Monitor's Flash @ start up & Random Cursor craziness

Hi.

Can you update MBA-M and run another scan, remove anything that is found and then post up the log please.

Hi.

Can you update MBA-M and run another scan, remove anything that is found and then post up the log please.

Hi!
Thank you for your immediate response. Here is the requested log with the updated rules.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8066

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/2/2011 2:49:32 AM
mbam-log-2011-11-02 (02-49-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 542171
Time elapsed: 2 hour(s), 50 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you.

No worries. Log looks ok.

I see you have more than 1 anti-virus program running. You need to either uninstall one of them, or disable one of them from startup. My preference would be to uninstall McAfee.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

===

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

No worries. Log looks ok.

I see you have more than 1 anti-virus program running. You need to either uninstall one of them, or disable one of them from startup. My preference would be to uninstall McAfee.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

===

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

Thanks again!
Quick question. Might sound stupid, do you mean "Digital Patrol" and "McAfee" as the 2 AV's?
I have noticed "Digital Patrol" is listed as Enabled/Updated - that has been a mystery.
I have searched all drives on my computer (hidden files included) for "Digital Patrol" and "Nicta" and nothing is found?
I don't know where that program is or how/why it shows as running?
It does not show in Windows Add & Remove programs. It also does not show in Revo Uninstaller?
Odd?

In the mean time, I have downloaded OTL and will continue with your instructions.

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool.

• Type Digital Patrol in the dialog box.
• Let it run and after a few minutes, a prompt will appear.
• Click OK to write the results to Notepad and post them here.

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool.

• Type Digital Patrol in the dialog box.
• Let it run and after a few minutes, a prompt will appear.
• Click OK to write the results to Notepad and post them here.

I have tried posting several times and keep getting a blank page.
Thinking there may be a character limit, I broke the OTL.txt into 2 parts.
OTL only gave me the OTL.txt,Registry Scan report, & ESET would not run for me so I chose F-SECURE instead. As requested:
Part 1:
OTL logfile created on: 11/2/2011 3:27:55 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mstihkal333\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.72% Memory free
9.36 Gb Paging File | 8.72 Gb Available in Paging File | 93.18% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 20.33 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 140.33 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive E: | 78.13 Gb Total Space | 34.29 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
Drive F: | 77.49 Gb Total Space | 42.25 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive G: | 57.27 Gb Total Space | 42.21 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive I: | 74.51 Gb Total Space | 12.47 Gb Free Space | 16.73% Space Free | Partition Type: NTFS
Drive K: | 1.91 Gb Total Space | 0.89 Gb Free Space | 46.36% Space Free | Partition Type: FAT

Computer Name: MSTIHKAL333 | User Name: mstihkal333 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\desktop\OTL.exe
PRC - [2011/10/31 03:33:55 | 003,074,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/07/13 14:45:05 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2001/08/17 15:36:16 | 000,165,888 | ---- | M] () -- C:\WINDOWS\system32\hpgt53.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NBService)
SRV - File not found [Disabled | Stopped] -- -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c9a43e39b016c)
SRV - [2011/10/31 03:33:55 | 003,074,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/08/30 11:52:32 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/04/22 00:17:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/19 01:16:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/10 06:37:22 | 000,217,088 | R--- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\Printer Utilities\UsbService.exe -- (UsbService)
SRV - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/27 01:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)

========== Driver Services (SafeList) ==========

DRV - [2011/09/16 00:32:38 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011/08/12 15:32:00 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/04/30 04:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/02/27 01:35:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/04 14:53:33 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/09/07 14:26:52 | 000,028,160 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2010/08/25 13:27:40 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/13 16:34:30 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2010/05/13 16:34:28 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2010/04/16 15:34:10 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/04 09:54:00 | 000,024,576 | ---- | M] (Kyocera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/11/03 16:50:00 | 000,105,984 | ---- | M] (Kyocera Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kcusbser.sys -- (kcusbser)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/17 05:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/11 19:50:56 | 001,670,016 | R--- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\skfilt.SYS -- (skfilt)
DRV - [2007/12/20 02:55:36 | 000,066,432 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vuhub.sys -- (vuhub)
DRV - [2007/07/20 20:29:23 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/07/19 22:42:36 | 000,163,128 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/07/19 22:42:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/07/19 22:42:36 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/03/21 11:10:30 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2006/11/13 20:31:44 | 000,033,408 | R--- | M] (ASUSTeK Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2006/11/05 15:24:16 | 000,457,216 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/05 15:24:09 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2005/01/17 16:09:38 | 000,052,480 | ---- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kwcxbus.sys -- (kwcxbus)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2002/12/10 17:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/06/14 13:49:56 | 000,010,194 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/04/09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 E3 F8 F8 70 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.speedtest.net/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}:0.2.10
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.8
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: texpertension@texperts.com:1.0.11
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
FF - prefs.js..extensions.enabledItems: flvideoreplacer@lovinglinux.megabyet.net:2.1.8
FF - prefs.js..extensions.enabledItems: flvripper@harsha:2.0
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: kempelton-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..splitbrowser.search.loadResultsIn: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/02/27 23:48:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/01 22:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 12:23:59 | 000,000,000 | ---D | M]

[2008/09/18 01:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Extensions
[2011/10/30 22:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions
[2011/07/17 16:12:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/26 01:33:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2010/04/15 13:55:27 | 000,000,000 | ---D | M] (MyWords) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}
[2011/07/11 10:03:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/18 21:29:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/18 13:15:03 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/09/01 23:39:19 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/08/12 01:39:29 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/12 18:19:09 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\DeviceDetection@logitech.com
[2010/07/13 23:48:33 | 000,000,000 | ---D | M] (Kempelton) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\kempelton-fx@arvidaxelsson.se
[2010/11/24 20:19:55 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\researchword@scott
[2011/10/27 15:37:07 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\video.downloader.plugin@ffpimp.com
[2011/09/01 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/01 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/10/30 15:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions
[2010/09/16 09:47:09 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/10/02 17:59:12 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/10/20 09:59:20 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/05/11 06:21:54 | 000,000,000 | ---D | M] (SafeSearch Off) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{3975c680-be94-11dd-ad8b-0800200c9a66}
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}(2)
[2011/09/20 20:33:16 | 000,000,000 | ---D | M] (Clippings) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/07/10 13:44:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/01 14:29:42 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/05/11 06:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/10/30 15:09:05 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/06/28 20:49:45 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\afterthedeadline@afterthedeadline(2).com
[2011/08/10 16:47:08 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\DeviceDetection@logitech.com
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\ietab@ip(2).cn
[2009/08/05 07:50:05 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\linkgopher@oooninja.com
[2010/11/20 16:34:14 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\optimizegoogle@optimizegoogle.com
[2010/10/02 15:17:29 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\researchword@scott
[2011/09/01 14:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/01 14:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/05/11 06:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/03/25 23:54:43 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\allplus.xml
[2011/10/30 22:18:09 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\ixquick.xml
[2009/03/25 04:25:56 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\kedrix-mearch.xml
[2011/07/19 10:28:00 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\s-amazon.xml
[2007/06/01 18:37:07 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\siteadvisor.xml
[2009/04/06 13:57:07 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\surf-canyon.xml
[2009/03/29 19:18:06 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\webster.xml
[2007/06/12 17:11:15 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\whitepagescom.xml
[2011/09/25 20:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/25 20:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{28FAD68E-4001-48D5-B994-68069F7CFB1D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{C0CB8BA3-6C1B-47E8-A6AB-1FAB889562D9}.XPI
[2011/11/01 22:33:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/03 00:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/12 19:45:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/11/27 14:34:40 | 014,957,444 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avcodec-51.dll
[2008/11/27 14:34:44 | 003,889,294 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avformat-52.dll
[2008/11/27 14:34:34 | 000,177,548 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avutil-49.dll
[2009/04/15 14:02:44 | 001,642,496 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libambulant_shwin32.dll
[2009/04/15 14:03:00 | 000,290,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
[2009/04/15 14:03:00 | 000,011,264 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_plugin.dll
[2009/04/15 14:03:00 | 000,462,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_state_xpath.dll
[2009/04/15 14:03:04 | 000,027,136 | ---- | M] (CWI, Amsterdam, The Netherlands) -- C:\Program Files\mozilla firefox\plugins\npambulant.dll
[2011/09/25 20:10:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/07/28 23:39:46 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/05/21 11:52:54 | 000,652,568 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2009/02/09 15:53:36 | 001,892,352 | ---- | M] (Apache Software Foundation) -- C:\Program Files\mozilla firefox\plugins\xerces-c_2_8.dll
[2011/10/12 19:45:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: AmbulantPlayer npapi browser plugin for W3C SMIL 3.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npambulant.dll
CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: AlternaTIFF (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/08/10 03:46:50 | 000,976,089 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 adserver.adbunker.com
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[IE-SpyAd]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 28711 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110815214522.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kgbusa.com ([wahops] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pcpistop.com ([]https in Trusted sites)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6440/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50ED8773-082B-4408-B3CF-77A02EA3D9E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B81983F-3A3C-4D7D-90EF-B15139C274A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C05F44-58E5-4C2F-B0FB-42EE9E827859}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O19 - User stylesheet: User Stylesheet -
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - () - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 01:01:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 03:06:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2011/11/01 21:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
[2011/10/31 12:11:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds (1).scr
[2011/10/17 10:59:19 | 000,000,000 | ---D | C] -- D:\(ALL)_My\MyDocuments\Downloads
[2011/10/16 19:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Application Data\vlc
[2011/10/16 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/10/16 19:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/16 18:36:57 | 000,000,000 | ---D | C] -- C:\xpsp3
[2011/10/14 16:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wacom Tablet
[2011/10/14 16:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/14 16:16:02 | 002,760,704 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl
[2011/10/14 16:16:00 | 000,008,138 | ---- | C] (Wacom Technology Corporation) -- C:\WINDOWS\System32\drivers\PenClass.sys
[2011/10/14 16:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2011/10/14 16:15:42 | 000,679,936 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
[2011/10/14 16:15:42 | 000,102,400 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2011/10/14 16:15:42 | 000,044,544 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\TabHook.dll
[2011/10/13 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Application Data\GlarySoft
[2011/10/13 10:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Glary Utilities
[2011/10/13 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/10/06 10:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Emsisoft Anti-Malware
[2011/10/06 10:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/06 10:04:34 | 000,000,000 | ---D | C] -- D:\(ALL)_My\MyDocuments\Anti-Malware
[2007/12/09 06:13:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2000/07/13 06:43:30 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.dll
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2011/11/01 21:13:58 | 000,026,715 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/11/01 21:13:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 12:11:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Desktop\bzneso4g.exe
[2011/10/31 12:09:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds (1).scr
[2011/10/29 15:42:47 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/10/29 15:42:46 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/10/28 22:48:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/24 15:09:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\DRMSJ4.SDF
[2011/10/24 14:16:36 | 000,524,179 | ---- | M] () -- C:\JournalBackup.jbk
[2011/10/22 19:58:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\dcenhance.INI
[2011/10/19 10:02:10 | 002,248,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 12:25:26 | 000,098,141 | ---- | M] () -- C:\SILENT_RUNNERS_Startup Programs.rar
[2011/10/13 10:43:13 | 000,000,324 | --

Part 2:
========== LOP Check ==========

[2010/03/11 23:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/07/11 11:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Amazon
[2011/04/26 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2011/03/29 08:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avaya
[2008/12/06 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BlackPencil
[2009/05/27 02:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOC427
[2008/07/19 16:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2006/07/22 12:23:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2010/07/09 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CheckPoint
[2011/03/12 09:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cisco
[2009/10/21 01:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
[2007/10/18 08:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FireGlow
[2010/01/08 22:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2007/09/23 01:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Geek Squad
[2007/07/17 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Genimo
[2011/07/04 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2008/04/13 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
[2007/04/14 23:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/10/22 02:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\logs
[2010/08/10 09:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motorola
[2007/02/18 01:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2011/09/16 00:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
[2008/11/16 15:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScreenSeven
[2007/07/19 07:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2007/11/23 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SugarGames
[2010/01/11 01:24:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\System Restore
[2010/03/18 03:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2011/09/27 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2007/02/03 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TreeCardGames
[2006/11/04 02:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2007/05/31 13:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\7Wonders
[2008/12/15 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ACAMPREF
[2010/08/28 02:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\AKVIS LLC
[2008/04/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Alien Skin
[2010/08/22 04:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Antares
[2011/09/18 05:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Audacity
[2011/03/12 09:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Avaya
[2009/11/01 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\avidemux
[2007/06/21 21:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\COWON
[2011/07/11 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\DisplayTune
[2011/03/12 05:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\f-secure
[2010/05/03 01:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Facebook
[2010/09/02 20:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\FireShot
[2007/06/13 23:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Genimo
[2011/10/13 11:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlarySoft
[2007/05/20 06:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlowingWorld
[2008/04/12 18:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Hardcoded Software
[2007/05/21 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Imagenomic
[2011/06/01 00:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ImgBurn
[2011/04/05 00:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\IObit
[2010/06/01 10:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\JPEGsnoop
[2009/11/24 15:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Leadertech
[2008/12/06 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\minuscule
[2009/10/14 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\My Games
[2011/09/15 23:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\NCH Swift Sound
[2010/06/01 12:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\OfficeRecovery
[2008/05/31 02:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\onOne Software
[2007/10/30 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Opera
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\PACE Anti-Piracy
[2011/06/08 03:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\QuickScan
[2011/09/16 00:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Recordpad
[2009/05/31 05:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Reflexive Arcade
[2009/11/30 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Registry Booster
[2009/01/13 02:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ScreenSeven
[2009/06/26 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SolSuite
[2011/06/01 00:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
[2009/10/07 07:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Tapur
[2009/10/14 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\TechSmith
[2008/09/12 04:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
[2007/10/11 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Uniblue
[2008/03/06 07:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Wildfire
[2010/08/18 04:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\WinPatrol
[2011/10/28 12:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\XnView
[2011/10/13 10:43:13 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/05 01:14:34 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/05 01:14:34 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2006/07/17 06:10:00 | 000,001,299 | ---- | M] () -- C:\WINDOWS\Tasks\thisfolder.html
[2010/08/22 00:00:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2004/12/14 14:16:51 | 000,122,880 | ---- | M] (Option^Explicit Software) -- C:\DllCompare.exe

< MD5 for: AGP440.SYS >
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\xpsp3\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0083\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\xpsp3\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 17:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 17:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 17:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/04/20 11:53:51 | 003,932,160 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/04/20 18:38:42 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2009/04/20 11:53:51 | 040,108,032 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/04/20 11:53:51 | 007,864,320 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dzcore.dll:SummaryInformation
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:98781370
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 1548 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:xrEDLYafUZwyViWdUO5lL4
@Alternate Data Stream - 1496 bytes -> C:\Program Files\outlook express:DuEutOLFm0aHwZ5WSZOLwfuHlW
@Alternate Data Stream - 1463 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:6WMMRrzrPfPIeAgX8PL2fs2LGm
@Alternate Data Stream - 1457 bytes -> C:\TEMP:OqPXisjImFyPfIpBW
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8B88761
@Alternate Data Stream - 1431 bytes -> C:\Program Files\Common Files\System:LmzBJXu45ANy2JWqOQw57Hzc
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:spAZls9I1HtjxkVtS8eXeQyN2h
@Alternate Data Stream - 1346 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:mKQZH4LHTDkO77n5RswkjUb
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9931BC8C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >

REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "Digital Patrol" 11/2/2011 8:14:01 AM

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="Digital Patrol"

Scanning Report
Wednesday, November 2, 2011 04:12:18 - 07:27:28
Computer name: MSTIHKAL333
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ E:\ F:\ G:\ I:\
3 malware found
Suspicious:W32/Malware!Gemini (spyware)
System (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_0014F1 (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\DESKTOP\BZNESO4G.EXE (Not cleaned)
Statistics
Scanned:
Files: 134850
System: 4612
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 3
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\TEMP\HSPERFDATA_MSTIHKAL333\3848
C:\TEMP\HSPERFDATA_MSTIHKAL333\2080
Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV
INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL?
XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

Thanks again for your time and help. :)

I'm at work at the moment, but if you could go back and use the Eset online scanner again, but this time tick the box before the scan starts, to remove what malware is found.
I will take another look once I get home.

I'm at work at the moment, but if you could go back and use the Eset online scanner again, but this time tick the box before the scan starts, to remove what malware is found.
I will take another look once I get home.

Hi! Hope you had a good day at work.

I am running the F-Secure scan again to remove the problems found initially. It may take a few hours to complete.

The Digital Patrol issue really has me bugged now.
I recall seeing it for a very long time (possibly years) in Belarc Advisor scans as Active & Running, but never really paid much attention to it.
Now that I know there isn't any reference to it on my computer or in the registry I am paying attention.
I believe this is relative to the issue - found this page [threatexpert.com/report.aspx?md5=4c271e31b79619b4b35b1e42bf968967] buried in a GOOGLE search for "Digital Patrol".
After reading it did 2 more registry searches and this time there were results.
Similar registry keys for "ASProtect" and "MSSOAP.SoapTypeMapperFactory" as follows:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "ASProtect" 11/2/2011 9:14:02 PM

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\ASProtect]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\ASProtect\Data]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\ASProtect\SpecData]

and

; Registry search results for string "MSSOAP.SoapTypeMapperFactory" 11/2/2011 9:52:44 PM

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}\ProgID]
@="MSSOAP.SoapTypeMapperFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}\VersionIndependentProgID]
@="MSSOAP.SoapTypeMapperFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF90A715-925B-11D5-87EA-00B0D0BE6479}\ProgID]
@="MSSOAP.SoapTypeMapperFactory30"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer]
@="MSSOAP.SoapTypeMapperFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory30\Clsid]

Now if I only knew what it all means?

I hope this info is useful.

I will post back after the F-Secure scan has completed.
Thank you!

F-Secure scan results.
It was not able to clean two of the files.

I do know for a fact that the file BZNESO4G.EXE is the GMER file that I downloaded before making this post to run the required Rootkit scan, so I believe that makes it a false positive in this case.
Should I try to clear my Google Chrome cache (ATF doesn't support that yet) to see if that will get rid of the other file?

I will wait to hear back before I proceed.
Good night for now. :zzz: I hope you get some rest too.
Thank you again.

Scanning Report
Thursday, November 3, 2011 21:23:26 - 00:13:30

Computer name: MSTIHKAL333
Scanning type: Scan target for malware, spyware and rootkits
Target: C:\
3 malware found
Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_0014F1 (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\DESKTOP\BZNESO4G.EXE (Not cleaned)

Statistics
Scanned:

Files: 133957
System: 4639
Not scanned: 16

Actions:

Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 2
Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\TEMP\ETILQS_AIRWGQJHFGAAW2S
C:\TEMP\ETILQS_AE4OGS5SGUYZXSX
C:\TEMP\ETILQS_O2VQWI6EG1251CH
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_4
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX

Options
Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

MSSOAP is a legit Microsoft file.

==

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :Files
  C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\DESKTOP\BZNESO4G.EXE
  C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_0014F1
  
  :Commands
  [purity]
  [emptyflash]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Download the zip file I uploaded and unzip it. Double click on the fixme.reg file and add it to the registry.
Reboot PC and run regsearch again.
Post up the log.

Per request, the RunFix log & Regsearch log and OTL log part 1 & 2

All processes killed
========== FILES ==========
File\Folder C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\DESKTOP\BZNESO4G.EXE not found.
C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\f_0014f1 moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 41 bytes

User: gouls

User: knowMore
->Flash cache emptied: 41 bytes

User: LocalService

User: mstihkal333
->Flash cache emptied: 600 bytes

User: NetworkService

User: SafyrMwn
->Flash cache emptied: 348 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: gouls
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: knowMore
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mstihkal333
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 600288 bytes
->Java cache emptied: 58629 bytes
->FireFox cache emptied: 135555851 bytes
->Google Chrome cache emptied: 252583943 bytes
->Apple Safari cache emptied: 27412480 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: SafyrMwn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 26421 bytes
%systemroot%\System32 .tmp files removed: 9300640 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108 bytes
Session Manager Temp folder emptied: 335369944 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 157974936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 38070 bytes

Total Files Cleaned = 876.00 mb

; Registry search results for string "ASProtect" 11/3/2011 12:46:16 PM

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File2"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProtect.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProtect.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"j"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProtect.txt"

part 1:

OTL logfile created on: 11/3/2011 12:15:10 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mstihkal333\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.63% Memory free
9.36 Gb Paging File | 8.77 Gb Available in Paging File | 93.75% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 20.68 Gb Free Space | 26.46% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 140.33 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive E: | 78.13 Gb Total Space | 34.29 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
Drive F: | 77.49 Gb Total Space | 42.25 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive G: | 57.27 Gb Total Space | 42.21 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
Drive I: | 74.51 Gb Total Space | 12.47 Gb Free Space | 16.73% Space Free | Partition Type: NTFS
Drive K: | 1.91 Gb Total Space | 0.89 Gb Free Space | 46.36% Space Free | Partition Type: FAT

Computer Name: MSTIHKAL333 | User Name: mstihkal333 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\desktop\OTL.exe
PRC - [2011/10/31 03:33:55 | 003,074,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2004/07/13 14:45:05 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2001/08/17 15:36:16 | 000,165,888 | ---- | M] () -- C:\WINDOWS\system32\hpgt53.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NBService)
SRV - File not found [Disabled | Stopped] -- -- (hpqddsvc)
SRV - File not found [Disabled | Stopped] -- -- (hpqcxs08)
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c9a43e39b016c)
SRV - [2011/10/31 03:33:55 | 003,074,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/08/30 11:52:32 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/04/22 00:17:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/19 01:16:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/10 06:37:22 | 000,217,088 | R--- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\Printer Utilities\UsbService.exe -- (UsbService)
SRV - [2010/06/30 16:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/04/16 15:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/27 01:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/24 23:23:22 | 000,098,304 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2004/07/13 14:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)

========== Driver Services (SafeList) ==========

DRV - [2011/09/16 00:32:38 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011/08/12 15:32:00 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/04/30 04:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/02/27 01:35:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/02/27 01:35:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/04 14:53:33 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/09/07 14:26:52 | 000,028,160 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2010/08/25 13:27:40 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/13 16:34:30 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2010/05/13 16:34:28 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2010/04/16 15:34:10 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/04 09:54:00 | 000,024,576 | ---- | M] (Kyocera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/11/03 16:50:00 | 000,105,984 | ---- | M] (Kyocera Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kcusbser.sys -- (kcusbser)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/06/17 09:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 09:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/17 05:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/11 19:50:56 | 001,670,016 | R--- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\skfilt.SYS -- (skfilt)
DRV - [2007/12/20 02:55:36 | 000,066,432 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vuhub.sys -- (vuhub)
DRV - [2007/07/20 20:29:23 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/07/19 22:42:36 | 000,163,128 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/07/19 22:42:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/07/19 22:42:36 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/03/21 11:10:30 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2006/11/13 20:31:44 | 000,033,408 | R--- | M] (ASUSTeK Computer Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2006/11/05 15:24:16 | 000,457,216 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/05 15:24:09 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2005/01/17 16:09:38 | 000,052,480 | ---- | M] (MCCI) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\kwcxbus.sys -- (kwcxbus)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2002/12/10 17:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/06/14 13:49:56 | 000,010,194 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/04/09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.eset.com/us/online-scanner
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 E3 F8 F8 70 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.speedtest.net/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}:0.2.10
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.8
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: texpertension@texperts.com:1.0.11
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2
FF - prefs.js..extensions.enabledItems: flvideoreplacer@lovinglinux.megabyet.net:2.1.8
FF - prefs.js..extensions.enabledItems: flvripper@harsha:2.0
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: kempelton-fx@arvidaxelsson.se:3.2.1
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..splitbrowser.search.loadResultsIn: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/02/27 23:48:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/01 22:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 19:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 12:23:59 | 000,000,000 | ---D | M]

[2008/09/18 01:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Extensions
[2011/11/03 11:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions
[2011/07/17 16:12:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/26 01:33:37 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2011/07/11 10:03:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/18 21:29:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/18 13:15:03 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/09/01 23:39:19 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/08/12 01:39:29 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/12 18:19:09 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\DeviceDetection@logitech.com
[2010/07/13 23:48:33 | 000,000,000 | ---D | M] (Kempelton) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\kempelton-fx@arvidaxelsson.se
[2010/11/24 20:19:55 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\researchword@scott
[2011/10/27 15:37:07 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\video.downloader.plugin@ffpimp.com
[2011/09/01 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/01 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/10/30 15:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions
[2010/09/16 09:47:09 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/10/02 17:59:12 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/10/20 09:59:20 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/05/11 06:21:54 | 000,000,000 | ---D | M] (SafeSearch Off) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{3975c680-be94-11dd-ad8b-0800200c9a66}
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}(2)
[2011/09/20 20:33:16 | 000,000,000 | ---D | M] (Clippings) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/07/10 13:44:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/01 14:29:42 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2011/05/11 06:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/10/30 15:09:05 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/06/28 20:49:45 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\afterthedeadline@afterthedeadline(2).com
[2011/08/10 16:47:08 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\DeviceDetection@logitech.com
[2010/06/28 20:45:52 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\ietab@ip(2).cn
[2009/08/05 07:50:05 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\linkgopher@oooninja.com
[2010/11/20 16:34:14 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\optimizegoogle@optimizegoogle.com
[2010/10/02 15:17:29 | 000,000,000 | ---D | M] (Research Word) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\researchword@scott
[2011/09/01 14:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/01 14:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/05/11 06:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/03/25 23:54:43 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\allplus.xml
[2011/11/03 11:50:41 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\ixquick.xml
[2009/03/25 04:25:56 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\kedrix-mearch.xml
[2011/07/19 10:28:00 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\s-amazon.xml
[2007/06/01 18:37:07 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\siteadvisor.xml
[2009/04/06 13:57:07 | 000,001,898 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\surf-canyon.xml
[2009/03/29 19:18:06 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\webster.xml
[2007/06/12 17:11:15 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\searchplugins\whitepagescom.xml
[2011/11/02 04:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/25 20:10:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/02 04:05:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{28FAD68E-4001-48D5-B994-68069F7CFB1D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MSTIHKAL333\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\84940WAR.DEFAULT\EXTENSIONS\{C0CB8BA3-6C1B-47E8-A6AB-1FAB889562D9}.XPI
[2011/11/01 22:33:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/03 00:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/12 19:45:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/11/27 14:34:40 | 014,957,444 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avcodec-51.dll
[2008/11/27 14:34:44 | 003,889,294 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avformat-52.dll
[2008/11/27 14:34:34 | 000,177,548 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\avutil-49.dll
[2009/04/15 14:02:44 | 001,642,496 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libambulant_shwin32.dll
[2009/04/15 14:03:00 | 000,290,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
[2009/04/15 14:03:00 | 000,011,264 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_plugin.dll
[2009/04/15 14:03:00 | 000,462,848 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libamplugin_state_xpath.dll
[2009/04/15 14:03:04 | 000,027,136 | ---- | M] (CWI, Amsterdam, The Netherlands) -- C:\Program Files\mozilla firefox\plugins\npambulant.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/07/28 23:39:46 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/05/21 11:52:54 | 000,652,568 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2009/02/09 15:53:36 | 001,892,352 | ---- | M] (Apache Software Foundation) -- C:\Program Files\mozilla firefox\plugins\xerces-c_2_8.dll
[2011/10/12 19:45:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: AmbulantPlayer npapi browser plugin for W3C SMIL 3.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npambulant.dll
CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: AlternaTIFF (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\mstihkal333\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Documents and Settings\mstihkal333\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/08/10 03:46:50 | 000,976,089 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 adserver.adbunker.com
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[IE-SpyAd]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 28711 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110815214522.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kgbusa.com ([wahops] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pcpistop.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www1.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6440/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50ED8773-082B-4408-B3CF-77A02EA3D9E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B81983F-3A3C-4D7D-90EF-B15139C274A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C05F44-58E5-4C2F-B0FB-42EE9E827859}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O19 - User stylesheet: User Stylesheet -
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - () - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 01:01:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 12:13:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/03 12:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
[2011/11/03 12:01:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/02 08:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Desktop\RegSrch
[2011/11/02 07:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2011/11/02 03:06:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2011/10/31 12:11:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds (1).scr
[2011/10/17 10:59:19 | 000,000,000 | ---D | C] -- D:\(ALL)_My\MyDocuments\Downloads
[2011/10/16 19:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Application Data\vlc
[2011/10/16 19:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/10/16 19:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/16 18:36:57 | 000,000,000 | ---D | C] -- C:\xpsp3
[2011/10/14 16:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wacom Tablet
[2011/10/14 16:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/14 16:16:02 | 002,760,704 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl
[2011/10/14 16:16:00 | 000,008,138 | ---- | C] (Wacom Technology Corporation) -- C:\WINDOWS\System32\drivers\PenClass.sys
[2011/10/14 16:15:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2011/10/14 16:15:42 | 000,679,936 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
[2011/10/14 16:15:42 | 000,102,400 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2011/10/14 16:15:42 | 000,044,544 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\TabHook.dll
[2011/10/13 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mstihkal333\Application Data\GlarySoft
[2011/10/13 10:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Glary Utilities
[2011/10/13 10:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/10/06 10:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Emsisoft Anti-Malware
[2011/10/06 10:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/10/06 10:04:34 | 000,000,000 | ---D | C] -- D:\(ALL)_My\MyDocuments\Anti-Malware
[2007/12/09 06:13:50 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2000/07/13 06:43:30 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.dll

========== Files - Modified Within 30 Days ==========

[2011/11/03 12:04:13 | 000,026,715 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/11/03 12:04:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/03 12:03:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 03:08:47 | 000,283,170 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\census.cache
[2011/11/03 03:08:46 | 000,329,698 | ---- | M] () -- C:\Documents and Settings\mstihkal333\Local Settings\Application Data\ars.cache
[2011/11/02 03:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mstihkal333\Desktop\OTL.exe
[2011/10/31 12:09:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\mstihkal333\Desktop\dds (1).scr
[2011/10/29 15:

part 2:

========== LOP Check ==========

[2010/03/11 23:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/07/11 11:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Amazon
[2011/04/26 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2011/03/29 08:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avaya
[2008/12/06 00:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BlackPencil
[2009/05/27 02:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOC427
[2011/11/02 07:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2008/07/19 16:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2006/07/22 12:23:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2010/07/09 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CheckPoint
[2011/03/12 09:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cisco
[2009/10/21 01:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
[2007/10/18 08:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FireGlow
[2010/01/08 22:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2007/09/23 01:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Geek Squad
[2007/07/17 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Genimo
[2011/07/04 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2008/04/13 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
[2007/04/14 23:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/10/22 02:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\logs
[2010/08/10 09:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motorola
[2007/02/18 01:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2011/09/16 00:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
[2008/11/16 15:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScreenSeven
[2007/07/19 07:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2007/11/23 20:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SugarGames
[2010/01/11 01:24:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\System Restore
[2010/03/18 03:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2011/09/27 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2007/02/03 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TreeCardGames
[2006/11/04 02:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2007/05/31 13:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\7Wonders
[2008/12/15 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ACAMPREF
[2010/08/28 02:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\AKVIS LLC
[2008/04/06 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Alien Skin
[2010/08/22 04:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Antares
[2011/09/18 05:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Audacity
[2011/03/12 09:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Avaya
[2009/11/01 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\avidemux
[2007/06/21 21:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\COWON
[2011/07/11 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\DisplayTune
[2011/03/12 05:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\f-secure
[2010/05/03 01:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Facebook
[2010/09/02 20:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\FireShot
[2007/06/13 23:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Genimo
[2011/10/13 11:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlarySoft
[2007/05/20 06:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\GlowingWorld
[2008/04/12 18:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Hardcoded Software
[2007/05/21 00:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Imagenomic
[2011/06/01 00:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ImgBurn
[2011/04/05 00:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\IObit
[2010/06/01 10:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\JPEGsnoop
[2009/11/24 15:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Leadertech
[2008/12/06 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\minuscule
[2009/10/14 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\My Games
[2011/09/15 23:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\NCH Swift Sound
[2010/06/01 12:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\OfficeRecovery
[2008/05/31 02:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\onOne Software
[2007/10/30 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Opera
[2011/08/17 17:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\PACE Anti-Piracy
[2011/06/08 03:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\QuickScan
[2011/09/16 00:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Recordpad
[2009/05/31 05:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Reflexive Arcade
[2009/11/30 21:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Registry Booster
[2009/01/13 02:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\ScreenSeven
[2009/06/26 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SolSuite
[2011/06/01 00:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
[2009/10/07 07:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Tapur
[2009/10/14 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\TechSmith
[2008/09/12 04:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
[2007/10/11 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Uniblue
[2008/03/06 07:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\Wildfire
[2010/08/18 04:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\WinPatrol
[2011/10/28 12:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mstihkal333\Application Data\XnView
[2011/10/13 10:43:13 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/05 01:14:34 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/09/05 01:14:34 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
[2006/07/17 06:10:00 | 000,001,299 | ---- | M] () -- C:\WINDOWS\Tasks\thisfolder.html
[2010/08/22 00:00:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dzcore.dll:SummaryInformation
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:98781370
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 1548 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:xrEDLYafUZwyViWdUO5lL4
@Alternate Data Stream - 1496 bytes -> C:\Program Files\outlook express:DuEutOLFm0aHwZ5WSZOLwfuHlW
@Alternate Data Stream - 1463 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:6WMMRrzrPfPIeAgX8PL2fs2LGm
@Alternate Data Stream - 1457 bytes -> C:\TEMP:OqPXisjImFyPfIpBW
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8B88761
@Alternate Data Stream - 1431 bytes -> C:\Program Files\Common Files\System:LmzBJXu45ANy2JWqOQw57Hzc
@Alternate Data Stream - 1425 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:spAZls9I1HtjxkVtS8eXeQyN2h
@Alternate Data Stream - 1346 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:mKQZH4LHTDkO77n5RswkjUb
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9931BC8C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8

< End of report >

How are things at the moment?

How are things at the moment?

There seems to be some improvement.
Safe Mode works again & I was able to do a System Restore successfully. That's special!
Thank you!

Unfortunately the monitor flashes as start up are still occurring, and I noticed it happens sometimes at shut down as well?

Digital Patrol still shows as updated and running "real time"?

The cursor issue has not happened again, but then it was infrequent to begin with. That will be a "time will tell" response.

I just want to be absolutely sure there isn't anything lurking that may come back to haunt my banking and shopping experiences. I have ceased doing those activities online until I feel secure again.

Thank you again for your time & consideration.

Lets do this then;

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

I downloaded Combofix to the desktop, pulled the plug on my network cable and "tried" to disable the McAfee protection via it's menu options.
Started Combofix & got a "WARNING" beep & message Digital Patrol & McAfee were both still running and they need to be disabled before clicking OK to prevent possible harm to the machine...that is where it sits, waiting for me to disable the two programs.

I'm ready to uninstall McAfee completely if that's what it takes (not sure how I should do that since Combofix is starting), but as you know the Digital Patrol uncontrollable.

Not sure how to proceed? Luckily I have another machine available to send this message.

Will wait for further instructions before going any further. Thank you!

I imagine your plate is full and you do have a life outside of the web.

I hope I am doing the right thing by not continuing with Combofix.

I will:

• stop CF instead of clicking "OK"
• uninstall all McAfee programs from the computer
• run CF
• post CF log

Will keep fingers crossed that is the correct procedure?

Yes to the above. Probably the best thing you can do with McAfee :D

Yes to the above. Probably the best thing you can do with McAfee :D

Thank you for the feedback.
I recently switched from Avast & Zone Alarm to McAfee because my ISP offers it as a free service.

May I ask which AV & Firewall protection you currently use?
Since I have to install new ones, I prefer using ones that someone with experience can recommend.

Following is the requested current CF log:
(note: I have run CF in the past, last time was 2009)

ComboFix 11-11-04.04 - mstihkal333 11/04/2011 22:47:51.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.901 [GMT -7:00]
Running from: c:\documents and settings\mstihkal333\Desktop\ComboFix.exe
AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\mstihkal333\g2mdlhlpx.exe
c:\documents and settings\mstihkal333\WINDOWS
c:\documents and settings\mstihkal333\WINDOWS\strings
c:\documents and settings\SafyrMwn\WINDOWS
c:\documents and settings\SafyrMwn\WINDOWS\win.ini.txt
c:\windows\go.txt
c:\windows\iun6002.exe
c:\windows\struct~.ini
c:\windows\system\Wmvcore.dll
c:\windows\system32\bootvid.dll.txt
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\h323.tsp.txt
c:\windows\system32\help.chm
c:\windows\system32\NTMARTA.DLL.txt
c:\windows\system32\rsopprov.exe.txt
c:\windows\system32\spool\prtprocs\w32x86\CNMPD7D(2).DLL
c:\windows\system32\Thumbs.db
c:\windows\system32\trkwks.dll.txt
c:\windows\system32\trkwks2.dll.txt
c:\windows\system32\trkwks3.dll.txt
c:\windows\system32\TUKernel.exe.txt
c:\windows\system32\TWAIN_32.DLL.txt
c:\windows\system32\usrvpa.dll.txt
c:\windows\system32\verclsid.exe.txt
c:\windows\system32\wininet(3).dl.txt
c:\windows\system32\wmvcore.dll.txt
c:\windows\system32\wsock32dlb.txt
c:\windows\system32\wsock32dll.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-04 10:20 . 2011-11-04 10:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-03 19:01 . 2011-11-03 19:01 -------- d-----w- C:\_OTL
2011-11-02 14:51 . 2011-11-02 14:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess
2011-10-29 22:42 . 2008-05-02 09:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-10-17 02:39 . 2011-10-17 02:41 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\vlc
2011-10-17 02:38 . 2011-10-17 02:38 -------- d-----w- c:\program files\VideoLAN
2011-10-17 01:36 . 2011-10-17 01:36 -------- d-----w- C:\xpsp3
2011-10-14 23:16 . 2011-10-14 23:16 -------- d-----w- c:\program files\Tablet
2011-10-14 23:16 . 2004-07-14 16:57 2760704 ------w- c:\windows\system32\WacomTablet.cpl
2011-10-14 23:16 . 2001-04-09 20:45 8138 ------w- c:\windows\system32\drivers\PenClass.sys
2011-10-14 23:15 . 2011-10-14 23:16 -------- d-----w- c:\windows\system32\WTablet
2011-10-14 23:15 . 1999-05-07 16:12 15744 ------w- c:\windows\system32\Wintab.dll
2011-10-14 23:15 . 2004-07-13 21:51 679936 ------w- c:\windows\system32\Tablet.exe
2011-10-14 23:15 . 2004-07-13 21:50 102400 ------w- c:\windows\system32\Wintab32.dll
2011-10-14 23:15 . 2004-07-13 21:40 44544 ------w- c:\windows\system32\TabHook.dll
2011-10-13 18:09 . 2011-10-13 18:09 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\GlarySoft
2011-10-13 17:43 . 2011-10-13 17:43 -------- d-----w- c:\program files\Glary Utilities
2011-10-06 17:04 . 2011-11-05 05:35 -------- d-----w- c:\program files\Emsisoft Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 18:31 . 2011-06-13 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 12:06 . 2010-05-03 16:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2009-01-04 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-16 07:32 . 2011-09-16 06:54 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-09-03 10:17 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-08-30 07:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 17:30 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-08-29 18:16 . 2007-03-29 20:40 1880 -c--a-w- c:\windows\AUTOLNCH.REG
2011-08-13 23:47 . 2011-03-19 08:18 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-13 23:47 . 2007-12-09 13:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-13 23:47 . 2011-07-04 18:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2008-11-27 21:34 . 2009-12-13 20:13 14957444 ----a-w- c:\program files\mozilla firefox\plugins\avcodec-51.dll
2008-11-27 21:34 . 2009-12-13 20:13 3889294 ----a-w- c:\program files\mozilla firefox\plugins\avformat-52.dll
2008-11-27 21:34 . 2009-12-13 20:13 177548 ----a-w- c:\program files\mozilla firefox\plugins\avutil-49.dll
2009-04-15 21:02 . 2009-12-13 20:13 1642496 ----a-w- c:\program files\mozilla firefox\plugins\libambulant_shwin32.dll
2009-04-15 21:03 . 2009-12-13 20:13 290816 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
2009-04-15 21:03 . 2009-12-13 20:13 11264 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_plugin.dll
2009-04-15 21:03 . 2009-12-13 20:13 462848 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_state_xpath.dll
2009-02-09 22:53 . 2009-12-13 20:13 1892352 ----a-w- c:\program files\mozilla firefox\plugins\xerces-c_2_8.dll
2011-10-13 02:45 . 2011-05-15 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-24 805392]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 09:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/5/2011 12:54 AM 13496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [10/6/2011 10:04 AM 17904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67656]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.SYS [3/19/2011 1:18 AM 1670016]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [9/15/2011 11:54 PM 49240]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8/13/2011 12:25 AM 66432]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [6/20/2011 12:38 PM 109168]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/6/2011 10:04 AM 51632]
S3 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/6/2011 10:04 AM 3074040]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11/4/2009 9:54 AM 24576]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/19/2011 1:16 AM 79360]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [8/13/2011 4:52 PM 33408]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2010 6:37 AM 38976]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/21/2007 11:10 AM 25773]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/4/2011 2:53 PM 98392]
S3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\DRIVERS\WSUSBDMAN.sys --> c:\windows\system32\DRIVERS\WSUSBDMAN.sys [?]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S4 gupdate1c9a43e39b016c;gupdate1c9a43e39b016c;"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 kcusbser;Kyocera USB Device for Legacy Serial Communication;c:\windows\system32\drivers\kcusbser.sys [11/3/2009 4:50 PM 105984]
S4 kwcxbus;kwcxbus;c:\windows\system32\drivers\kwcxbus.sys [1/19/2007 8:17 PM 52480]
S4 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2011 2:53 PM 64288]
S4 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/4/2011 11:20 AM 12184]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/9/2010 12:58 AM 91456]
S4 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8/13/2011 12:24 AM 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-10-13 16:07]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006Core.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006UA.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-05 01:19]
.
2010-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.eset.com/us/online-scanner
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: kgbusa.com\wahops
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: pcpistop.com
FF - ProfilePath - c:\documents and settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-!SASWinLogon - (no file)
SafeBoot-WebrootSpySweeperService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqddsvc]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll.target"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BEEBE5E-899C-FFB5-7BEB-242B29CD3454}*]
"ladmkjldljfblmdcmdfjcohk"=hex:62,61,65,65,00,f2
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B1915B7C1E689F07E513E6759457E6429A012DC3C094C6BBC414CC47D87C327E20FB0352CD04E28E8EC48FF9D821A6824C406E774EBC7C2D6D8AD59E4EB9005AAE0E8EDCB311A81895AD18CEE270D20F63EB9B5EE1761EF0D32CB1F9BB771BF0AB0178D342D143CC9D8873B68C594AEBF6DCC4E555C83903A395AF1024CA5BD578CFEAD54190F77B5D504B5881765F3FB2B2305A5EBD4E041CA5CF775E500FC28A3BC664CC9801171D487ABD43E45AD455CDD77281E4CFB5147E4BAE9428F714EA481D63D43A0CB2BDF39455264775FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CBA7FD869164D6794A1E7D7D9DA9FA4D608B562067652AEA181137065D5FC2384AE2ECA9CFE1EC192F66D61F365062849D493E3F7781B7E1B2F2AF67247F32B4F42476D29B4C09A2B9D9B9B77B8041570AD532F322F17A6285448A457438A1043927C419957C358024AF3A3311180D4327FCD62FBE3965F3C3737B7FBB8937D01612D4414A09EB404D58A5A9E113754E7DBEA5D52BFB8673DC2D732F7FBB4A29C11CEB96BAA9CEF92BD0AE274BDB98261F82A46E6CFF17F07861DD91AC4E7B01C2A67A8AC76DB4E82A22FA4997F69565F309C079C098B6E68B48EB9E12D7BDEFD5816DC1569CF181EC84BCCAAA57F461980EACA0CC0A27CA3A4C62007B40FE7B0EB8964174C3E179F99434CF6608750378CCC0482B0A7F87052F49DF2BF1A8B1AD70714DA49421D3AA291D680C56175D797126780F75FB47A5A5E094194E68A0FB46502B873CA7B139342E2014EBF398D8D9C6E3A19E105DF8057FC456012AC5E3E900940BC1B8BC142F6AEE1D7AB245EFA635519F99D44332D4D5884300E3CC7D58BC8B47FC92954A66539C3A380C444136E9EB8E4D14F7D6ABDBBB679A0887E7C68248B76C0B24CDED5C7FA576EA82DAB5F0E69091408B7E4BD0E4B92E2E3AADCD0436F44400D9C2A27E08DFCF8677B3D652EAFF7CB5451F273F9E2B6C224E7407F8FBF6BD99EB06FC851B880F71884E7C84CC5A9381EAD0A9A6CD30682254719C53A0ED474D2E43641AA69B316D892EAE1F71676E7D2A4448218278338C44CF88635A04D4A9B882CA93E45CD54C864AEA187C11EC0E380E00FF21A174CE5EE1ABCB772846CEAE2A12FA72465860CAB3C08931E427B477FC336389E8B7EEE9A57F13CB28F3BB7AB0C92400FF9544D0DBFAD7933E92575D57383E4D810DECA312FC70343E56F7F9183AAA8486B3938250E3AD9BC7E1DEDA91B97BBA4B8D3E706C7F28F3B651241B245DE46C20184FC001B6D1BAC501A31168824C18E7D17B9DE68BAA7E3CC020026B22D4124E2DAD09F8198E527102345ABAEEFC258B73736FAFB7BD7BCC27344F5CF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-11-04 22:59:35
ComboFix-quarantined-files.txt 2011-11-05 05:59
.
Pre-Run: 24,116,449,280 bytes free
Post-Run: 24,048,050,176 bytes free
.
- - End Of File - - 521DC367001F4F4FFEBDFE2820810697

Yes to the above. Probably the best thing you can do with McAfee :D

Is this to be expected?
Reboot after running Combofix - Winpatrol gave several popups of programs and services asking if I wanted them to run.
They were labeled as Microsoft services so I answered yes to all but two: infocard.exe & rasauto.dll.
The ones I answered yes to were:
cryptsvc.dll
Alg.exe
qagentrt.dll
netdde.exe
smsvchost.exe
ose.exe
wmpnetwk.exe

Is that ok?

No worries on the above.

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Search Assistant\ACMru\5603]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe . This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Following is the requested new CF log:

ComboFix 11-11-04.04 - mstihkal333 11/07/2011 17:11:05.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1626 [GMT -7:00]
Running from: c:\documents and settings\mstihkal333\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mstihkal333\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-06 01:38 . 2011-11-06 01:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2011-11-06 01:38 . 2011-11-06 01:38 -------- d-----w- c:\program files\COMODO
2011-11-06 01:37 . 2011-11-06 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo Downloader
2011-11-06 01:30 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 01:30 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 01:30 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 01:30 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 01:30 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 01:30 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-06 01:30 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-06 01:30 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-06 01:30 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 01:30 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\program files\AVAST Software
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-11-04 10:20 . 2011-11-04 10:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-03 19:01 . 2011-11-03 19:01 -------- d-----w- C:\_OTL
2011-11-02 14:51 . 2011-11-02 14:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess
2011-10-29 22:42 . 2008-05-02 09:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-10-17 02:39 . 2011-10-17 02:41 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\vlc
2011-10-17 02:38 . 2011-10-17 02:38 -------- d-----w- c:\program files\VideoLAN
2011-10-17 01:36 . 2011-10-17 01:36 -------- d-----w- C:\xpsp3
2011-10-14 23:16 . 2011-10-14 23:16 -------- d-----w- c:\program files\Tablet
2011-10-14 23:16 . 2004-07-14 16:57 2760704 ------w- c:\windows\system32\WacomTablet.cpl
2011-10-14 23:16 . 2001-04-09 20:45 8138 ------w- c:\windows\system32\drivers\PenClass.sys
2011-10-14 23:15 . 2011-10-14 23:16 -------- d-----w- c:\windows\system32\WTablet
2011-10-14 23:15 . 1999-05-07 16:12 15744 ------w- c:\windows\system32\Wintab.dll
2011-10-14 23:15 . 2004-07-13 21:51 679936 ------w- c:\windows\system32\Tablet.exe
2011-10-14 23:15 . 2004-07-13 21:50 102400 ------w- c:\windows\system32\Wintab32.dll
2011-10-14 23:15 . 2004-07-13 21:40 44544 ------w- c:\windows\system32\TabHook.dll
2011-10-13 18:09 . 2011-10-13 18:09 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\GlarySoft
2011-10-13 17:43 . 2011-10-13 17:43 -------- d-----w- c:\program files\Glary Utilities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 18:31 . 2011-06-13 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 01:48 . 2011-10-08 01:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-08 01:48 . 2011-10-08 01:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-08 01:48 . 2011-10-08 01:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-08 01:48 . 2011-10-08 01:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-08 01:47 . 2011-10-08 01:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-08 01:47 . 2011-10-08 01:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 12:06 . 2010-05-03 16:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2009-01-04 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-16 07:32 . 2011-09-16 06:54 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-09-03 10:17 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-08-30 07:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 17:30 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-08-29 18:16 . 2007-03-29 20:40 1880 -c--a-w- c:\windows\AUTOLNCH.REG
2011-08-13 23:47 . 2011-03-19 08:18 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-13 23:47 . 2007-12-09 13:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-13 23:47 . 2011-07-04 18:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2008-11-27 21:34 . 2009-12-13 20:13 14957444 ----a-w- c:\program files\mozilla firefox\plugins\avcodec-51.dll
2008-11-27 21:34 . 2009-12-13 20:13 3889294 ----a-w- c:\program files\mozilla firefox\plugins\avformat-52.dll
2008-11-27 21:34 . 2009-12-13 20:13 177548 ----a-w- c:\program files\mozilla firefox\plugins\avutil-49.dll
2009-04-15 21:02 . 2009-12-13 20:13 1642496 ----a-w- c:\program files\mozilla firefox\plugins\libambulant_shwin32.dll
2009-04-15 21:03 . 2009-12-13 20:13 290816 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
2009-04-15 21:03 . 2009-12-13 20:13 11264 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_plugin.dll
2009-04-15 21:03 . 2009-12-13 20:13 462848 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_state_xpath.dll
2009-02-09 22:53 . 2009-12-13 20:13 1892352 ----a-w- c:\program files\mozilla firefox\plugins\xerces-c_2_8.dll
2011-10-13 02:45 . 2011-05-15 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-05_05.56.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-14 23:16 . 2011-11-05 03:04 26715 c:\windows\system32\tablet.dat
+ 2011-10-14 23:16 . 2011-11-08 00:01 26715 c:\windows\system32\tablet.dat
- 2011-11-03 23:08 . 2011-11-04 20:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-03 23:08 . 2011-11-08 00:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-11 04:06 . 2011-11-08 00:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-11 04:06 . 2011-11-04 20:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-16 10:11 . 2011-11-08 00:03 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-08-16 10:11 . 2011-11-04 20:23 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-11-06 01:43 . 2011-11-08 00:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-11-06 01:39 . 2011-11-06 01:39 8685568 c:\windows\Installer\29feb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-24 805392]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 09:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/5/2011 12:54 AM 13496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [10/6/2011 10:04 AM 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/5/2011 6:30 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2011 6:30 PM 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/7/2011 6:48 PM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/7/2011 6:48 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2011 6:30 PM 20568]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [5/25/2011 8:43 PM 154424]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.SYS [3/19/2011 1:18 AM 1670016]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [9/15/2011 11:54 PM 49240]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8/13/2011 12:25 AM 66432]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [6/20/2011 12:38 PM 109168]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/6/2011 10:04 AM 51632]
S3 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/6/2011 10:04 AM 3074040]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11/4/2009 9:54 AM 24576]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/19/2011 1:16 AM 79360]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [8/13/2011 4:52 PM 33408]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2010 6:37 AM 38976]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/21/2007 11:10 AM 25773]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/4/2011 2:53 PM 98392]
S3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\DRIVERS\WSUSBDMAN.sys --> c:\windows\system32\DRIVERS\WSUSBDMAN.sys [?]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S4 gupdate1c9a43e39b016c;gupdate1c9a43e39b016c;"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 kcusbser;Kyocera USB Device for Legacy Serial Communication;c:\windows\system32\drivers\kcusbser.sys [11/3/2009 4:50 PM 105984]
S4 kwcxbus;kwcxbus;c:\windows\system32\drivers\kwcxbus.sys [1/19/2007 8:17 PM 52480]
S4 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2011 2:53 PM 64288]
S4 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/4/2011 11:20 AM 12184]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/9/2010 12:58 AM 91456]
S4 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8/13/2011 12:24 AM 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-10-13 16:07]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006Core.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006UA.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-05 01:19]
.
2010-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.eset.com/us/online-scanner
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: kgbusa.com\wahops
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: pcpistop.com
FF - ProfilePath - c:\documents and settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\kgb_WFH\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 17:30
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqddsvc]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll.target"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BEEBE5E-899C-FFB5-7BEB-242B29CD3454}*]
"ladmkjldljfblmdcmdfjcohk"=hex:62,61,65,65,00,f2
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B1915B7C1E689F07E513E6759457E6429A012DC3C094C6BBC414CC47D87C327E20FB0352CD04E28E8EC48FF9D821A6824C406E774EBC7C2D6D8AD59E4EB9005AAE0E8EDCB311A81895AD18CEE270D20F63EB9B5EE1761EF0D32CB1F9BB771BF0AB0178D342D143CC9D8873B68C594AEBF6DCC4E555C83903A395AF1024CA5BD578CFEAD54190F77B5D504B5881765F3FB2B2305A5EBD4E041CA5CF775E500FC28A3BC664CC9801171D487ABD43E45AD455CDD77281E4CFB5147E4BAE9428F714EA481D63D43A0CB2BDF39455264775FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CBA7FD869164D6794A1E7D7D9DA9FA4D608B562067652AEA181137065D5FC2384AE2ECA9CFE1EC192F66D61F365062849D493E3F7781B7E1B2F2AF67247F32B4F42476D29B4C09A2B9D9B9B77B8041570AD532F322F17A6285448A457438A1043927C419957C358024AF3A3311180D4327FCD62FBE3965F3C3737B7FBB8937D01612D4414A09EB404D58A5A9E113754E7DBEA5D52BFB8673DC2D732F7FBB4A29C11CEB96BAA9CEF92BD0AE274BDB98261F82A46E6CFF17F07861DD91AC4E7B01C2A67A8AC76DB4E82A22FA4997F69565F309C079C098B6E68B48EB9E12D7BDEFD5816DC1569CF181EC84BCCAAA57F461980EACA0CC0A27CA3A4C62007B40FE7B0EB8964174C3E179F99434CF6608750378CCC0482B0A7F87052F49DF2BF1A8B1AD70714DA49421D3AA291D680C56175D797126780F75FB47A5A5E094194E68A0FB46502B873CA7B139342E2014EBF398D8D9C6E3A19E105DF8057FC456012AC5E3E900940BC1B8BC142F6AEE1D7AB245EFA635519F99D44332D4D5884300E3CC7D58BC8B47FC92954A66539C3A380C444136E9EB8E4D14F7D6ABDBBB679A0887E7C68248B76C0B24CDED5C7FA576EA82DAB5F0E69091408B7E4BD0E4B92E2E3AADCD0436F44400D9C2A27E08DFCF8677B3D652EAFF7CB5451F273F9E2B6C224E7407F8FBF6BD99EB06FC851B880F71884E7C84CC5A9381EAD0A9A6CD30682254719C53A0ED474D2E43641AA69B316D892EAE1F71676E7D2A4448218278338C44CF88635A04D4A9B882CA93E45CD54C864AEA187C11EC0E380E00FF21A174CE5EE1ABCB772846CEAE2A12FA72465860CAB3C08931E427B477FC336389E8B7EEE9A57F13CB28F3BB7AB0C92400FF9544D0DBFAD7933E92575D57383E4D810DECA312FC70343E56F7F9183AAA8486B3938250E3AD9BC7E1DEDA91B97BBA4B8D3E706C7F28F3B651241B245DE46C20184FC001B6D1BAC501A31168824C18E7D17B9DE68BAA7E3CC020026B22D4124E2DAD09F8198E527102345ABAEEFC258B73736FAFB7BD7BCC27344F5CF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'csrss.exe'(584)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-11-07 17:38:13
ComboFix-quarantined-files.txt 2011-11-08 00:38
ComboFix2.txt 2011-11-05 05:59
.
Pre-Run: 23,657,082,880 bytes free
Post-Run: 23,621,701,632 bytes free
.
- - End Of File - - CCF21FEA6D2AE83FE5210163E3D9688D

Can you run the regsearch again and input "Patrol" for it to search out and post back the log.

Any change in the PC?

Can you run the regsearch again and input "Patrol" for it to search out and post back the log.

Any change in the PC?

Unfortunately, in this case, I use WinPatrol. Almost all of the results are from that program.

There is one suspect result though:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ppctl]@="PestPatrol COM Control"

While opening a rar file I received a strange Comodo firewall alert and responded with block:
WinRAR.exe could not be recognized and it is about to modify the contents of C:\WINDOWS\Sti_Trace.log.

I also noticed a new Process in my Task Manager: unsecapp.exe?

As requested the RegSearch for Patrol log:
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "patrol" 11/9/2011 6:33:40 AM

"ProgramItem0220"="[WinPatrol 2008] (0x00000000)"

"ProgramItem0235"="[WinPatrol] (0x00000000)"

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Delay]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Delay\Parameters]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Delay\Shortcuts]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Delay\Time]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Delay\Title]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Disabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Disabled\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Disabled\WinNotify]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Sysfiles]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Sysfiles\Autoexec.bat]

[HKEY_LOCAL_MACHINE\SOFTWARE\BillP Studios\WinPatrol\Sysfiles\Config.sys]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\WinPatrol PLUS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\WinPatrol PLUS]
@="WinPatrol PLUS Info..."

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\WinPatrol PLUS\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\WinPatrol PLUS\command]
@="ˆQB\"C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ppctl]
@="PestPatrol COM Control"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinPatrol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe -expressboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"DisplayName"="WinPatrol 2008"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"InstallLocation"="C:\\Program Files\\BillP Studios\\WinPatrol"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"DisplayIcon"="C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"HelpLink"="http://www.winpatrol.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"URLInfoAbout"="http://www.winpatrol.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"URLUpdateInfo"="http://www.winpatrol.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol]
"Contact"="support@winpatrol.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{007811BF-E310-4285-BFC6-55DB29B3EDDE}]
"InstallLocation"="C:\\Program Files\\BillP Studios\\WinPatrol"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{007811BF-E310-4285-BFC6-55DB29B3EDDE}]
"DisplayName"="WinPatrol"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{007811BF-E310-4285-BFC6-55DB29B3EDDE}]
"URLInfoAbout"="http://www.winpatrol.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{007811BF-E310-4285-BFC6-55DB29B3EDDE}]
"Contact"="support@winpatrol.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{007811BF-E310-4285-BFC6-55DB29B3EDDE}]
"URLUpdateInfo"="http://www.winpatrol.com/cgi-bin/orderplus.pl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{007811BF-E310-4285-BFC6-55DB29B3EDDE}]
"HelpLink"="http://www.winpatrol.com/support.html"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\1]
"Filename"="C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\1]
"DeviceName"="C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\BHO Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\BHO Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\BHO Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\BHO Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\BHO Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Cookie Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Cookie Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Cookie Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Cookie Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Cookie Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\File Type Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\File Type Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\File Type Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\File Type Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\File Type Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Hidden Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Hidden Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Hidden Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Hidden Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Hidden Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Open]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Open\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Open\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Open\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Open\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Services Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Services Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Services Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Services Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Services Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Startup Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Startup Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Startup Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Startup Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Startup Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Task Alert]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Task Alert\.current]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Task Alert\g041720]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Task Alert\g1 0900 ]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\AppEvents\Schemes\Apps\WinPatrol\Task Alert\previo0]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\Detected\ActiveTasks]
"C:\\PROGRAM FILES\\BILLP STUDIOS\\WINPATROL\\WINPATROL.EXE"="08/19/2007 3:15 AM"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\Detected\ActiveTasks]
"C:\\PROGRAM FILES\\BILLP STUDIOS\\WINPATROL\\WINPATROLEX.EXE"="08/19/2007 3:16 AM"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\Detected\Startup]
"C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"="08/19/2007 3:15 AM"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\ActiveX]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Class]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Cookies]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Delay]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Delay\Shortcuts]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Delay\Time]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Delay\Title]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Ext]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\ExtApp]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\ExtProgID]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Hidden]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\HostFile]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\IEHelpers]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Nuts]

"attachments.techguy.org - pA_c[p]"="2"
"WinPatrol PLUS"="2"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Options]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\RegLock]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\RegLock]
"HKEY_CURRENT_USER\\Software\\BillP Studios\\WinPatrol\\Options\\FileTypes"=dword:00000001

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\RegLock]
"HKEY_CURRENT_USER\\Software\\BillP Studios\\WinPatrol\\Class\\exefile"=dword:00000001

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\RegOptions]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\RegOptions]
"HKEY_CURRENT_USER\\Software\\BillP Studios\\WinPatrol\\Options\\FileTypes"="1"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\RegOptions]
"HKEY_CURRENT_USER\\Software\\BillP Studios\\WinPatrol\\Class\\exefile"="%1 %*"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Run]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Run]
"C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe -expressboot"="1"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Services]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Sysfiles]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Sysfiles\Autoexec.bat]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Sysfiles\Config.sys]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Sysfiles\HOSTS]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\BillP Studios\WinPatrol\Tasks]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="patrol"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File1"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProt2.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File4"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProtect.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"b"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"e"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProt2.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"j"="D:\\(ALL)_My\\Security\\2011NOV\\REGscanDigitalPatrol_ASProtect.txt"

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinPatrol]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blackpatrol.com]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rapepatrol.com]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"="WinPatrol System Monitor"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

Thanks so much for all your time and help!

:idea: FYI- I'm not sure if this info is of any help but, I ran a search on my computer for:

"All files and folders"
"A word or phrase in the file:" Digital Patrol
following are the results:

Watcher.log
2008/12/26,15:26:59 | *** warning: Registry entry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxark\Files\1" (created): New entry was set to <\DosDevices\C:\Program Files\NictaTech Software\Digital Patrol 5\dpatrolu.exe>

aaw7boot.log - 2009-02-04
[~] Deleting file: C:\Program Files\NictaTech Software\Digital Patrol 5\asc4.dll
[~] Deleting file: C:\Program Files\NictaTech Software\Digital Patrol 5\kernel40.dll

CureIt.log -2010-12-14
>D:\(ALL)_My\Security\09Mar\GODDESSPROFILE\Application Data\Microsoft\HTML Help\hh.dat/Program Files/NictaTech Software/Digital Patrol 5/DPatrol.chm/default - OK

Hope this can help in some way?

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ppctl]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Following the provided instructions CF started with a message that it had expired?
Went ahead with the scan in REDUCED FUNCTIONALITY MODE.
Here is the log:

ComboFix 11-11-04.04 - mstihkal333 11/12/2011 8:28.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1568 [GMT -7:00]
Running from: c:\documents and settings\mstihkal333\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mstihkal333\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-06 01:38 . 2011-11-12 04:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo
2011-11-06 01:38 . 2011-11-06 01:38 -------- d-----w- c:\program files\COMODO
2011-11-06 01:37 . 2011-11-06 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo Downloader
2011-11-06 01:30 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 01:30 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 01:30 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 01:30 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 01:30 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 01:30 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-06 01:30 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-06 01:30 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-06 01:30 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 01:30 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\program files\AVAST Software
2011-11-06 01:30 . 2011-11-06 01:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-11-04 10:20 . 2011-11-04 10:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-03 19:01 . 2011-11-03 19:01 -------- d-----w- C:\_OTL
2011-11-02 14:51 . 2011-11-02 14:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess
2011-10-29 22:42 . 2008-05-02 09:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2011-10-17 02:39 . 2011-10-17 02:41 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\vlc
2011-10-17 02:38 . 2011-10-17 02:38 -------- d-----w- c:\program files\VideoLAN
2011-10-17 01:36 . 2011-10-17 01:36 -------- d-----w- C:\xpsp3
2011-10-14 23:16 . 2011-10-14 23:16 -------- d-----w- c:\program files\Tablet
2011-10-14 23:16 . 2004-07-14 16:57 2760704 ------w- c:\windows\system32\WacomTablet.cpl
2011-10-14 23:16 . 2001-04-09 20:45 8138 ------w- c:\windows\system32\drivers\PenClass.sys
2011-10-14 23:15 . 2011-10-14 23:16 -------- d-----w- c:\windows\system32\WTablet
2011-10-14 23:15 . 1999-05-07 16:12 15744 ------w- c:\windows\system32\Wintab.dll
2011-10-14 23:15 . 2004-07-13 21:51 679936 ------w- c:\windows\system32\Tablet.exe
2011-10-14 23:15 . 2004-07-13 21:50 102400 ------w- c:\windows\system32\Wintab32.dll
2011-10-14 23:15 . 2004-07-13 21:40 44544 ------w- c:\windows\system32\TabHook.dll
2011-10-13 18:09 . 2011-11-09 21:24 -------- d-----w- c:\documents and settings\mstihkal333\Application Data\GlarySoft
2011-10-13 17:43 . 2011-11-12 06:29 -------- d-----w- c:\program files\Glary Utilities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 20:44 . 2009-06-17 16:55 76304 ----a-w- c:\windows\KHALMNPR.Exe
2011-10-21 18:31 . 2011-06-13 05:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 01:48 . 2011-10-08 01:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-08 01:48 . 2011-10-08 01:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-08 01:48 . 2011-10-08 01:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-08 01:48 . 2011-10-08 01:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-08 01:47 . 2011-10-08 01:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-08 01:47 . 2011-10-08 01:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 12:06 . 2010-05-03 16:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2009-01-04 19:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-16 07:32 . 2011-09-16 06:54 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-09-03 10:17 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-08-30 07:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 17:30 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-08-29 18:16 . 2007-03-29 20:40 1880 -c--a-w- c:\windows\AUTOLNCH.REG
2008-11-27 21:34 . 2009-12-13 20:13 14957444 ----a-w- c:\program files\mozilla firefox\plugins\avcodec-51.dll
2008-11-27 21:34 . 2009-12-13 20:13 3889294 ----a-w- c:\program files\mozilla firefox\plugins\avformat-52.dll
2008-11-27 21:34 . 2009-12-13 20:13 177548 ----a-w- c:\program files\mozilla firefox\plugins\avutil-49.dll
2009-04-15 21:02 . 2009-12-13 20:13 1642496 ----a-w- c:\program files\mozilla firefox\plugins\libambulant_shwin32.dll
2009-04-15 21:03 . 2009-12-13 20:13 290816 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_ffmpeg.dll
2009-04-15 21:03 . 2009-12-13 20:13 11264 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_plugin.dll
2009-04-15 21:03 . 2009-12-13 20:13 462848 ----a-w- c:\program files\mozilla firefox\plugins\libamplugin_state_xpath.dll
2009-02-09 22:53 . 2009-12-13 20:13 1892352 ----a-w- c:\program files\mozilla firefox\plugins\xerces-c_2_8.dll
2011-10-13 02:45 . 2011-05-15 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2011-11-09 76304]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:"*STARTUP" /L:"1033" /heur:100 /RA:repair /pup /archives /IA:0 /KBD:3 /dir:"c:\program files\AVAST Software\Avast"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 09:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"COMODO"=c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
"CPA"=c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/5/2011 12:54 AM 13496]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [10/6/2011 10:04 AM 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/5/2011 6:30 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2011 6:30 PM 320856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/7/2011 6:48 PM 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/7/2011 6:48 PM 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2011 6:30 PM 20568]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [6/20/2011 12:38 PM 109168]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.SYS [3/19/2011 1:18 AM 1670016]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [9/15/2011 11:54 PM 49240]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8/13/2011 12:25 AM 66432]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [10/6/2011 10:04 AM 51632]
S3 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [10/6/2011 10:04 AM 3074040]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [11/4/2009 9:54 AM 24576]
S3 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [5/25/2011 8:43 PM 154424]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/19/2011 1:16 AM 79360]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [8/13/2011 4:52 PM 33408]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 5:20 AM 12648]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2010 6:37 AM 38976]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/21/2007 11:10 AM 25773]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/4/2011 2:53 PM 98392]
S3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\DRIVERS\WSUSBDMAN.sys --> c:\windows\system32\DRIVERS\WSUSBDMAN.sys [?]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S4 gupdate1c9a43e39b016c;gupdate1c9a43e39b016c;"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 kcusbser;Kyocera USB Device for Legacy Serial Communication;c:\windows\system32\drivers\kcusbser.sys [11/3/2009 4:50 PM 105984]
S4 kwcxbus;kwcxbus;c:\windows\system32\drivers\kwcxbus.sys [1/19/2007 8:17 PM 52480]
S4 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/4/2011 2:53 PM 64288]
S4 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/4/2011 11:20 AM 12184]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/9/2010 12:58 AM 91456]
S4 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8/13/2011 12:24 AM 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-10-13 20:08]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006Core.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-602609370-839522115-1006UA.job
- c:\documents and settings\mstihkal333\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-27 07:49]
.
2011-09-05 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-05 01:19]
.
2010-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.eset.com/us/online-scanner
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: kgbusa.com\wahops
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: pcpistop.com
FF - ProfilePath - c:\documents and settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.speedtest.net/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 08:31
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqddsvc]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll.target"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BEEBE5E-899C-FFB5-7BEB-242B29CD3454}*]
"ladmkjldljfblmdcmdfjcohk"=hex:62,61,65,65,00,f2
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B1915B7C1E689F07E513E6759457E6429A012DC3C094C6BBC414CC47D87C327E20FB0352CD04E28E8EC48FF9D821A6824C406E774EBC7C2D6D8AD59E4EB9005AAE0E8EDCB311A81895AD18CEE270D20F63EB9B5EE1761EF0D32CB1F9BB771BF0AB0178D342D143CC9D8873B68C594AEBF6DCC4E555C83903A395AF1024CA5BD578CFEAD54190F77B5D504B5881765F3FB2B2305A5EBD4E041CA5CF775E500FC28A3BC664CC9801171D487ABD43E45AD455CDD77281E4CFB5147E4BAE9428F714EA481D63D43A0CB2BDF39455264775FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CBA7FD869164D6794A1E7D7D9DA9FA4D608B562067652AEA181137065D5FC2384AE2ECA9CFE1EC192F66D61F365062849D493E3F7781B7E1B2F2AF67247F32B4F42476D29B4C09A2B9D9B9B77B8041570AD532F322F17A6285448A457438A1043927C419957C358024AF3A3311180D4327FCD62FBE3965F3C3737B7FBB8937D01612D4414A09EB404D58A5A9E113754E7DBEA5D52BFB8673DC2D732F7FBB4A29C11CEB96BAA9CEF92BD0AE274BDB98261F82A46E6CFF17F07861DD91AC4E7B01C2A67A8AC76DB4E82A22FA4997F69565F309C079C098B6E68B48EB9E12D7BDEFD5816DC1569CF181EC84BCCAAA57F461980EACA0CC0A27CA3A4C62007B40FE7B0EB8964174C3E179F99434CF6608750378CCC0482B0A7F87052F49DF2BF1A8B1AD70714DA49421D3AA291D680C56175D797126780F75FB47A5A5E094194E68A0FB46502B873CA7B139342E2014EBF398D8D9C6E3A19E105DF8057FC456012AC5E3E900940BC1B8BC142F6AEE1D7AB245EFA635519F99D44332D4D5884300E3CC7D58BC8B47FC92954A66539C3A380C444136E9EB8E4D14F7D6ABDBBB679A0887E7C68248B76C0B24CDED5C7FA576EA82DAB5F0E69091408B7E4BD0E4B92E2E3AADCD0436F44400D9C2A27E08DFCF8677B3D652EAFF7CB5451F273F9E2B6C224E7407F8FBF6BD99EB06FC851B880F71884E7C84CC5A9381EAD0A9A6CD30682254719C53A0ED474D2E43641AA69B316D892EAE1F71676E7D2A4448218278338C44CF88635A04D4A9B882CA93E45CD54C864AEA187C11EC0E380E00FF21A174CE5EE1ABCB772846CEAE2A12FA72465860CAB3C08931E427B477FC336389E8B7EEE9A57F13CB28F3BB7AB0C92400FF9544D0DBFAD7933E92575D57383E4D810DECA312FC70343E56F7F9183AAA8486B3938250E3AD9BC7E1DEDA91B97BBA4B8D3E706C7F28F3B651241B245DE46C20184FC001B6D1BAC501A31168824C18E7D17B9DE68BAA7E3CC020026B22D4124E2DAD09F8198E527102345ABAEEFC258B73736FAFB7BD7BCC27344F5CF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'csrss.exe'(584)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-11-12 08:38:22
ComboFix-quarantined-files.txt 2011-11-12 15:38
ComboFix2.txt 2011-11-08 00:38
ComboFix3.txt 2011-11-05 05:59
.
Pre-Run: 23,121,895,424 bytes free
Post-Run: 23,122,898,944 bytes free
.
- - End Of File - - 76CD435C7FC06E6DFEF3F5E55A62C409