[RESOLVED] Multiple Infections

Started By drmsucks, Aug 26 2010 09:48 PM

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

25 replies to this topic

#1 drmsucks

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 26 August 2010 - 09:48 PM

Vista Basic SP 1

History: Neighbor kid had a Fake Alert Virus (Security Suite). I ran rkill then portable SAS, found and "cleaned" multiple items (no log). Ran MBAM quick scan, had no internet access at that time so had to use manually downloaded definitions, several days old (MBAM1 below). Fixed internet connection then updated MBAM and ran full scan (MBAM2). Computer was given to me with an out of date Norton AV. I removed Norton and installed Avast!. Ran Boot Scan and Avast! found and "fixed" multiple problems (I don't know how to copy the Avast! logs results :1239:

) Ran a full MS Online Onecare scan - it found one item (unidentified) but couldn't fix it. Ran Kaspersky TDSS Killer - nothing found. Now it's your turn! (Thanks!)

1) Ran TFC

2) MBAM1

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4446

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

8/25/2010 2:09:18 PM
mbam-log-2010-08-25 (14-09-18).txt

Scan type: Quick scan
Objects scanned: 136663
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\jkthompson\AppData\Local\gPDHCDE.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyeyiyetaso (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\irijayisadoqe (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jlcygkof (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\jkthompson\AppData\Local\gPDHCDE.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\jkthompson\AppData\Local\Temp\lhzGgLknPg.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Temp\bYDFGyaWFN.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Temp\0.13434573789175586.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\xvsitomes\evdwgegshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

3) MBAM2

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4479

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

8/25/2010 7:26:02 PM
mbam-log-2010-08-25 (19-26-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 293974
Time elapsed: 1 hour(s), 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\jkthompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C261R1ST\setup[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C261R1ST\setup[2].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKPRSBCZ\setup[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSI0OYV3\setup[1].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Temp\dhvAhLEdTL.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\jkthompson\AppData\Local\Temp\bAWCIrXiaf.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

4) I'm 0 for 2 with GMER. First time, BSOD about 10 min into scan (Stop 0x050 error and referenced: axlyipow.sys). Second time, scan "hung" about 4 hours into it.

5) MBR Check

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Gateway
System Product Name: T3646
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 153):
0x82250000 \SystemRoot\system32\ntkrnlpa.exe
0x8221D000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\PSHED.dll
0x80427000 \SystemRoot\system32\BOOTVID.dll
0x8042F000 \SystemRoot\system32\CLFS.SYS
0x80470000 \SystemRoot\system32\CI.dll
0x80550000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80601000 \SystemRoot\system32\drivers\acpi.sys
0x80647000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80650000 \SystemRoot\system32\drivers\msisadrv.sys
0x80658000 \SystemRoot\system32\drivers\pci.sys
0x8067F000 \SystemRoot\System32\drivers\partmgr.sys
0x8068E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80691000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069B000 \SystemRoot\system32\drivers\volmgr.sys
0x806AA000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F4000 \SystemRoot\system32\drivers\pciide.sys
0x806FB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80709000 \SystemRoot\System32\drivers\mountmgr.sys
0x80719000 \SystemRoot\system32\drivers\atapi.sys
0x80721000 \SystemRoot\system32\drivers\ataport.SYS
0x8073F000 \SystemRoot\system32\drivers\nvstor.sys
0x8074C000 \SystemRoot\system32\drivers\storport.sys
0x8078D000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x807AA000 \SystemRoot\system32\drivers\fltmgr.sys
0x807DC000 \SystemRoot\system32\drivers\fileinfo.sys
0x807EC000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8600C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8607D000 \SystemRoot\system32\drivers\ndis.sys
0x86188000 \SystemRoot\system32\drivers\msrpc.sys
0x861B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x86202000 \SystemRoot\System32\drivers\tcpip.sys
0x862EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8640B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8651A000 \SystemRoot\system32\drivers\volsnap.sys
0x86553000 \SystemRoot\System32\Drivers\spldr.sys
0x8655B000 \SystemRoot\System32\Drivers\mup.sys
0x8656A000 \SystemRoot\System32\drivers\ecache.sys
0x86591000 \SystemRoot\system32\drivers\disk.sys
0x865A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x865C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x86400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86306000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8630F000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8631F000 \SystemRoot\system32\DRIVERS\serial.sys
0x86339000 \SystemRoot\system32\DRIVERS\serenum.sys
0x86343000 \SystemRoot\system32\DRIVERS\parport.sys
0x8635B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8636E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86379000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x86383000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x863C1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A200000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8A24A000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A274000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8A60E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8A6C2000 \SystemRoot\system32\drivers\modem.sys
0x8A6CF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A6E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A6FB000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8A801000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x89E02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x89EA1000 \SystemRoot\System32\drivers\watchdog.sys
0x89EAE000 \SystemRoot\system32\DRIVERS\serscan.sys
0x89EB6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89EE4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89EEF000 \SystemRoot\System32\Drivers\RootMdm.sys
0x89EF7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x89F0E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89F19000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89F3C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89F4B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89F5F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x89F74000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x89F7B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89F8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x89F96000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89F98000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89FA2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89FAF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89FE3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BA09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8A377000 \SystemRoot\system32\drivers\portcls.sys
0x8A3A4000 \SystemRoot\system32\drivers\drmk.sys
0x8BBE7000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x8BBE8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x8BBE9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BBF2000 \SystemRoot\System32\Drivers\Null.SYS
0x8BBF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x89FF4000 \SystemRoot\System32\drivers\vga.sys
0x8AFDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BA00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A7F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A600000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A3C9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A3D7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A3E0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A3F6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x863D0000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BC07000 \SystemRoot\system32\drivers\afd.sys
0x8BC4F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8BC54000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BC86000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BC9C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BCAA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BCBD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BCF9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BD03000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BD1A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x930D0000 \SystemRoot\System32\win32k.sys
0x8BD75000 \SystemRoot\System32\drivers\Dxapi.sys
0x95C04000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
0x95CA9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95CAB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95CBD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95CCC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95CD5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95CE5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95CEC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x932F0000 \SystemRoot\System32\TSDDD.dll
0x93310000 \SystemRoot\System32\cdd.dll
0x95CF4000 \SystemRoot\system32\drivers\luafv.sys
0x95D0F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x95D26000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x95D29000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95D39000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95D63000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95D6D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98202000 \SystemRoot\system32\drivers\spsys.sys
0x982B1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x982D9000 \SystemRoot\system32\drivers\HTTP.sys
0x98346000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98363000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9837C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98391000 \SystemRoot\system32\drivers\mrxdav.sys
0x983B1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95D80000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x983D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x95DB9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8BD7F000 \SystemRoot\System32\DRIVERS\srv.sys
0x983E8000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x983EF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C60D000 \SystemRoot\system32\drivers\peauth.sys
0x9C6EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C6F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C701000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9C709000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C753000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9C760000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9C76A000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x77470000 \Windows\System32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
492 csrss.exe
548 C:\Windows\System32\wininit.exe
556 csrss.exe
600 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\SLsvc.exe
1296 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\svchost.exe
1556 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1780 C:\Windows\System32\dwm.exe
1808 C:\Windows\explorer.exe
2024 C:\Windows\System32\spoolsv.exe
196 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\taskeng.exe
828 C:\Windows\System32\taskeng.exe
468 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1468 C:\Program Files\iWin Games\iWinTrusted.exe
1620 C:\Windows\System32\svchost.exe
1736 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2476 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2560 C:\Windows\System32\SearchIndexer.exe
2644 C:\Windows\System32\drivers\XAudio.exe
3532 C:\Windows\System32\SearchProtocolHost.exe
2260 C:\Windows\System32\rundll32.exe
1092 C:\Windows\System32\rundll32.exe
1008 WmiPrvSE.exe
708 C:\Windows\RtHDVCpl.exe
2408 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
1528 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2500 C:\Program Files\Java\jre6\bin\jusched.exe
2460 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2704 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3108 C:\Windows\System32\wbem\unsecapp.exe
3620 C:\Windows\System32\SearchFilterHost.exe
3780 WmiPrvSE.exe
2304 C:\Windows\System32\SearchProtocolHost.exe
1612 C:\Windows\System32\wuauclt.exe
3504 dllhost.exe
3272 dllhost.exe
1700 C:\Users\jkthompson\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`635c3e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 4.AA

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

6) OTL

OTL logfile created on: 8/26/2010 3:07:33 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jkthompson\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.50 Gb Total Space | 90.31 Gb Free Space | 64.74% Space Free | Partition Type: NTFS
Drive D: | 9.55 Gb Total Space | 4.36 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 5.24 Gb Free Space | 70.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JKTHOMPSON-PC
Current User Name: jkthompson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 11:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/09 14:21:14 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 15:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/13 19:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/04/13 09:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/08/26 11:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
MOD - [2008/01/20 20:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 20:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/07/19 13:55:17 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/09 14:21:14 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/01/20 20:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 15:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/04/13 09:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\obin.sys -- (xyoagul)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 14:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/12/04 13:17:16 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/01/20 20:33:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/01/20 20:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 20:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/12 08:36:00 | 008,238,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/19 18:11:48 | 001,959,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/02 18:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/04/17 22:46:20 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/08 17:55:10 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 17:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 17:53:48 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002/04/11 12:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=T3646
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=T3646
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=T3646
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=T3646
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

[2009/07/22 00:11:13 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Mozilla\Extensions
[2009/07/22 00:11:13 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/07/22 17:43:41 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Mozilla\Firefox\extensions
[2009/07/22 17:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jkthompson\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files\iWin\tbiWi1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{47ff2b68-f34a-11de-acda-0016ce066653}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 12:06:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/26 11:20:05 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\Desktop\for broni
[2010/08/26 11:16:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
[2010/08/26 11:15:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\TFC.exe
[2010/08/26 10:31:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\jkthompson\Desktop\HijackThis.exe
[2010/08/26 10:28:30 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\Documents\Oberon Media
[2010/08/26 08:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/25 19:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/25 16:01:42 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/08/25 15:50:22 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/25 15:50:22 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/25 15:50:22 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/25 15:50:21 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/25 15:50:20 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/25 15:49:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/25 15:49:52 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/25 14:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/25 14:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/25 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Roaming\Malwarebytes
[2010/08/25 13:07:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/25 13:07:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/25 13:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 13:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/25 11:41:56 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/25 11:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/22 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Local\{91F780F4-D207-4802-9010-52310C49ED58}
[2010/08/22 15:47:29 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Local\xvsitomes
[2010/06/26 17:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2007/02/12 15:13:52 | 000,036,864 | ---- | C] (TODO: <Company name>) -- C:\Program Files\Common Files\AXPrint.exe

========== Files - Modified Within 90 Days ==========

[2010/08/26 15:07:25 | 006,029,312 | -HS- | M] () -- C:\Users\jkthompson\ntuser.dat
[2010/08/26 14:53:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/26 14:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/08/26 14:53:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/26 14:53:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 14:53:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 14:53:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 14:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 14:53:30 | 939,057,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 12:06:07 | 218,687,773 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/26 11:23:36 | 000,524,288 | -HS- | M] () -- C:\Users\jkthompson\ntuser.dat{efd8102b-aece-11de-9761-0016ce066653}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 11:23:36 | 000,065,536 | -HS- | M] () -- C:\Users\jkthompson\ntuser.dat{efd8102b-aece-11de-9761-0016ce066653}.TM.blf
[2010/08/26 11:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
[2010/08/26 11:16:37 | 000,080,384 | ---- | M] () -- C:\Users\jkthompson\Desktop\MBRCheck.exe
[2010/08/26 11:16:01 | 000,293,376 | ---- | M] () -- C:\Users\jkthompson\Desktop\z54p7rqh.exe
[2010/08/26 11:15:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\TFC.exe
[2010/08/26 10:31:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\jkthompson\Desktop\HijackThis.exe
[2010/08/26 08:02:43 | 001,285,841 | -H-- | M] () -- C:\Users\jkthompson\AppData\Local\IconCache.db
[2010/08/25 19:35:36 | 000,000,815 | ---- | M] () -- C:\Users\jkthompson\Desktop\CCleaner.lnk
[2010/08/25 18:03:55 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/25 18:03:55 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/25 18:03:55 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/25 17:18:38 | 000,001,381 | ---- | M] () -- C:\Windows\System32\WLAN.INI
[2010/08/25 15:50:22 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/25 15:50:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/25 13:07:15 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 11:36:49 | 000,002,848 | ---- | M] () -- C:\Users\jkthompson\AppData\Local\Mcubikumi.dat
[2010/08/23 14:25:30 | 000,000,000 | ---- | M] () -- C:\Users\jkthompson\AppData\Local\Rmavuronecekiri.bin
[2010/08/22 15:46:54 | 000,007,052 | ---- | M] () -- C:\Users\jkthompson\AppData\Local\d3d9caps.dat
[2010/08/15 20:36:07 | 000,344,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/08 12:02:16 | 000,000,246 | ---- | M] () -- C:\Users\jkthompson\AppData\Roaming\wklnhst.dat
[2010/07/20 17:39:21 | 000,009,326 | ---- | M] () -- C:\Users\jkthompson\Documents\Busby-Estimated Closing Cost.pdf
[2010/06/28 14:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 14:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/26 17:53:28 | 000,038,400 | ---- | M] () -- C:\Users\jkthompson\Documents\RESUME-KAVON.doc
[2010/06/26 17:30:01 | 000,037,376 | ---- | M] () -- C:\Users\jkthompson\Documents\kavon's resume.doc
[2010/06/25 17:26:08 | 000,539,291 | ---- | M] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Executed Lease.pdf
[2010/06/25 09:33:00 | 000,163,050 | ---- | M] () -- C:\Users\jkthompson\Documents\Between Brokers.pdf
[2010/06/25 09:17:37 | 000,285,860 | ---- | M] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Signed Lease.pdf
[2010/06/24 11:36:05 | 000,251,675 | ---- | M] () -- C:\Users\jkthompson\Documents\8304 Sandlin- Lease.pdf
[2010/06/23 13:28:16 | 000,616,456 | ---- | M] () -- C:\Users\jkthompson\Documents\Yant Credit Report.pdf
[2010/06/23 13:26:46 | 000,213,359 | ---- | M] () -- C:\Users\jkthompson\Documents\Mark Yant Application-8304 Sandlin.pdf
[2010/06/14 19:37:55 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/06/05 19:09:24 | 001,449,928 | ---- | M] () -- C:\Users\jkthompson\Documents\Crawford-Credit Report.pdf
[2010/06/05 19:06:30 | 000,798,637 | ---- | M] () -- C:\Users\jkthompson\Documents\Crawford- Application.pdf
[2010/06/04 18:11:35 | 000,139,267 | ---- | M] () -- C:\Users\jkthompson\Documents\Residential Lease Inventory Condition Form.pdf
[2010/06/04 18:07:34 | 003,747,187 | ---- | M] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek-Executed Lease.pdf
[2010/06/04 18:06:40 | 001,116,214 | ---- | M] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek- Executed Lease Remaining Pages.pdf

========== Files Created - No Company Name ==========

[2010/08/26 12:05:22 | 218,687,773 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/26 11:16:37 | 000,080,384 | ---- | C] () -- C:\Users\jkthompson\Desktop\MBRCheck.exe
[2010/08/26 11:15:59 | 000,293,376 | ---- | C] () -- C:\Users\jkthompson\Desktop\z54p7rqh.exe
[2010/08/25 19:35:36 | 000,000,815 | ---- | C] () -- C:\Users\jkthompson\Desktop\CCleaner.lnk
[2010/08/25 16:02:50 | 000,001,381 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2010/08/25 15:50:22 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/25 13:07:15 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/22 15:50:22 | 000,002,848 | ---- | C] () -- C:\Users\jkthompson\AppData\Local\Mcubikumi.dat
[2010/08/22 15:50:22 | 000,000,000 | ---- | C] () -- C:\Users\jkthompson\AppData\Local\Rmavuronecekiri.bin
[2010/07/20 17:39:21 | 000,009,326 | ---- | C] () -- C:\Users\jkthompson\Documents\Busby-Estimated Closing Cost.pdf
[2010/06/26 17:53:25 | 000,038,400 | ---- | C] () -- C:\Users\jkthompson\Documents\RESUME-KAVON.doc
[2010/06/26 17:29:52 | 000,037,376 | ---- | C] () -- C:\Users\jkthompson\Documents\kavon's resume.doc
[2010/06/25 17:26:05 | 000,539,291 | ---- | C] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Executed Lease.pdf
[2010/06/25 09:33:00 | 000,163,050 | ---- | C] () -- C:\Users\jkthompson\Documents\Between Brokers.pdf
[2010/06/25 09:17:37 | 000,285,860 | ---- | C] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Signed Lease.pdf
[2010/06/24 11:36:00 | 000,251,675 | ---- | C] () -- C:\Users\jkthompson\Documents\8304 Sandlin- Lease.pdf
[2010/06/23 13:28:14 | 000,616,456 | ---- | C] () -- C:\Users\jkthompson\Documents\Yant Credit Report.pdf
[2010/06/23 13:26:46 | 000,213,359 | ---- | C] () -- C:\Users\jkthompson\Documents\Mark Yant Application-8304 Sandlin.pdf
[2010/06/14 19:37:55 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/06/05 19:09:20 | 001,449,928 | ---- | C] () -- C:\Users\jkthompson\Documents\Crawford-Credit Report.pdf
[2010/06/05 19:06:24 | 000,798,637 | ---- | C] () -- C:\Users\jkthompson\Documents\Crawford- Application.pdf
[2010/06/04 18:11:29 | 000,139,267 | ---- | C] () -- C:\Users\jkthompson\Documents\Residential Lease Inventory Condition Form.pdf
[2010/06/04 18:07:29 | 003,747,187 | ---- | C] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek-Executed Lease.pdf
[2010/06/04 18:06:37 | 001,116,214 | ---- | C] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek- Executed Lease Remaining Pages.pdf
[2009/08/26 17:40:41 | 000,000,246 | ---- | C] () -- C:\Users\jkthompson\AppData\Roaming\wklnhst.dat
[2009/08/11 19:04:28 | 000,007,052 | ---- | C] () -- C:\Users\jkthompson\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/07 16:52:35 | 000,015,872 | ---- | C] () -- C:\Users\jkthompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/11 17:47:50 | 002,731,692 | ---- | C] () -- C:\Program Files\Common Files\AEXAM.HLP
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/07/22 23:57:48 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Boolat Games
[2009/07/23 16:48:46 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\CupcakeCafe
[2010/02/20 17:26:38 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\LimeWire
[2009/07/28 21:57:38 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Peace Craft
[2009/07/27 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\PlayFirst
[2009/11/18 19:29:45 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Research In Motion
[2008/06/07 17:23:52 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\SampleView
[2009/08/26 17:40:46 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Template
[2009/12/24 23:13:42 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\WeatherBug
[2010/08/26 11:23:44 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 20:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/04 23:08:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/26 14:53:30 | 939,057,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 14:53:29 | 1406,140,416 | -HS- | M] () -- C:\pagefile.sys
[2010/02/07 15:42:30 | 000,002,328 | ---- | M] () -- C:\Player Loader_log.txt
[2008/02/26 14:26:09 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
[2008/02/26 14:15:45 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/08/25 13:06:11 | 000,000,450 | ---- | M] () -- C:\rkill.log
[2010/08/26 08:28:05 | 000,058,708 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_26.08.2010_08.27.07_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 03:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2007/10/21 23:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/21 23:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP97.DLL
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 06:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 20:34:26 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 20:34:22 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 20:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 20:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 03:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-15 19:07:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\jkthompson\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 349 bytes -> C:\ProgramData\TEMP:B72729D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B0CCE303
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CEFEABF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0FAC520
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB6B9259
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:99B66030
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:22741C1F
< End of report >

OTL Extras

OTL Extras logfile created on: 8/26/2010 3:02:33 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jkthompson\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.50 Gb Total Space | 90.29 Gb Free Space | 64.73% Space Free | Partition Type: NTFS
Drive D: | 9.55 Gb Total Space | 4.36 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 5.24 Gb Free Space | 70.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JKTHOMPSON-PC
Current User Name: jkthompson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32FF807E-0699-442B-A7EC-436B1AB7DFDF}" = rport=139 | protocol=6 | dir=out | app=system |
"{39B20334-0429-4161-9E74-FA317A094827}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F12B37E-6701-41E8-8BB0-E86132FDCCBD}" = lport=139 | protocol=6 | dir=in | app=system |
"{5721F1C0-24F0-4390-9C74-F20E992CA9B0}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B21B72D-0E8D-466C-B3F3-F2C445F6B1B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{8FBBC204-8F1C-4633-8B92-53FE2ABF3210}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AF05203-48CE-4A1C-BB24-FFD3B105F8BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{B0B9C738-6BB0-46A0-873A-5CF4171D5768}" = rport=137 | protocol=17 | dir=out | app=system |
"{C09CDC5A-E533-4AEB-A35F-0A08A7681CE0}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2F845AC-4C91-40DB-9D2D-6DD1B384EE19}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1C6CAC-59D0-4594-8B56-D1AD9FD311C5}" = protocol=6 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{172E4FC7-084A-40CE-85D9-5FC600BB0CAB}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{302AB42E-CF9F-485C-882A-C560C5D1F581}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{4ACDB37A-6C70-4E41-8A94-44D14BC8B5F4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4C4E1D3D-7B74-4225-BB07-4086C5B2AB6F}" = protocol=17 | dir=in | app=c:\users\jkthompson\appdata\local\temp\7zs7e14.tmp\symnrt.exe |
"{4C739685-3E60-49F5-96ED-E13B6711E0FE}" = protocol=6 | dir=in | app=c:\users\jkthompson\appdata\local\temp\7zs7e14.tmp\symnrt.exe |
"{4D69EC1B-3570-448E-BC5E-A05F96687DFE}" = protocol=17 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{6106B019-E8DA-4267-8FC6-28D05A98F82D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{63BB831B-38E7-45E0-8BF6-B4BB899BF698}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BAB55FA-4640-4BF2-84A0-EC51923C0902}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{782D8617-A4F1-4CE1-BD10-0775517D95D7}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{82102304-70B0-4E21-A4C3-F15FDE145A34}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{940F8105-CC72-4905-935B-7D8637E28717}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA04CFD0-8F6C-429A-8851-A1BA00ED28DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ACB73661-633C-4E2B-9C36-EA5EE34EB2A4}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{C27BD774-97E4-4A25-88DF-AAB4F1CE7367}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D81C159D-C46B-4F0A-A41B-566EE72C7662}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{C56CC2B6-6A9F-4E05-ABBC-CB09AA6206F8}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{2EAA1892-2B5B-4D71-B770-881CF69E2FE1}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}" = WeatherBug
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2FCD2B19-B641-4A9D-AF6C-E0962EE38251}" = Real Estate Licensing Tester AutoExam V10.0
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115162883}" = Wedding Dash 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117244230}" = Wedding Dash Ready Aim Love
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"am-ameliescafe" = Amelie's Cafe
"am-jessicascupcakecafe" = Jessica's Cupcake Cafe
"Aquapolis" = Aquapolis (remove only)
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games Client
"BitComet" = BitComet 1.05
"BlackBerry_{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"Burger Shop 2" = Burger Shop 2 (remove only)
"Cake Mania 3" = Cake Mania 3 (remove only)
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Delicious Emily's Taste of Fame" = Delicious Emily's Taste of Fame (remove only)
"DinerTown Detective Agency" = DinerTown Detective Agency (remove only)
"Dream Day Wedding Viva Las Vegas" = Dream Day Wedding Viva Las Vegas (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"GameHouse" = GameHouse
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Jessicas Cupcake Cafe" = Jessicas Cupcake Cafe
"Jessica's Cupcake Cafe" = Jessica's Cupcake Cafe (remove only)
"Jessicas Cupcake Cafe_is1" = Jessicas Cupcake Cafe
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"My Kingdom for the Princess" = My Kingdom for the Princess (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Top Producer Editor_is1" = Top Producer Editor
"Web Games Player Plugin" = Web Games Player Plugin
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2010 10:07:47 PM | Computer Name = jkthompson-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/26/2010 1:52:03 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2010 3:50:00 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2010 4:13:45 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 9:16:24 AM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 9:22:35 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 10:41:45 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/31/2010 1:22:07 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/31/2010 1:32:15 PM | Computer Name = jkthompson-PC | Source = Google Update | ID = 20
Description =

Error - 3/31/2010 1:36:56 PM | Computer Name = jkthompson-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 5/17/2009 1:47:58 PM | Computer Name = jkthompson-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 201
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/26/2010 1:50:58 PM | Computer Name = jkthompson-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/26/2010 1:51:41 PM | Computer Name = jkthompson-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/26/2010 2:05:20 PM | Computer Name = jkthompson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:58:09 AM on 8/26/2010 was unexpected.

Error - 8/26/2010 2:05:48 PM | Computer Name = jkthompson-PC | Source = HTTP | ID = 15016
Description =

Error - 8/26/2010 2:07:02 PM | Computer Name = jkthompson-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/26/2010 2:08:35 PM | Computer Name = jkthompson-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/26/2010 4:53:35 PM | Computer Name = jkthompson-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:52:18 PM on 8/26/2010 was unexpected.

Error - 8/26/2010 4:53:47 PM | Computer Name = jkthompson-PC | Source = HTTP | ID = 15016
Description =

Error - 8/26/2010 4:55:19 PM | Computer Name = jkthompson-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/26/2010 4:55:47 PM | Computer Name = jkthompson-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Thanks for your help!

EDIT: Here's the TDSSKILLER log:

2010/08/26 08:27:07.0607 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/26 08:27:07.0607 ================================================================================
2010/08/26 08:27:07.0607 SystemInfo:
2010/08/26 08:27:07.0607
2010/08/26 08:27:07.0607 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/26 08:27:07.0607 Product type: Workstation
2010/08/26 08:27:07.0607 ComputerName: JKTHOMPSON-PC
2010/08/26 08:27:07.0607 UserName: jkthompson
2010/08/26 08:27:07.0607 Windows directory: C:\Windows
2010/08/26 08:27:07.0607 System windows directory: C:\Windows
2010/08/26 08:27:07.0607 Processor architecture: Intel x86
2010/08/26 08:27:07.0607 Number of processors: 1
2010/08/26 08:27:07.0607 Page size: 0x1000
2010/08/26 08:27:07.0607 Boot type: Normal boot
2010/08/26 08:27:07.0607 ================================================================================
2010/08/26 08:27:21.0569 Initialize success
2010/08/26 08:27:29.0478 ================================================================================
2010/08/26 08:27:29.0478 Scan started
2010/08/26 08:27:29.0478 Mode: Manual;
2010/08/26 08:27:29.0478 ================================================================================
2010/08/26 08:27:30.0133 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/26 08:27:30.0195 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/26 08:27:30.0273 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/26 08:27:30.0305 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/26 08:27:30.0367 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/26 08:27:30.0492 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/26 08:27:30.0585 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/26 08:27:30.0632 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/26 08:27:30.0726 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/26 08:27:30.0788 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/26 08:27:30.0804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/26 08:27:30.0851 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/26 08:27:30.0913 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/26 08:27:30.0975 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/26 08:27:31.0007 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/26 08:27:31.0147 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys
2010/08/26 08:27:31.0209 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys
2010/08/26 08:27:31.0241 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys
2010/08/26 08:27:31.0303 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys
2010/08/26 08:27:31.0350 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys
2010/08/26 08:27:31.0443 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/26 08:27:31.0475 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/08/26 08:27:31.0646 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/26 08:27:31.0724 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/08/26 08:27:31.0802 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/26 08:27:31.0911 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/26 08:27:31.0989 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/26 08:27:32.0052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/26 08:27:32.0114 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/26 08:27:32.0286 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/26 08:27:32.0317 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/26 08:27:32.0348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/26 08:27:32.0379 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/26 08:27:32.0457 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/26 08:27:32.0535 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/26 08:27:32.0629 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\Windows\system32\drivers\Cdr4_xp.sys
2010/08/26 08:27:32.0676 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
2010/08/26 08:27:32.0754 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/26 08:27:32.0816 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/26 08:27:32.0847 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/08/26 08:27:32.0957 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/26 08:27:33.0035 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/26 08:27:33.0097 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/26 08:27:33.0128 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/26 08:27:33.0191 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/26 08:27:33.0284 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/26 08:27:33.0409 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/26 08:27:33.0503 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/26 08:27:33.0565 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/26 08:27:33.0674 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/26 08:27:33.0752 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/26 08:27:33.0815 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/26 08:27:33.0893 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/26 08:27:33.0986 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/26 08:27:34.0064 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/26 08:27:34.0158 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/26 08:27:34.0236 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/26 08:27:34.0283 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/26 08:27:34.0314 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/26 08:27:34.0361 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/26 08:27:34.0423 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/26 08:27:34.0485 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/26 08:27:34.0641 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/26 08:27:34.0719 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/26 08:27:34.0782 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/26 08:27:34.0797 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/26 08:27:34.0891 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/26 08:27:34.0953 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/26 08:27:35.0031 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/08/26 08:27:35.0141 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/08/26 08:27:35.0219 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2010/08/26 08:27:35.0297 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/26 08:27:35.0421 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/26 08:27:35.0515 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/26 08:27:35.0655 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/26 08:27:35.0780 IntcAzAudAddService (efad2bc74d06c5f53fa64b6dd6dbb459) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/26 08:27:35.0952 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/08/26 08:27:35.0999 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/26 08:27:36.0077 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/26 08:27:36.0233 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/26 08:27:36.0295 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/26 08:27:36.0357 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/26 08:27:36.0420 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/26 08:27:36.0482 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/26 08:27:36.0529 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/26 08:27:36.0591 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/26 08:27:36.0669 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/26 08:27:36.0763 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/26 08:27:36.0857 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/26 08:27:36.0935 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/26 08:27:37.0044 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/26 08:27:37.0075 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/26 08:27:37.0137 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/26 08:27:37.0169 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/26 08:27:37.0247 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/26 08:27:37.0293 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/26 08:27:37.0371 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/26 08:27:37.0434 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/26 08:27:37.0527 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/26 08:27:37.0590 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/26 08:27:37.0652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/26 08:27:37.0715 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/26 08:27:37.0793 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/26 08:27:37.0855 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/26 08:27:37.0917 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/26 08:27:37.0995 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/26 08:27:38.0058 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/26 08:27:38.0120 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/26 08:27:38.0151 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/26 08:27:38.0214 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/26 08:27:38.0245 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/26 08:27:38.0339 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/26 08:27:38.0432 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/26 08:27:38.0541 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/26 08:27:38.0635 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/26 08:27:38.0697 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/26 08:27:38.0760 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/26 08:27:38.0807 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/26 08:27:38.0885 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/26 08:27:38.0931 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/26 08:27:39.0041 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/26 08:27:39.0150 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/08/26 08:27:39.0243 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/26 08:27:39.0306 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/26 08:27:39.0384 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/26 08:27:39.0431 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/26 08:27:39.0477 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/26 08:27:39.0540 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/26 08:27:39.0649 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/26 08:27:39.0711 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/26 08:27:39.0774 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/26 08:27:39.0899 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/26 08:27:40.0008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/26 08:27:40.0070 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/26 08:27:40.0195 NVENETFD (c7859d19648d45ee888666c044ecab23) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/08/26 08:27:40.0507 nvlddmkm (2088f34df31243c79df3e9f6f774a512) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/26 08:27:40.0788 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/26 08:27:40.0850 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/26 08:27:40.0959 nvstor32 (a1ce1a6fd74c046f029448fcfa5e386d) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/08/26 08:27:41.0037 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/26 08:27:41.0162 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/26 08:27:41.0287 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/08/26 08:27:41.0349 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/26 08:27:41.0396 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/26 08:27:41.0490 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/26 08:27:41.0552 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/08/26 08:27:41.0895 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/26 08:27:42.0254 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/26 08:27:42.0457 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/26 08:27:42.0488 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/26 08:27:42.0629 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/26 08:27:42.0707 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/26 08:27:42.0800 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/26 08:27:42.0894 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/26 08:27:42.0956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/26 08:27:43.0081 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/26 08:27:43.0175 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/26 08:27:43.0221 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/26 08:27:43.0299 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/26 08:27:43.0331 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/26 08:27:43.0409 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/26 08:27:43.0471 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/26 08:27:43.0533 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/26 08:27:43.0565 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/26 08:27:43.0627 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/26 08:27:43.0830 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2010/08/26 08:27:43.0877 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/08/26 08:27:43.0955 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/08/26 08:27:44.0048 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/26 08:27:44.0391 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/26 08:27:44.0485 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/26 08:27:44.0579 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/26 08:27:44.0641 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/26 08:27:44.0688 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/08/26 08:27:44.0766 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/26 08:27:44.0859 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/26 08:27:44.0922 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/26 08:27:45.0031 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/26 08:27:45.0109 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/26 08:27:45.0171 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/26 08:27:45.0218 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/26 08:27:45.0296 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/26 08:27:45.0390 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/26 08:27:45.0452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/26 08:27:45.0561 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2010/08/26 08:27:45.0624 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/26 08:27:45.0733 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/26 08:27:45.0842 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/08/26 08:27:45.0905 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/26 08:27:45.0967 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/26 08:27:46.0029 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/26 08:27:46.0092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/26 08:27:46.0232 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/08/26 08:27:46.0357 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/26 08:27:46.0451 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/26 08:27:46.0513 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/26 08:27:46.0560 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/26 08:27:46.0622 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/26 08:27:46.0747 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/26 08:27:46.0856 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/26 08:27:46.0919 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/26 08:27:46.0965 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/26 08:27:47.0028 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/26 08:27:47.0075 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/26 08:27:47.0199 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/26 08:27:47.0277 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/26 08:27:47.0309 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/26 08:27:47.0355 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/26 08:27:47.0402 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/26 08:27:47.0480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/26 08:27:47.0558 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/26 08:27:47.0636 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\Windows\system32\DRIVERS\usbcm.sys
2010/08/26 08:27:47.0714 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/26 08:27:47.0761 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/26 08:27:47.0808 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/26 08:27:47.0901 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/26 08:27:47.0979 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/26 08:27:48.0042 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/26 08:27:48.0135 USB_RNDIS_XP (d173f7b936c8f579bcc4f78da861929c) C:\Windows\system32\DRIVERS\usb8023.sys
2010/08/26 08:27:48.0291 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/26 08:27:48.0369 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/26 08:27:48.0416 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/26 08:27:48.0479 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/26 08:27:48.0510 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/26 08:27:48.0557 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/26 08:27:48.0603 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/26 08:27:48.0666 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/26 08:27:48.0744 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/26 08:27:48.0853 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/26 08:27:48.0915 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/26 08:27:48.0978 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/26 08:27:49.0071 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/26 08:27:49.0165 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/26 08:27:49.0305 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/26 08:27:49.0524 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/26 08:27:49.0649 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/26 08:27:49.0727 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/26 08:27:49.0898 WUSB54GCv3 (2e812881ec96e80eae304877ed90206b) C:\Windows\system32\DRIVERS\WUSB54GCv3.sys
2010/08/26 08:27:50.0007 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/08/26 08:27:50.0163 ================================================================================
2010/08/26 08:27:50.0163 Scan finished
2010/08/26 08:27:50.0163 ================================================================================
2010/08/26 08:28:05.0826 Deinitialize success

If you don't have time to do it right
...when will you have time to do it over?

#2 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 26 August 2010 - 11:05 PM

Thanks for all scans :)

Quote

895.00 Mb Total Physical Memory

This computer needs another 1GB of RAM, or it'll be painfully slow.

======================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#3 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 26 August 2010 - 11:14 PM

It IS painfully slow!!

Running CF, back when done...

If you don't have time to do it right
...when will you have time to do it over?

#4 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 26 August 2010 - 11:23 PM

OK :)

#5 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 26 August 2010 - 11:35 PM

ComboFix 10-08-26.02 - jkthompson 08/26/2010 18:18:27.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.895.350 [GMT -5:00]
Running from: c:\users\jkthompson\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin\tbIWi1.dll
c:\users\jkthompson\AppData\Local\{91F780F4-D207-4802-9010-52310C49ED58}
c:\users\jkthompson\AppData\Local\{91F780F4-D207-4802-9010-52310C49ED58}\chrome.manifest
c:\users\jkthompson\AppData\Local\{91F780F4-D207-4802-9010-52310C49ED58}\chrome\content\_cfg.js
c:\users\jkthompson\AppData\Local\{91F780F4-D207-4802-9010-52310C49ED58}\chrome\content\overlay.xul
c:\users\jkthompson\AppData\Local\{91F780F4-D207-4802-9010-52310C49ED58}\install.rdf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 14:32 . 2010-08-26 14:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-26 01:35 . 2010-08-26 01:35 -------- d-----w- c:\program files\CCleaner
2010-08-25 22:01 . 2010-08-25 22:01 -------- d-----w- C:\Linksys Driver
2010-08-25 21:50 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 21:50 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 21:50 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 21:50 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 21:50 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 21:49 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 21:49 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- c:\program files\Alwil Software
2010-08-25 19:54 . 2010-08-25 19:54 -------- d-----w- c:\users\jkthompson\AppData\Roaming\Malwarebytes
2010-08-25 19:07 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 19:07 . 2010-08-25 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 19:07 . 2010-08-25 19:07 -------- d-----w- c:\programdata\Malwarebytes
2010-08-25 19:07 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 17:41 . 2010-08-25 17:41 -------- d-----w- c:\users\jkthompson\AppData\Roaming\SUPERAntiSpyware.com
2010-08-25 17:41 . 2010-08-25 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-22 21:50 . 2010-08-25 17:36 2848 ----a-w- c:\users\jkthompson\AppData\Local\Mcubikumi.dat
2010-08-22 21:50 . 2010-08-23 20:25 0 ----a-w- c:\users\jkthompson\AppData\Local\Rmavuronecekiri.bin
2010-08-22 21:47 . 2010-08-25 20:09 -------- d-----w- c:\users\jkthompson\AppData\Local\xvsitomes
2010-08-13 17:34 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 17:34 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 17:34 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 17:34 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 23:27 . 2009-07-21 19:56 -------- d-----w- c:\program files\iWin
2010-08-25 23:50 . 2008-02-26 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 20:37 . 2008-02-26 20:16 -------- d-----w- c:\programdata\Symantec
2010-08-25 20:26 . 2008-02-26 20:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 18:10 . 2009-07-21 19:55 -------- d-----w- c:\program files\iWin Games
2010-08-22 21:46 . 2009-08-12 01:04 7052 ----a-w- c:\users\jkthompson\AppData\Local\d3d9caps.dat
2010-08-15 19:07 . 2008-02-26 20:22 -------- d-----w- c:\program files\Microsoft Works
2010-08-15 18:59 . 2008-02-26 20:27 -------- d-----w- c:\programdata\Microsoft Help
2010-08-15 18:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 18:02 . 2009-08-26 23:40 246 ----a-w- c:\users\jkthompson\AppData\Roaming\wklnhst.dat
2010-08-04 21:42 . 2008-07-04 01:04 -------- d-----w- c:\programdata\CanonIJPLM
2010-06-26 06:05 . 2010-08-13 17:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 17:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:18 . 2010-08-13 17:35 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-13 17:35 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-13 17:35 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-13 17:35 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-11 15:31 . 2010-08-13 17:35 274432 ----a-w- c:\windows\system32\schannel.dll
2007-02-12 21:13 . 2007-02-12 21:13 36864 ----a-w- c:\program files\Common Files\AXPrint.exe
2007-02-11 23:47 . 2007-02-11 23:47 2731692 ----a-w- c:\program files\Common Files\AEXAM.HLP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-19 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iyeyiyetaso

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 xyoagul;xyoagul;c:\windows\System32\drivers\obin.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0a7728a191bd;Google Update Service (gupdate1ca0a7728a191bd);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-19 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2009-07-09 78104]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 645120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 02:50]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 02:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3646
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 18:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-26 18:32:22
ComboFix-quarantined-files.txt 2010-08-26 23:32

Pre-Run: 98,580,086,784 bytes free
Post-Run: 98,529,337,344 bytes free

- - End Of File - - A0001FDB1C3DE09F49C4227D260F8A59

If you don't have time to do it right
...when will you have time to do it over?

#6 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 26 August 2010 - 11:46 PM

Uninstall AskBarDis, considered as an adware.

======================================================================

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\jkthompson\AppData\Local\Mcubikumi.dat
c:\users\jkthompson\AppData\Local\Rmavuronecekiri.bin
c:\windows\System32\drivers\obin.sys


Folder::
c:\users\jkthompson\AppData\Local\xvsitomes
c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared


Driver::
xyoagul

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iyeyiyetaso]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

#7 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 27 August 2010 - 12:16 AM

ComboFix 10-08-26.02 - jkthompson 08/26/2010 18:52:57.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.895.268 [GMT -5:00]
Running from: c:\users\jkthompson\Desktop\ComboFix.exe
Command switches used :: c:\users\jkthompson\Desktop\cfscript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\jkthompson\AppData\Local\Mcubikumi.dat"
"c:\users\jkthompson\AppData\Local\Rmavuronecekiri.bin"
"c:\windows\System32\drivers\obin.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
c:\programdata\Symantec
c:\programdata\Symantec\SubEng\platformid.dat
c:\users\jkthompson\AppData\Local\Mcubikumi.dat
c:\users\jkthompson\AppData\Local\Rmavuronecekiri.bin
c:\users\jkthompson\AppData\Local\xvsitomes

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xyoagul

((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-27 00:04 . 2010-08-27 00:08 -------- d-----w- c:\users\jkthompson\AppData\Local\temp
2010-08-27 00:04 . 2010-08-27 00:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-26 14:32 . 2010-08-26 14:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-26 01:35 . 2010-08-26 01:35 -------- d-----w- c:\program files\CCleaner
2010-08-25 22:01 . 2010-08-25 22:01 -------- d-----w- C:\Linksys Driver
2010-08-25 21:50 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 21:50 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 21:50 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 21:50 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 21:50 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 21:49 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 21:49 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 20:33 . 2010-08-25 20:33 -------- d-----w- c:\program files\Alwil Software
2010-08-25 19:54 . 2010-08-25 19:54 -------- d-----w- c:\users\jkthompson\AppData\Roaming\Malwarebytes
2010-08-25 19:07 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 19:07 . 2010-08-25 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 19:07 . 2010-08-25 19:07 -------- d-----w- c:\programdata\Malwarebytes
2010-08-25 19:07 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 17:41 . 2010-08-25 17:41 -------- d-----w- c:\users\jkthompson\AppData\Roaming\SUPERAntiSpyware.com
2010-08-25 17:41 . 2010-08-25 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-13 17:34 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 17:34 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 17:34 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 17:34 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 23:27 . 2009-07-21 19:56 -------- d-----w- c:\program files\iWin
2010-08-25 23:50 . 2008-02-26 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 18:10 . 2009-07-21 19:55 -------- d-----w- c:\program files\iWin Games
2010-08-22 21:46 . 2009-08-12 01:04 7052 ----a-w- c:\users\jkthompson\AppData\Local\d3d9caps.dat
2010-08-15 19:07 . 2008-02-26 20:22 -------- d-----w- c:\program files\Microsoft Works
2010-08-15 18:59 . 2008-02-26 20:27 -------- d-----w- c:\programdata\Microsoft Help
2010-08-15 18:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 18:02 . 2009-08-26 23:40 246 ----a-w- c:\users\jkthompson\AppData\Roaming\wklnhst.dat
2010-08-04 21:42 . 2008-07-04 01:04 -------- d-----w- c:\programdata\CanonIJPLM
2010-06-26 06:05 . 2010-08-13 17:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 17:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:18 . 2010-08-13 17:35 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-13 17:35 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-13 17:35 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-13 17:35 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-11 15:31 . 2010-08-13 17:35 274432 ----a-w- c:\windows\system32\schannel.dll
2007-02-12 21:13 . 2007-02-12 21:13 36864 ----a-w- c:\program files\Common Files\AXPrint.exe
2007-02-11 23:47 . 2007-02-11 23:47 2731692 ----a-w- c:\program files\Common Files\AEXAM.HLP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-19 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca0a7728a191bd;Google Update Service (gupdate1ca0a7728a191bd);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-19 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2009-07-09 78104]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 645120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 02:50]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 02:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3646
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 19:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Completion time: 2010-08-26 19:14:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 00:14
ComboFix2.txt 2010-08-26 23:32

Pre-Run: 98,445,139,968 bytes free
Post-Run: 98,224,140,288 bytes free

- - End Of File - - 579CCBAB9D38CEA697CC8D388B1B1C5A

Gone for about 60 min - thanks!

If you don't have time to do it right
...when will you have time to do it over?

#8 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 August 2010 - 12:26 AM

Looks much better :)

How about?

Quote

Uninstall AskBarDis, considered as an adware.

If you forgot, do before next step.

I'll need fresh log from OTL "Quick scan".

#9 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 27 August 2010 - 01:43 AM

No, I didn't forget - there's a bunch of cr*p on this machine that needs to go bye bye and I was going to do it all at the same time! But, I uninstalled Ask before I ran the log below.

OTL logfile created on: 8/26/2010 8:37:51 PM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jkthompson\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.50 Gb Total Space | 90.37 Gb Free Space | 64.78% Space Free | Partition Type: NTFS
Drive D: | 9.55 Gb Total Space | 4.36 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 5.24 Gb Free Space | 70.28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JKTHOMPSON-PC
Current User Name: jkthompson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 12:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/09 15:21:14 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 16:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/09/06 15:12:46 | 000,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe

========== Modules (SafeList) ==========

MOD - [2010/08/26 12:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
MOD - [2008/01/20 21:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 21:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/07/19 14:55:17 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/09 15:21:14 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 16:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\JKTHOM~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/12/04 14:17:16 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/01/20 21:33:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/12 09:36:00 | 008,238,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/19 19:11:48 | 001,959,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/04/17 23:46:20 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/08 18:55:10 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 18:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 18:53:48 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002/04/11 13:21:38 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=T3646
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009/07/22 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Mozilla\Extensions
[2009/07/22 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/26 19:08:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 19:14:49 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Local\temp
[2010/08/26 19:08:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/26 19:04:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/26 18:50:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/26 18:16:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/26 18:16:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/26 18:16:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/26 18:16:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/26 18:15:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/26 13:06:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/26 12:20:05 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\Desktop\for broni
[2010/08/26 12:16:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
[2010/08/26 12:15:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\TFC.exe
[2010/08/26 11:31:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\jkthompson\Desktop\HijackThis.exe
[2010/08/26 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\Documents\Oberon Media
[2010/08/26 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/25 20:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/25 17:01:42 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/08/25 16:50:22 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/25 16:50:22 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/25 16:50:22 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/25 16:50:21 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/25 16:50:20 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/25 16:49:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/25 16:49:52 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/25 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/25 15:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/25 14:54:59 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Roaming\Malwarebytes
[2010/08/25 14:07:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/25 14:07:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/25 14:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 14:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/25 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\jkthompson\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/25 12:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/26 18:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2007/02/12 16:13:52 | 000,036,864 | ---- | C] (TODO: <Company name>) -- C:\Program Files\Common Files\AXPrint.exe

========== Files - Modified Within 90 Days ==========

[2010/08/26 20:37:57 | 006,029,312 | -HS- | M] () -- C:\Users\jkthompson\ntuser.dat
[2010/08/26 20:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/26 20:28:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 19:12:09 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/26 19:12:09 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/26 19:12:09 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/26 19:08:27 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/26 19:08:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/26 19:06:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/26 19:06:08 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/08/26 19:06:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 19:06:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 19:05:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 19:05:45 | 939,057,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 19:04:57 | 000,524,288 | -HS- | M] () -- C:\Users\jkthompson\ntuser.dat{efd8102b-aece-11de-9761-0016ce066653}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 19:04:57 | 000,065,536 | -HS- | M] () -- C:\Users\jkthompson\ntuser.dat{efd8102b-aece-11de-9761-0016ce066653}.TM.blf
[2010/08/26 18:37:14 | 001,290,231 | -H-- | M] () -- C:\Users\jkthompson\AppData\Local\IconCache.db
[2010/08/26 18:13:14 | 003,828,691 | R--- | M] () -- C:\Users\jkthompson\Desktop\ComboFix.exe
[2010/08/26 13:06:07 | 218,687,773 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/26 12:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\OTL.exe
[2010/08/26 12:16:37 | 000,080,384 | ---- | M] () -- C:\Users\jkthompson\Desktop\MBRCheck.exe
[2010/08/26 12:16:01 | 000,293,376 | ---- | M] () -- C:\Users\jkthompson\Desktop\z54p7rqh.exe
[2010/08/26 12:15:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\jkthompson\Desktop\TFC.exe
[2010/08/26 11:31:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\jkthompson\Desktop\HijackThis.exe
[2010/08/25 20:35:36 | 000,000,815 | ---- | M] () -- C:\Users\jkthompson\Desktop\CCleaner.lnk
[2010/08/25 18:18:38 | 000,001,381 | ---- | M] () -- C:\Windows\System32\WLAN.INI
[2010/08/25 16:50:22 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/25 16:50:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/25 14:07:15 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/22 16:46:54 | 000,007,052 | ---- | M] () -- C:\Users\jkthompson\AppData\Local\d3d9caps.dat
[2010/08/15 21:36:07 | 000,344,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/08 13:02:16 | 000,000,246 | ---- | M] () -- C:\Users\jkthompson\AppData\Roaming\wklnhst.dat
[2010/07/20 18:39:21 | 000,009,326 | ---- | M] () -- C:\Users\jkthompson\Documents\Busby-Estimated Closing Cost.pdf
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 15:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/26 18:53:28 | 000,038,400 | ---- | M] () -- C:\Users\jkthompson\Documents\RESUME-KAVON.doc
[2010/06/26 18:30:01 | 000,037,376 | ---- | M] () -- C:\Users\jkthompson\Documents\kavon's resume.doc
[2010/06/25 18:26:08 | 000,539,291 | ---- | M] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Executed Lease.pdf
[2010/06/25 10:33:00 | 000,163,050 | ---- | M] () -- C:\Users\jkthompson\Documents\Between Brokers.pdf
[2010/06/25 10:17:37 | 000,285,860 | ---- | M] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Signed Lease.pdf
[2010/06/24 12:36:05 | 000,251,675 | ---- | M] () -- C:\Users\jkthompson\Documents\8304 Sandlin- Lease.pdf
[2010/06/23 14:28:16 | 000,616,456 | ---- | M] () -- C:\Users\jkthompson\Documents\Yant Credit Report.pdf
[2010/06/23 14:26:46 | 000,213,359 | ---- | M] () -- C:\Users\jkthompson\Documents\Mark Yant Application-8304 Sandlin.pdf
[2010/06/14 20:37:55 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/06/05 20:09:24 | 001,449,928 | ---- | M] () -- C:\Users\jkthompson\Documents\Crawford-Credit Report.pdf
[2010/06/05 20:06:30 | 000,798,637 | ---- | M] () -- C:\Users\jkthompson\Documents\Crawford- Application.pdf
[2010/06/04 19:11:35 | 000,139,267 | ---- | M] () -- C:\Users\jkthompson\Documents\Residential Lease Inventory Condition Form.pdf
[2010/06/04 19:07:34 | 003,747,187 | ---- | M] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek-Executed Lease.pdf
[2010/06/04 19:06:40 | 001,116,214 | ---- | M] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek- Executed Lease Remaining Pages.pdf

========== Files Created - No Company Name ==========

[2010/08/26 18:16:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/26 18:16:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/26 18:16:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/26 18:16:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/26 18:16:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/26 18:13:03 | 003,828,691 | R--- | C] () -- C:\Users\jkthompson\Desktop\ComboFix.exe
[2010/08/26 13:05:22 | 218,687,773 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/26 12:16:37 | 000,080,384 | ---- | C] () -- C:\Users\jkthompson\Desktop\MBRCheck.exe
[2010/08/26 12:15:59 | 000,293,376 | ---- | C] () -- C:\Users\jkthompson\Desktop\z54p7rqh.exe
[2010/08/25 20:35:36 | 000,000,815 | ---- | C] () -- C:\Users\jkthompson\Desktop\CCleaner.lnk
[2010/08/25 17:02:50 | 000,001,381 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2010/08/25 16:50:22 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/25 14:07:15 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 18:39:21 | 000,009,326 | ---- | C] () -- C:\Users\jkthompson\Documents\Busby-Estimated Closing Cost.pdf
[2010/06/26 18:53:25 | 000,038,400 | ---- | C] () -- C:\Users\jkthompson\Documents\RESUME-KAVON.doc
[2010/06/26 18:29:52 | 000,037,376 | ---- | C] () -- C:\Users\jkthompson\Documents\kavon's resume.doc
[2010/06/25 18:26:05 | 000,539,291 | ---- | C] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Executed Lease.pdf
[2010/06/25 10:33:00 | 000,163,050 | ---- | C] () -- C:\Users\jkthompson\Documents\Between Brokers.pdf
[2010/06/25 10:17:37 | 000,285,860 | ---- | C] () -- C:\Users\jkthompson\Documents\8304 Sandlin-Signed Lease.pdf
[2010/06/24 12:36:00 | 000,251,675 | ---- | C] () -- C:\Users\jkthompson\Documents\8304 Sandlin- Lease.pdf
[2010/06/23 14:28:14 | 000,616,456 | ---- | C] () -- C:\Users\jkthompson\Documents\Yant Credit Report.pdf
[2010/06/23 14:26:46 | 000,213,359 | ---- | C] () -- C:\Users\jkthompson\Documents\Mark Yant Application-8304 Sandlin.pdf
[2010/06/14 20:37:55 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/06/05 20:09:20 | 001,449,928 | ---- | C] () -- C:\Users\jkthompson\Documents\Crawford-Credit Report.pdf
[2010/06/05 20:06:24 | 000,798,637 | ---- | C] () -- C:\Users\jkthompson\Documents\Crawford- Application.pdf
[2010/06/04 19:11:29 | 000,139,267 | ---- | C] () -- C:\Users\jkthompson\Documents\Residential Lease Inventory Condition Form.pdf
[2010/06/04 19:07:29 | 003,747,187 | ---- | C] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek-Executed Lease.pdf
[2010/06/04 19:06:37 | 001,116,214 | ---- | C] () -- C:\Users\jkthompson\Documents\8400 Hickory Creek- Executed Lease Remaining Pages.pdf
[2009/08/26 18:40:41 | 000,000,246 | ---- | C] () -- C:\Users\jkthompson\AppData\Roaming\wklnhst.dat
[2009/08/11 20:04:28 | 000,007,052 | ---- | C] () -- C:\Users\jkthompson\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/07 17:52:35 | 000,015,872 | ---- | C] () -- C:\Users\jkthompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/11 18:47:50 | 002,731,692 | ---- | C] () -- C:\Program Files\Common Files\AEXAM.HLP
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/07/23 00:57:48 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Boolat Games
[2009/07/23 17:48:46 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\CupcakeCafe
[2010/02/20 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\LimeWire
[2009/07/28 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Peace Craft
[2009/07/27 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\PlayFirst
[2009/11/18 20:29:45 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Research In Motion
[2008/06/07 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\SampleView
[2009/08/26 18:40:46 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\Template
[2009/12/25 00:13:42 | 000,000,000 | ---D | M] -- C:\Users\jkthompson\AppData\Roaming\WeatherBug
[2010/08/26 19:05:03 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\jkthompson\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 349 bytes -> C:\ProgramData\TEMP:B72729D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B0CCE303
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CEFEABF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0FAC520
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB6B9259
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:99B66030
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:22741C1F
< End of report >

If you don't have time to do it right
...when will you have time to do it over?

#10 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 August 2010 - 01:59 AM

It doesn't look too bad now :)

Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: Key error. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 76 bytes -> C:\Users\jkthompson\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 349 bytes -> C:\ProgramData\TEMP:B72729D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B0CCE303
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CEFEABF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0FAC520
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB6B9259
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:99B66030
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:22741C1F

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = -


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#11 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 27 August 2010 - 02:08 AM

Be back when Kaspersky is through...

If you don't have time to do it right
...when will you have time to do it over?

#12 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 August 2010 - 02:11 AM

Most likely, you say "Good Night" as well.....LOL

#13 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 27 August 2010 - 03:03 PM

"Good Night!"

"Good Morning!"

Everything looks great (with a couple explanations!)

OTL Log

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\Users\jkthompson\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:B72729D8 deleted successfully.
ADS C:\ProgramData\TEMP:B0CCE303 deleted successfully.
ADS C:\ProgramData\TEMP:2CEFEABF deleted successfully.
ADS C:\ProgramData\TEMP:D3EC24B3 deleted successfully.
ADS C:\ProgramData\TEMP:C0D722EB deleted successfully.
ADS C:\ProgramData\TEMP:439E3411 deleted successfully.
ADS C:\ProgramData\TEMP:B0FAC520 deleted successfully.
ADS C:\ProgramData\TEMP:FA8B212D deleted successfully.
ADS C:\ProgramData\TEMP:CB6B9259 deleted successfully.
ADS C:\ProgramData\TEMP:99B66030 deleted successfully.
ADS C:\ProgramData\TEMP:A1CD17F9 deleted successfully.
ADS C:\ProgramData\TEMP:22741C1F deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jkthompson
->Temp folder emptied: 1719304 bytes
->Temporary Internet Files folder emptied: 13881399 bytes
->Java cache emptied: 7286 bytes
->Google Chrome cache emptied: 16370920 bytes
->Flash cache emptied: 3039 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: jkthompson
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08262010_211758

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Security Check Log

1) For some reason JavaRa did not delete the old Java versions - I deleted them manually.
2) I'll install Vista SP 2 when you tell me it is okay to install programs.
3) I deleted Adobe Reader 8 and will install 9.3.3 when you tell me it is okay to install programs.
4) I updated Flash to latest version.

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 21
Java™ 6 Update 4
Java™ 6 Update 6
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Kaspersky Log

1) This log is clean - F: is my USB flash drive!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 27, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 26, 2010 23:28:11
Records in database: 4163272
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 164620
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:50:18

File name / Threat / Threats count
F:\Utilities\RootkitBuster_2.80.1077\TMRBLog\REALMBR.BIN Infected: Backdoor.Win32.Sinowal.knf 1

Selected area has been scanned.

Machine runs great (for the hardware it has) and I deleted Limewire and Bit Comet and a few silly things that ate up resources (WeatherBug, Weather Channel Live Desktop, Google Desktop, Ask Toolbar, Google Toolbar). If they want it to slow down again, they can add them back!

Let me know what's next...

If you don't have time to do it right
...when will you have time to do it over?

#14 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 August 2010 - 09:33 PM

Good news :)

First priority would be to add another 1GB of RAM.

Now....

1. SP 2 needs to be installed (see below).

2. We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

3. Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

4. OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

5. Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current (including SP2!)

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

13. Please, let me know, how your computer is doing.

#15 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 27 August 2010 - 11:31 PM

First priority would be to add another 1GB of RAM.
**I agree but not my computer - I'll see what they say; mb will handle 2 GB.

Old Java already deleted as is Reader 8. Will install SP2 and Reader 9.3.3 now that we're clean!

Thanks for all of the help!!

If you don't have time to do it right
...when will you have time to do it over?

#16 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 August 2010 - 11:35 PM

Cool beans :)

I'll mark this thread as "Resolved" then :)

Good luck to your friend and smack him couple of times, so he behaves better, when using his computer....hehehehe

#17 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 28 August 2010 - 03:09 PM

This is still Resolved but an interesting followup. Went to install SP2 and it failed, error code: 80073712. Tried a couple things I saw on the web and finally called MS (they have free support for service pack problems). Deepak said that the error meant that there was "severe" file corruption and that I would have to do a re-install of the OS. I said that that was not an option. He then tried with a fresh download of SP2 and no joy.

Two things: First, I was impressed with the quality of the MS rep and the overall system in general - I was talking to the tech in about 10 min. Second, do you have any ideas on the SP2 install. I hate to give this machine back without it installed but I only signed on to get rid of the fake AV and I've already spent WAY more time than that. If you know of anything to try, I'd appreciate it. If this should be posted out of the Malware area, please edit it and move it!

If you don't have time to do it right
...when will you have time to do it over?

#18 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 28 August 2010 - 07:54 PM

Did you try standalone SP2 download, instead of using Windows updates?

#19 drmsucks Re: [RESOLVED] Multiple Infections

$ Supporting Member

581 posts
Joined: May 10, 2009
82 topics
Skin: IP.Board
Local time: 12:11 AM

Zodiac:Aquarius
Gender:Male
Location:McKinney, TX
Interests:Gardening, computers
OS:Windows 7
Country:

Offline

Time Online: 13h 27m 3s

Posted 28 August 2010 - 08:03 PM

Broni, on 28 August 2010 - 07:54 PM, said:

Did you try standalone SP2 download, instead of using Windows updates?

Yep! Also tried after Safe Boot...

If you don't have time to do it right
...when will you have time to do it over?

#20 Broni Re: [RESOLVED] Multiple Infections

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 10:11 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 28 August 2010 - 09:23 PM

Go Start>Run ("Start Search" in Vista/7), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).

It won't give you any info, if it fixed anything (unless you look at its log, but it's not important here).
After running "sfc", restart computer and try SP2 again.

Do you have Vista DVD?