========

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

well some good news looks like the latest updates to MWB finally nipped this thing in he butt. I have restarted 3 times and run 2 clean scans one quick and one full and had nothing pop up. That was after i posted last night but before i got your post this morning, but thank you for all your help ill keep this post bookmarked in case it comes back.

Thank you aging,

Heather

Link to post
Share on other sites

right sorry i meant to post the log but then forgot. Here it is now.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4928

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

10/23/2010 1:39:28 PM

mbam-log-2010-10-23 (13-39-28).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 354161

Time elapsed: 1 hour(s), 59 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

OTL logfile created on: 10/24/2010 9:40:52 AM - Run 2

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Heather\Desktop\Just stuff that i don't want on my desttop\anit virus log stuff

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 51.91 Gb Free Space | 22.29% Space Free | Partition Type: NTFS

Drive D: | 223.11 Gb Total Space | 223.02 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: FROG | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Users\Heather\Desktop\Just stuff that i don't want on my desttop\anit virus log stuff\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)

PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()

PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Windows\AsScrPro.exe (ASUS)

PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)

PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)

PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)

PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe ()

PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\ATK Hotkey\WDC.exe ()

PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Program Files\Synaptics\SynTP\SynAsus.exe (Synaptics, Inc.)

PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()

PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()

PRC - C:\Windows\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe (Cognizance Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Heather\Desktop\Just stuff that i don't want on my desttop\anit virus log stuff\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found

SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()

SRV - (TabletService) -- C:\Windows\System32\Tablet.exe (Wacom Technology, Corp.)

SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll (Cognizance Corporation)

SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (dvd43llh) -- C:\Windows\System32\drivers\dvd43llh.sys (RIF)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090324.023\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090324.023\NAVENG.SYS (Symantec Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090318.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows ® Codename Longhorn DDK provider)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.)

DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.)

DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.)

DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)

DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows ® 2000 DDK provider)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (PDIHWCTL) -- C:\Windows\System32\drivers\pdihwctl.sys (Portrait Displays, Inc.)

DRV - (eyeonedp) -- C:\Windows\System32\drivers\EyeOneDp.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=02-07-2009&tb_mrud=26-05-2010"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.7.0.231

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=TRL2&o=15898&locale=en_US&apn_uid=FC306485-6B52-4191-B7DF-22D57F0B9809&apn_ptnrs=TU&apn_sauid=719F5EB5-4A03-4A59-B105-97E26A81AE87&apn_dtid=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 01:06:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 10:10:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 10:10:50 | 000,000,000 | ---D | M]

[2008/12/24 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions

[2008/12/24 18:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/24 01:26:59 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions

[2010/04/27 20:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/25 21:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2010/04/27 20:09:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2010/08/22 20:08:31 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\foxyproxy@eric.h.jung

[2010/07/24 19:05:36 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\toolbar@ask.com

[2009/07/02 13:43:47 | 000,004,196 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\searchplugins\aim-search.xml

[2010/05/25 21:07:38 | 000,002,343 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\searchplugins\aol-search.xml

[2010/10/24 09:36:50 | 000,002,566 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\searchplugins\askcom.xml

[2010/03/29 21:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/23 10:10:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/03/29 21:24:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/04/05 20:28:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2010/10/23 10:10:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/23 10:10:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/09/25 09:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll

[2009/03/09 05:19:09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/09/25 09:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

[2009/09/25 09:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2009/07/07 14:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 14:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2010/10/23 10:10:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/09/19 13:39:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/09/19 13:39:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/09/19 13:39:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/09/19 13:39:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/09/19 13:39:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/09/19 13:39:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/09/19 13:39:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

[2009/09/25 09:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

[2010/07/17 00:25:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/07/17 00:25:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/07/17 00:25:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/17 00:25:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/07/17 00:25:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/07/17 00:25:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/07/17 00:25:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/04/10 00:51:47 | 000,000,216 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.212.65.127 browser-security.microsoft.com

O1 - Hosts: 91.212.65.127 spywareprotector-2009.com

O1 - Hosts: 91.212.65.127 www.spywareprotector-2009.com

O1 - Hosts: 91.212.65.127 secure.spywareprotector-2009.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Microsoft Pinyin IME Migration] C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Users\Heather\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE File not found

O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)

O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)

O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)

O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)

O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/ac...veX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.mcworld.com/en_US/swf3/npcs/ava...n.Installer.exe (CDFusionActiveXCtl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8764aa46-afa4-11de-86aa-b883736886fe}\Shell - "" = AutoRun

O33 - MountPoints2\{8764aa46-afa4-11de-86aa-b883736886fe}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/18 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Itxu

[2010/10/18 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Akyfu

[2010/10/18 15:14:05 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows

[2010/10/18 15:14:03 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010/10/18 15:12:17 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\522EEE08355A4E824D8C6236F92C8869

[2010/10/12 19:47:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010/10/12 19:47:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2010/10/12 19:46:33 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/10/12 19:46:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2010/10/12 19:46:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2010/10/12 19:46:28 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/10/12 19:46:24 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2010/10/12 19:46:21 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2010/10/12 19:46:07 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/10/12 19:46:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/10/12 19:46:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/10/12 19:46:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/10/12 19:46:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/10/11 09:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite

[2010/10/11 09:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite

[2010/10/03 00:06:44 | 000,018,816 | ---- | C] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys

[2010/10/03 00:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43

[2010/09/28 17:01:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/09/28 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\BlackBerry

[2010/09/27 22:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion

[2010/09/27 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/27 20:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/27 20:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2008/06/03 14:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/10/24 09:35:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/24 09:35:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/24 09:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360209475-3911892368-1850464335-1000UA.job

[2010/10/24 09:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/24 09:33:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/24 09:11:36 | 000,070,207 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/10/24 00:58:48 | 000,070,207 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/10/23 23:50:38 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/10/23 23:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360209475-3911892368-1850464335-1000Core.job

[2010/10/23 11:36:06 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2010/10/23 11:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/23 11:35:13 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/23 11:34:05 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/10/23 02:08:34 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/10/23 02:08:34 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/10/20 23:49:24 | 000,001,356 | ---- | M] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat

[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/10/18 15:14:43 | 000,000,182 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\46861.bat

[2010/10/17 02:03:50 | 000,019,968 | ---- | M] () -- C:\Users\Heather\Documents\spooked shirt.doc

[2010/10/13 05:04:33 | 000,415,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/10/11 21:13:47 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Heather.job

[2010/10/09 17:42:55 | 000,030,208 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/03 00:06:44 | 000,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys

[2010/09/28 16:52:07 | 000,020,480 | ---- | M] () -- C:\Users\Heather\Documents\four little ponys shirt.doc

[2010/09/27 20:20:32 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/10/21 00:11:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/18 15:14:43 | 000,000,182 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\46861.bat

[2010/10/17 02:03:48 | 000,019,968 | ---- | C] () -- C:\Users\Heather\Documents\spooked shirt.doc

[2010/09/28 16:52:05 | 000,020,480 | ---- | C] () -- C:\Users\Heather\Documents\four little ponys shirt.doc

[2010/09/28 15:37:26 | 000,000,077 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\Rim.Desktop.Exception.log

[2010/09/27 22:43:43 | 000,000,801 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

[2010/09/27 20:20:32 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/18 23:46:59 | 000,000,040 | ---- | C] () -- C:\Windows\System32\EAL.INI

[2010/06/18 23:46:43 | 000,000,073 | ---- | C] () -- C:\Windows\PICTURM8.ini

[2010/01/16 01:27:12 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/09/23 16:00:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/04/10 23:31:51 | 000,000,051 | ---- | C] () -- C:\Windows\PirateFish5.ini

[2009/03/01 21:02:18 | 000,012,973 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/02/23 11:51:56 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys

[2009/02/19 16:40:04 | 000,030,208 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/19 02:15:19 | 000,001,356 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat

[2008/12/29 22:05:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/12/24 18:34:46 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2008/07/17 20:15:28 | 000,070,207 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/07/17 20:15:28 | 000,070,207 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/04/14 07:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2007/03/05 23:39:19 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll

[2007/01/03 12:48:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 09:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/04/03 07:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

[1998/05/06 12:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/10/22 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\522EEE08355A4E824D8C6236F92C8869

[2009/07/01 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\acccore

[2010/10/18 16:20:33 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Akyfu

[2010/09/02 17:45:04 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\AnvSoft

[2008/12/26 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Blackberry Desktop

[2010/03/18 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\CoffeeCup Software

[2009/07/29 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Costco Photo Viewer

[2009/04/21 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Costco Photo Viewer US

[2009/06/23 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\EarthCam

[2010/09/02 22:15:25 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\HandBrake

[2009/03/26 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Image Zone Express

[2010/10/18 15:14:52 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Itxu

[2010/06/18 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Leadertech

[2009/02/18 12:07:39 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Opera

[2009/03/01 21:41:04 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Printer Info Cache

[2010/09/28 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Research In Motion

[2009/07/27 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SecondLife

[2008/12/27 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Smith Micro

[2010/07/19 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Trillian

[2010/10/23 11:34:03 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/04/13 21:43:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2007/03/06 03:43:42 | 000,000,019 | ---- | M] () -- C:\CQ21.txt

[2008/07/17 20:46:02 | 000,022,891 | ---- | M] () -- C:\devlist.txt

[2008/07/17 20:45:53 | 000,000,009 | ---- | M] () -- C:\Finish.log

[2010/10/23 11:35:13 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/18 23:56:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/05/25 21:06:26 | 000,000,734 | -H-- | M] () -- C:\IPH.PH

[2008/06/19 06:10:33 | 001,048,576 | RH-- | M] () -- C:\M50V.BIN

[2008/06/30 03:01:35 | 000,000,013 | ---- | M] () -- C:\M50VC_M50VM_VISTA.10

[2010/08/13 23:49:03 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2010/06/18 23:56:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/22 02:40:32 | 000,000,031 | ---- | M] () -- C:\NERO.LOG

[2008/02/01 12:29:55 | 000,000,013 | ---- | M] () -- C:\NIS2008.TXT

[2007/03/15 16:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_Q.TXT

[2010/10/23 11:35:11 | 3533,877,248 | -HS- | M] () -- C:\pagefile.sys

[2008/07/17 07:33:12 | 000,000,105 | ---- | M] () -- C:\Pass.txt

[2008/05/23 02:55:52 | 000,002,035 | ---- | M] () -- C:\Patch.LOG

[2008/04/29 07:30:49 | 000,000,020 | ---- | M] () -- C:\READER_Q.TXT

[2008/06/30 03:01:35 | 000,000,014 | ---- | M] () -- C:\RECOVERY.DAT

[2009/04/07 21:49:41 | 000,001,829 | ---- | M] () -- C:\RHDSetup.log

[2010/10/22 00:14:59 | 000,000,473 | ---- | M] () -- C:\rkill.log

[2008/07/17 20:39:19 | 000,000,159 | ---- | M] () -- C:\setup.log

[2006/05/15 17:22:24 | 000,000,005 | ---- | M] () -- C:\store.log

[2008/07/17 19:47:07 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt

[2008/07/17 19:46:09 | 000,000,098 | ---- | M] () -- C:\SumOS.txt

[2009/08/10 23:13:31 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

[2008/04/16 17:32:52 | 000,000,024 | ---- | M] () -- C:\V541.TXT

< %systemroot%\system32\*.dll /lockedfiles >

[2008/01/20 19:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2008/01/20 19:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2008/01/20 19:24:26 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\eventcls.dll

[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2010/10/03 00:06:44 | 000,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys

[2010/09/06 06:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2010/09/06 06:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2010/09/06 06:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/01/20 19:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

All processes killed

========== OTL ==========

Folder C:\Users\Heather\AppData\Roaming\Itxu\ not found.

Folder C:\Users\Heather\AppData\Roaming\Akyfu\ not found.

Folder C:\Users\Public\Documents\Windows\ not found.

Folder C:\Users\Public\Documents\Server\ not found.

Folder C:\Users\Heather\AppData\Roaming\522EEE08355A4E824D8C6236F92C8869\ not found.

File C:\Users\Heather\AppData\Roaming\46861.bat not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

User: Heather

->Temp folder emptied: 149458 bytes

->Temporary Internet Files folder emptied: 10211107 bytes

->Java cache emptied: 103252296 bytes

->FireFox cache emptied: 31968143 bytes

->Google Chrome cache emptied: 8628343 bytes

->Flash cache emptied: 275834 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 377645826 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 2305984941 bytes

Total Files Cleaned = 2,707.00 mb

OTL by OldTimer - Version 3.2.16.0 log created on 10262010_111352

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\hsperfdata_FROG$\2236 not found!

File\Folder C:\Windows\temp\ib350 not found!

File\Folder C:\Windows\temp\ib351 not found!

File\Folder C:\Windows\temp\ib352 not found!

File\Folder C:\Windows\temp\JETB50B.tmp not found!

File\Folder C:\Windows\temp\TMP000000572017455B70858833 not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

OTL logfile created on: 10/26/2010 4:29:08 PM - Run 3

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Heather\Desktop\Just stuff that i don't want on my desttop\anit virus log stuff

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 69.10 Gb Free Space | 29.67% Space Free | Partition Type: NTFS

Drive D: | 223.11 Gb Total Space | 223.02 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: FROG | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Users\Heather\Desktop\Just stuff that i don't want on my desttop\anit virus log stuff\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)

PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()

PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Windows\AsScrPro.exe (ASUS)

PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)

PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)

PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)

PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe ()

PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\ATK Hotkey\WDC.exe ()

PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Program Files\Synaptics\SynTP\SynAsus.exe (Synaptics, Inc.)

PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()

PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()

PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()

PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()

PRC - C:\Windows\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe (Cognizance Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Heather\Desktop\Just stuff that i don't want on my desttop\anit virus log stuff\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found

SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()

SRV - (TabletService) -- C:\Windows\System32\Tablet.exe (Wacom Technology, Corp.)

SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll (Cognizance Corporation)

SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (dvd43llh) -- C:\Windows\System32\drivers\dvd43llh.sys (RIF)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090324.023\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090324.023\NAVENG.SYS (Symantec Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090318.001\IDSvix86.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows ® Codename Longhorn DDK provider)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.)

DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.)

DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.)

DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)

DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows ® 2000 DDK provider)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (PDIHWCTL) -- C:\Windows\System32\drivers\pdihwctl.sys (Portrait Displays, Inc.)

DRV - (eyeonedp) -- C:\Windows\System32\drivers\EyeOneDp.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=02-07-2009&tb_mrud=26-05-2010"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.4

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.7.0.231

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=TRL2&o=15898&locale=en_US&apn_uid=FC306485-6B52-4191-B7DF-22D57F0B9809&apn_ptnrs=TU&apn_sauid=719F5EB5-4A03-4A59-B105-97E26A81AE87&apn_dtid=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 10:10:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 10:10:50 | 000,000,000 | ---D | M]

[2008/12/24 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions

[2010/10/26 01:24:42 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions

[2010/04/27 20:09:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/25 21:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2010/04/27 20:09:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2010/08/22 20:08:31 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\foxyproxy@eric.h.jung

[2010/07/24 19:05:36 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\extensions\toolbar@ask.com

[2009/07/02 13:43:47 | 000,004,196 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\searchplugins\aim-search.xml

[2010/05/25 21:07:38 | 000,002,343 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\searchplugins\aol-search.xml

[2010/10/26 12:15:33 | 000,002,566 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\365189vi.default\searchplugins\askcom.xml

[2010/03/29 21:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/29 21:24:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/10/26 11:14:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)

O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found

O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)

O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)

O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/ac...veX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.mcworld.com/en_US/swf3/npcs/ava...n.Installer.exe (CDFusionActiveXCtl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8764aa46-afa4-11de-86aa-b883736886fe}\Shell - "" = AutoRun

O33 - MountPoints2\{8764aa46-afa4-11de-86aa-b883736886fe}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 08:05:14 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/12 19:47:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010/10/12 19:47:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2010/10/12 19:46:33 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/10/12 19:46:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2010/10/12 19:46:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2010/10/12 19:46:28 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/10/12 19:46:24 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2010/10/12 19:46:21 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2010/10/12 19:46:07 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/10/12 19:46:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/10/12 19:46:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/10/12 19:46:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/10/12 19:46:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/10/11 09:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite

[2010/10/11 09:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite

[2010/10/03 00:06:44 | 000,018,816 | ---- | C] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys

[2010/10/03 00:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43

[2010/09/28 17:01:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/09/28 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\BlackBerry

[2010/09/27 22:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion

[2010/09/27 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/27 20:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/27 20:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2008/06/03 14:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/10/26 15:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360209475-3911892368-1850464335-1000UA.job

[2010/10/26 15:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/26 15:24:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/26 15:24:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/26 14:18:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/10/26 13:23:06 | 000,070,207 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/10/26 13:23:06 | 000,070,207 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/10/26 13:13:20 | 000,469,194 | ---- | M] () -- C:\Users\Heather\Desktop\STD678-AF0000-00100000-010101.pdf

[2010/10/26 12:44:44 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/10/26 12:44:44 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/10/26 11:51:54 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2010/10/26 11:51:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/26 11:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/26 11:23:50 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/26 11:20:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/10/26 11:14:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2010/10/24 23:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360209475-3911892368-1850464335-1000Core.job

[2010/10/24 22:31:38 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini

[2010/10/20 23:49:24 | 000,001,356 | ---- | M] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat

[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/10/17 02:03:50 | 000,019,968 | ---- | M] () -- C:\Users\Heather\Documents\spooked shirt.doc

[2010/10/13 05:04:33 | 000,415,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/10/11 21:13:47 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Heather.job

[2010/10/09 17:42:55 | 000,030,208 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/03 00:06:44 | 000,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys

[2010/09/28 16:52:07 | 000,020,480 | ---- | M] () -- C:\Users\Heather\Documents\four little ponys shirt.doc

[2010/09/27 20:20:32 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/10/26 12:46:30 | 000,469,194 | ---- | C] () -- C:\Users\Heather\Desktop\STD678-AF0000-00100000-010101.pdf

[2010/10/21 00:11:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/17 02:03:48 | 000,019,968 | ---- | C] () -- C:\Users\Heather\Documents\spooked shirt.doc

[2010/09/28 16:52:05 | 000,020,480 | ---- | C] () -- C:\Users\Heather\Documents\four little ponys shirt.doc

[2010/09/28 15:37:26 | 000,000,077 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\Rim.Desktop.Exception.log

[2010/09/27 22:43:43 | 000,000,801 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

[2010/09/27 20:20:32 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/18 23:46:59 | 000,000,040 | ---- | C] () -- C:\Windows\System32\EAL.INI

[2010/06/18 23:46:43 | 000,000,073 | ---- | C] () -- C:\Windows\PICTURM8.ini

[2010/01/16 01:27:12 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/09/23 16:00:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/04/10 23:31:51 | 000,000,051 | ---- | C] () -- C:\Windows\PirateFish5.ini

[2009/03/01 21:02:18 | 000,012,973 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/02/23 11:51:56 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys

[2009/02/19 16:40:04 | 000,030,208 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/19 02:15:19 | 000,001,356 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat

[2008/12/29 22:05:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/12/24 18:34:46 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2008/07/17 20:15:28 | 000,070,207 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/07/17 20:15:28 | 000,070,207 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/04/14 07:39:33 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2007/03/05 23:39:19 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll

[2007/01/03 12:48:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 09:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/04/03 07:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

[1998/05/06 12:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2009/07/01 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\acccore

[2010/09/02 17:45:04 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\AnvSoft

[2008/12/26 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Blackberry Desktop

[2010/03/18 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\CoffeeCup Software

[2009/07/29 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Costco Photo Viewer

[2009/04/21 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Costco Photo Viewer US

[2009/06/23 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\EarthCam

[2010/09/02 22:15:25 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\HandBrake

[2009/03/26 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Image Zone Express

[2010/06/18 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Leadertech

[2009/02/18 12:07:39 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Opera

[2009/03/01 21:41:04 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Printer Info Cache

[2010/09/28 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Research In Motion

[2009/07/27 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SecondLife

[2008/12/27 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Smith Micro

[2010/07/19 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Trillian

[2010/10/26 11:20:41 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/04/13 21:43:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2007/03/06 03:43:42 | 000,000,019 | ---- | M] () -- C:\CQ21.txt

[2008/07/17 20:46:02 | 000,022,891 | ---- | M] () -- C:\devlist.txt

[2008/07/17 20:45:53 | 000,000,009 | ---- | M] () -- C:\Finish.log

[2010/10/26 11:23:50 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/18 23:56:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/05/25 21:06:26 | 000,000,734 | -H-- | M] () -- C:\IPH.PH

[2008/06/19 06:10:33 | 001,048,576 | RH-- | M] () -- C:\M50V.BIN

[2008/06/30 03:01:35 | 000,000,013 | ---- | M] () -- C:\M50VC_M50VM_VISTA.10

[2010/08/13 23:49:03 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2010/06/18 23:56:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/22 02:40:32 | 000,000,031 | ---- | M] () -- C:\NERO.LOG

[2008/02/01 12:29:55 | 000,000,013 | ---- | M] () -- C:\NIS2008.TXT

[2007/03/15 16:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_Q.TXT

[2010/10/26 11:23:49 | 3533,877,248 | -HS- | M] () -- C:\pagefile.sys

[2008/07/17 07:33:12 | 000,000,105 | ---- | M] () -- C:\Pass.txt

[2008/05/23 02:55:52 | 000,002,035 | ---- | M] () -- C:\Patch.LOG

[2008/04/29 07:30:49 | 000,000,020 | ---- | M] () -- C:\READER_Q.TXT

[2008/06/30 03:01:35 | 000,000,014 | ---- | M] () -- C:\RECOVERY.DAT

[2009/04/07 21:49:41 | 000,001,829 | ---- | M] () -- C:\RHDSetup.log

[2010/10/22 00:14:59 | 000,000,473 | ---- | M] () -- C:\rkill.log

[2008/07/17 20:39:19 | 000,000,159 | ---- | M] () -- C:\setup.log

[2006/05/15 17:22:24 | 000,000,005 | ---- | M] () -- C:\store.log

[2008/07/17 19:47:07 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt

[2008/07/17 19:46:09 | 000,000,098 | ---- | M] () -- C:\SumOS.txt

[2009/08/10 23:13:31 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

[2008/04/16 17:32:52 | 000,000,024 | ---- | M] () -- C:\V541.TXT

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2010/10/03 00:06:44 | 000,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys

[2010/09/06 06:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2010/09/06 06:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2010/09/06 06:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/01/20 19:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Please uninstall this version of adobe reader> Adobe Reader 8.1.2

You can download and install the newest version from here > http://get.adobe.com/reader/

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.