Hi i have a similar problem, i get random advertisement sounds, in firefox, my websites get redirected. I've tried running disk cleanup, C Cleaner then malwarebytes antimalware multiple times, there seems to be a file that i cant delete is
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92109e9c-d153-4288-b749-6bb009efc319}
I tried following the directions, but i cant seem to find certain files. here is my log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:40 AM, on 4/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dosah\Downloads\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5276 bytes

much thanks for the help

Please also post the MBA-M log. Your HJT log DOES show at least one Trojan, which should have been removed by the MBA-M full scan. You don't appear to be running either an anti-virus program or a firewall...why not?

i have my windows firewall on, i dont have an antivirus software, any suggestions?

i ended up deleting that MAM-m file and it shows that no malicious software is found

here is the report

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4044

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/28/2010 2:34:23 PM
mbam-log-2010-04-28 (14-34-23).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 227211
Time elapsed: 1 hour(s), 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

You now need to do a new HiJackThis scan and post the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:31 PM, on 4/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\ProgramData\Hxo7P0qj.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Users\Dosah\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5532 bytes

You need to go to this site http://virusscan.jotti.org/en
and upload this file C:\Windows\system32\smss32.exe
for scanning with multiple virus scanners. Please post back with the report it gives you. Make sure you do just get the info of the latest scan of this file but the actual one from your computer.

i dont have an smss32.exe file, i only have smss.exe

Did the upload for the scans tell you that or did you manually look for it?

When you got to the site or before? If before then click the browse button there and choose my computer and then list C:\Windows\system32\smss32.exe and click ok. If it cannot be found you get a message that it doesn't exist.
Is this what you did?

it says it does not open, yes it is what i did.

Ok just had to be certain. Are you still getting the random advertisement sounds and pop ups,web links get redirected?

Ok, then do the following. Please follow these instructions exactlyPlease download ComboFix by sUBs from HERE or HERE
· You must download it to and run it from your Desktop
· Now STOP all your monitoring programs
(Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
· Double click combofix.exe & follow the prompts.
· When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
· Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

This is the combo fix scan

ComboFix 10-04-28.04 - Dosah 04/28/2010 22:10:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2907 [GMT -7:00]
Running from: c:\users\Dosah\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\DellTPad\Apoint.exe
c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\PowerISO\PWRISOVM.EXE
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\dxe.txt
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\klgd.bmp
c:\windows\system32\qks.txt
I:\Autorun.inf

Infected copy of c:\windows\system32\drivers\compbatt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 05:18 . 2010-04-29 05:19 -------- d-----w- c:\users\Dosah\AppData\Local\temp
2010-04-29 05:18 . 2010-04-29 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-28 03:52 . 2010-04-28 03:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- c:\program files\CCleaner
2010-04-23 15:58 . 2010-04-29 03:56 66564 ----a-w- c:\programdata\Hxo7P0qj.exe
2010-04-22 21:04 . 2010-04-22 21:04 -------- d-----w- c:\program files\Trend Micro
2010-04-21 20:10 . 2010-04-21 20:11 -------- d-----w- c:\programdata\SITEguard
2010-04-21 20:09 . 2010-04-24 08:47 -------- d-----w- c:\programdata\STOPzilla!
2010-04-21 20:09 . 2010-04-21 20:09 -------- d-----w- c:\program files\Common Files\iS3
2010-04-21 17:51 . 2010-04-21 17:51 48128 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{156F6708-D01E-1C3E-0566-550328CA8FC5}-smss32.exe
2010-04-21 08:08 . 2010-04-21 08:08 48128 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{B1264FC6-7871-5B55-D576-451044626532}-smss32.exe
2010-04-21 07:39 . 2010-04-21 07:39 75264 ------w- c:\windows\system32\bbcd.sys
2010-04-21 06:24 . 2010-04-21 06:24 -------- d-----w- c:\windows\Sun
2010-04-15 01:36 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 01:36 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 01:36 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 01:36 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 01:36 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 01:36 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:25 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 18:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 21:15 . 2010-04-12 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\Publish Providers
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\NetMedia Providers
2010-04-08 06:42 . 2010-04-08 06:42 -------- d-----w- c:\users\Dosah\AppData\Local\Sony
2010-04-08 06:20 . 2010-04-08 06:20 -------- d-----w- c:\program files\Sony Setup
2010-04-06 18:33 . 2010-04-13 03:31 -------- d-----w- c:\users\Dosah\AppData\Local\HuluDesktop
2010-04-03 21:19 . 2010-04-03 21:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 05:11 . 2010-04-07 20:42 -------- d-----w- c:\users\Dosah\AppData\Roaming\PrimoPDF
2010-04-01 05:04 . 2010-04-01 05:04 -------- d-----w- c:\program files\Nitro PDF
2010-04-01 05:04 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-04-01 04:57 . 1997-07-15 00:42 314880 ----a-w- c:\windows\IsUninst.exe
2010-03-31 10:18 . 2007-09-20 22:31 647168 ----a-w- c:\windows\system32\aestecap.dll
2010-03-31 10:18 . 2007-09-20 22:31 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-03-31 10:18 . 2007-09-13 22:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-03-31 10:18 . 2007-04-11 01:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-03-31 00:00 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 05:17 . 2010-03-02 07:49 -------- d-----w- c:\program files\iTunes
2010-04-29 05:17 . 2010-01-09 10:08 -------- d-----w- c:\program files\PowerISO
2010-04-29 05:17 . 2010-03-23 02:08 -------- d-----w- c:\program files\DellTPad
2010-04-29 03:56 . 2010-04-23 11:46 112 ----a-w- c:\programdata\Jd0IwcEK.dat
2010-04-28 23:05 . 2009-12-31 08:45 -------- d-----w- c:\program files\Warcraft III
2010-04-28 09:15 . 2010-01-04 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 18:53 . 2010-03-02 11:10 -------- d-----w- c:\program files\Cakewalk
2010-04-24 16:21 . 2009-12-28 09:37 -------- d-----w- c:\users\Dosah\AppData\Roaming\uTorrent
2010-04-23 23:33 . 2010-04-21 23:01 3848 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-23 11:41 . 2010-04-23 11:41 37376 ----a-w- c:\windows\Fonts\05N2d.com
2010-04-21 22:36 . 2009-12-23 00:08 194115 ----a-w- c:\users\Dosah\AppData\Roaming\nvModes.dat
2010-04-21 20:22 . 2010-03-02 11:10 -------- d-----w- c:\programdata\Cakewalk
2010-04-15 10:03 . 2009-12-23 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-03 09:31 . 2010-03-22 09:08 -------- d-----w- c:\program files\Java
2010-04-01 21:39 . 2009-12-23 00:37 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-31 10:17 . 2010-03-03 20:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 07:46 . 2010-01-04 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 03:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 18:14 . 2010-01-08 09:59 -------- d-----w- c:\programdata\Research In Motion
2010-03-23 19:33 . 2010-03-23 19:33 -------- d-----w- c:\programdata\Blizzard
2010-03-23 02:08 . 2010-03-23 02:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-23 02:06 . 2009-12-22 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 02:05 . 2010-03-23 02:02 -------- d-----w- c:\program files\Broadcom
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\program files\CONEXANT
2010-03-23 02:00 . 2010-03-23 02:00 -------- d-----w- c:\program files\Digital Line Detect
2010-03-22 23:38 . 2010-03-22 23:38 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-03-22 23:35 . 2010-03-22 23:35 -------- d-----w- c:\users\Dosah\AppData\Roaming\InstallShield
2010-03-22 23:32 . 2010-03-22 23:32 -------- d-----w- c:\program files\WIDCOMM
2010-03-18 04:40 . 2010-03-18 03:45 -------- d-----w- c:\programdata\Webex
2010-03-18 03:45 . 2010-03-18 03:45 99208 ----a-w- c:\programdata\Webex\ieatgpc.dll
2010-03-18 03:45 . 2010-03-18 03:45 95312 ----a-w- c:\programdata\Webex\atgpcexe.dll
2010-03-18 03:45 . 2010-03-18 03:45 28472 ----a-w- c:\programdata\Webex\atgpcdec.dll
2010-03-18 03:45 . 2010-03-18 03:45 185224 ----a-w- c:\programdata\Webex\atgpcext.dll
2010-03-18 03:45 . 2010-03-18 03:45 151 ----a-w- c:\programdata\Webex\reggpc.bat
2010-03-18 03:45 . 2010-03-18 03:45 111928 ----a-w- c:\programdata\Webex\atstart.exe
2010-03-18 03:45 . 2010-03-18 03:45 103736 ----a-w- c:\programdata\Webex\atmgr.exe
2010-03-10 20:41 . 2010-03-10 20:41 -------- d-----w- c:\users\Dosah\AppData\Roaming\Foxit Software
2010-03-09 11:28 . 2010-03-22 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\Leadertech
2010-03-08 10:47 . 2010-03-08 10:47 -------- d-----w- c:\program files\EA Sports
2010-03-02 11:35 . 2009-12-22 20:33 109216 ----a-w- c:\users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 11:30 . 2010-03-02 11:30 -------- d-----w- c:\users\Dosah\AppData\Roaming\Cakewalk
2010-03-02 07:50 . 2010-03-02 07:50 -------- d-----w- c:\program files\iPod
2010-03-02 07:49 . 2009-12-31 21:40 -------- d-----w- c:\program files\Common Files\Apple
2010-03-02 07:37 . 2010-03-02 07:37 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:16 . 2009-12-22 13:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-02 07:45 . 2010-02-24 00:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-29 23:21 . 2010-01-29 23:21 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Hewlett-Packard\OrderReminder\OrderReminder .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\PowerISO\PWRISOVM .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"smss32.exe"="c:\windows\system32\smss32.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-04-23 11:41 37380 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
c:\program files\DellTPad\Apoint.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
c:\program files\PowerISO\PWRISOVM.EXE [N/A]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-28 691696]
S1 bbcd;bbcd;c:\windows\system32\bbcd.sys [2010-04-21 75264]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EC5738BF-72C3-416F-9D09-24A21222BE58}]
fycwdn11.dll [N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\At1.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At10.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At11.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At12.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At13.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At14.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At15.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At16.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At17.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At18.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At19.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At2.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At20.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At21.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At22.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At23.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At24.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At25.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At26.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At27.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At28.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At29.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At3.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At30.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At31.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At32.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At33.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At34.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At35.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At36.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At37.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At38.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At39.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At4.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At40.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At41.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-29 c:\windows\Tasks\At42.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-29 c:\windows\Tasks\At43.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-29 c:\windows\Tasks\At44.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-29 c:\windows\Tasks\At45.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-29 c:\windows\Tasks\At46.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-29 c:\windows\Tasks\At47.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At48.job
- c:\programdata\Hxo7P0qj.exe [2010-04-23 03:56]

2010-04-28 c:\windows\Tasks\At5.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At6.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At7.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At8.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-28 c:\windows\Tasks\At9.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Dosah\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-28 22:21:31
ComboFix-quarantined-files.txt 2010-04-29 05:21

Pre-Run: 20,746,559,488 bytes free
Post-Run: 20,823,146,496 bytes free

- - End Of File - - 6A3D290B40858E505E39F9EADF395A11


This is the HJT report

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:03 PM, on 4/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Users\Dosah\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4328 bytes

Don't think I have forgotten you, asked another mod to also take a look at this combo log.

Tell you one thing I have noticed, there ARE some odd files in your Sheduled tasks list. Some were created at the same time it appears you were either downloading iTunes music OR using uTorrent...what does that tell you?

It also looks to me like you also have been continuing to download music or at least use iTunes while this fix is being attempted. May be one reason why this is so difficult.

haha, thanks, i know this must be irritating to you.
anyways...
I have then ceased using utorrent, and i actually dont really use my itunes. is it running in the background?

haha, thanks, i know this must be irritating to you.
anyways...
I have then ceased using utorrent, and i actually dont really use my itunes. is it running in the background?

No, in the last HJT it wasn't running. You need to do MORE than cease using uTorrent. You need to UNINSTALL it. Did you note this caution at the beginning of the Read Me Sticky?

Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

That said, first you must do this:
Go back to http://virusscan.jotti.org/en

Upload this file and report back with reports given
c:\programdata\Hxo7P0qj.exe

I have more instructions, but do that first. It is very important.

it is uninstalled.

here is the report
Scanners
[ArcaVir]
2010-04-27 Found nothing
[F-Secure Anti-Virus]
2010-04-27 Trojan.Win32.Powp.afb
[A-Squared]
2010-04-27 Trojan.Win32.Powp!IK
[G DATA]
2010-04-27 Win32:Malware-gen
[Avast! antivirus]
2010-04-27 Win32:Malware-gen
[Ikarus]
2010-04-27 Trojan.Win32.Powp
[Grisoft AVG Anti-Virus]
2010-04-27 Dropper.Generic2.DJP
[Kaspersky Anti-Virus]
2010-04-27 Trojan.Win32.Powp.afb
[Avira AntiVir]
2010-04-27 TR/Dldr.Stration.Gen
[ESET NOD32]
2010-04-27 Found nothing
[Softwin BitDefender]
2010-04-27 Found nothing
[Panda Antivirus]
2010-04-27 Found nothing
[ClamAV]
2010-04-27 Found nothing
[Quick Heal]
2010-04-27 Found nothing
[CPsecure]
2010-04-27 Found nothing
[Sophos]
2010-04-27 Sus/UnkPack-C
[Dr.Web]
2010-04-28 Found nothing
[VirusBlokAda VBA32]
2010-04-26 SScope.Injector.MY
[Frisk F-Prot Antivirus]
2010-04-27 Found nothing
[VirusBuster]
2010-04-27 Found nothing

Ok, give me a bit to get this next fix written up for you.

1. Please open Notepad

* Click Start , then Run
* Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::
c:\programdata\Hxo7P0qj.exe
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job


RENV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Hewlett-Packard\OrderReminder\OrderReminder .exe
c:\program files\iTuiTunesnes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\PowerISO\PWRISOVM .exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://i5.photobucket.com/albums/y15...1/CFScript.gif


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

* Combofix.txt
* A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

this is the CF report

ComboFix 10-04-28.04 - Dosah 04/29/2010 15:16:00.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2828 [GMT -7:00]
Running from: c:\users\Dosah\Desktop\ComboFix.exe
Command switches used :: c:\users\Dosah\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 22:22 . 2010-04-29 22:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-29 22:22 . 2010-04-29 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-29 22:14 . 2010-04-29 22:15 -------- d-----w- C:\32788R22FWJFW
2010-04-29 06:37 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 06:37 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 06:37 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-29 05:21 . 2010-04-29 22:24 -------- d-----w- c:\users\Dosah\AppData\Local\temp
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- c:\program files\CCleaner
2010-04-22 21:04 . 2010-04-22 21:04 -------- d-----w- c:\program files\Trend Micro
2010-04-21 20:10 . 2010-04-21 20:11 -------- d-----w- c:\programdata\SITEguard
2010-04-21 20:09 . 2010-04-24 08:47 -------- d-----w- c:\programdata\STOPzilla!
2010-04-21 20:09 . 2010-04-21 20:09 -------- d-----w- c:\program files\Common Files\iS3
2010-04-21 07:39 . 2010-04-21 07:39 75264 ------w- c:\windows\system32\bbcd.sys
2010-04-21 06:24 . 2010-04-21 06:24 -------- d-----w- c:\windows\Sun
2010-04-15 01:36 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 01:36 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 01:36 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 01:36 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 01:36 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 01:36 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:25 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 18:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 21:15 . 2010-04-12 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\Publish Providers
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\NetMedia Providers
2010-04-08 06:42 . 2010-04-08 06:42 -------- d-----w- c:\users\Dosah\AppData\Local\Sony
2010-04-08 06:20 . 2010-04-08 06:20 -------- d-----w- c:\program files\Sony Setup
2010-04-06 18:33 . 2010-04-13 03:31 -------- d-----w- c:\users\Dosah\AppData\Local\HuluDesktop
2010-04-03 21:19 . 2010-04-03 21:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 05:11 . 2010-04-07 20:42 -------- d-----w- c:\users\Dosah\AppData\Roaming\PrimoPDF
2010-04-01 05:04 . 2010-04-01 05:04 -------- d-----w- c:\program files\Nitro PDF
2010-04-01 05:04 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-04-01 04:57 . 1997-07-15 00:42 314880 ----a-w- c:\windows\IsUninst.exe
2010-03-31 10:18 . 2007-09-20 22:31 647168 ----a-w- c:\windows\system32\aestecap.dll
2010-03-31 10:18 . 2007-09-20 22:31 131072 ----a-w- c:\windows\system32\aestacap.dll
2010-03-31 10:18 . 2007-09-13 22:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-03-31 10:18 . 2007-04-11 01:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-03-31 00:00 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 22:15 . 2010-03-23 02:08 -------- d-----w- c:\program files\DellTPad
2010-04-29 22:15 . 2010-01-09 10:08 -------- d-----w- c:\program files\PowerISO
2010-04-29 22:15 . 2010-01-04 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 22:11 . 2009-12-31 08:45 -------- d-----w- c:\program files\Warcraft III
2010-04-29 19:35 . 2010-04-23 11:46 112 ----a-w- c:\programdata\Jd0IwcEK.dat
2010-04-29 05:17 . 2010-03-02 07:49 -------- d-----w- c:\program files\iTunes
2010-04-29 03:56 . 2010-04-23 15:58 66564 ----a-w- c:\programdata\Hxo7P0qj.exe
2010-04-29 03:56 . 2010-04-23 15:58 66564 ----a-w- c:\programdata\Hxo7P0qj.exe
2010-04-28 03:52 . 2010-04-28 03:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 18:53 . 2010-03-02 11:10 -------- d-----w- c:\program files\Cakewalk
2010-04-24 16:21 . 2009-12-28 09:37 -------- d-----w- c:\users\Dosah\AppData\Roaming\uTorrent
2010-04-23 23:33 . 2010-04-21 23:01 3848 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-23 11:41 . 2010-04-23 11:41 37376 ----a-w- c:\windows\Fonts\05N2d.com
2010-04-21 22:36 . 2009-12-23 00:08 194115 ----a-w- c:\users\Dosah\AppData\Roaming\nvModes.dat
2010-04-21 20:22 . 2010-03-02 11:10 -------- d-----w- c:\programdata\Cakewalk
2010-04-21 17:51 . 2010-04-21 17:51 48128 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{156F6708-D01E-1C3E-0566-550328CA8FC5}-smss32.exe
2010-04-21 08:08 . 2010-04-21 08:08 48128 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{B1264FC6-7871-5B55-D576-451044626532}-smss32.exe
2010-04-15 10:03 . 2009-12-23 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-03 09:31 . 2010-03-22 09:08 -------- d-----w- c:\program files\Java
2010-04-01 21:39 . 2009-12-23 00:37 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-31 10:17 . 2010-03-03 20:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 07:46 . 2010-01-04 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 03:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 18:14 . 2010-01-08 09:59 -------- d-----w- c:\programdata\Research In Motion
2010-03-23 19:33 . 2010-03-23 19:33 -------- d-----w- c:\programdata\Blizzard
2010-03-23 02:08 . 2010-03-23 02:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-23 02:06 . 2009-12-22 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 02:05 . 2010-03-23 02:02 -------- d-----w- c:\program files\Broadcom
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\program files\CONEXANT
2010-03-23 02:00 . 2010-03-23 02:00 -------- d-----w- c:\program files\Digital Line Detect
2010-03-22 23:38 . 2010-03-22 23:38 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-03-22 23:35 . 2010-03-22 23:35 -------- d-----w- c:\users\Dosah\AppData\Roaming\InstallShield
2010-03-22 23:32 . 2010-03-22 23:32 -------- d-----w- c:\program files\WIDCOMM
2010-03-18 04:40 . 2010-03-18 03:45 -------- d-----w- c:\programdata\Webex
2010-03-18 03:45 . 2010-03-18 03:45 99208 ----a-w- c:\programdata\Webex\ieatgpc.dll
2010-03-18 03:45 . 2010-03-18 03:45 95312 ----a-w- c:\programdata\Webex\atgpcexe.dll
2010-03-18 03:45 . 2010-03-18 03:45 28472 ----a-w- c:\programdata\Webex\atgpcdec.dll
2010-03-18 03:45 . 2010-03-18 03:45 185224 ----a-w- c:\programdata\Webex\atgpcext.dll
2010-03-18 03:45 . 2010-03-18 03:45 151 ----a-w- c:\programdata\Webex\reggpc.bat
2010-03-18 03:45 . 2010-03-18 03:45 111928 ----a-w- c:\programdata\Webex\atstart.exe
2010-03-18 03:45 . 2010-03-18 03:45 103736 ----a-w- c:\programdata\Webex\atmgr.exe
2010-03-10 20:41 . 2010-03-10 20:41 -------- d-----w- c:\users\Dosah\AppData\Roaming\Foxit Software
2010-03-09 11:28 . 2010-03-22 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\Leadertech
2010-03-08 10:47 . 2010-03-08 10:47 -------- d-----w- c:\program files\EA Sports
2010-03-02 11:35 . 2009-12-22 20:33 109216 ----a-w- c:\users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 11:30 . 2010-03-02 11:30 -------- d-----w- c:\users\Dosah\AppData\Roaming\Cakewalk
2010-03-02 07:50 . 2010-03-02 07:50 -------- d-----w- c:\program files\iPod
2010-03-02 07:49 . 2009-12-31 21:40 -------- d-----w- c:\program files\Common Files\Apple
2010-03-02 07:37 . 2010-03-02 07:37 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:16 . 2009-12-22 13:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-02 07:45 . 2010-02-24 00:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-29 23:21 . 2010-01-29 23:21 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

<pre>
c:\program files\iTunes\iTunesHelper .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"smss32.exe"="c:\windows\system32\smss32.exe" [N/A]

HJT scan

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:35:50 PM, on 4/29/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dosah\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4364 bytes

Have asked crunchie to take a look here. One of us will give more instructions soon. PLEASE don't be using anymore P2P programs.

You failed to post the entire log from Combofix. Please ensure you do so in your next reply.

==

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\programdata\Hxo7P0qj.exe
c:\programdata\Microsoft\Windows Defender\LocalCopy\{156F6708-D01E-1C3E-0566-550328CA8FC5}-smss32.exe
c:\programdata\Microsoft\Windows Defender\LocalCopy\{B1264FC6-7871-5B55-D576-451044626532}-smss32.exe


RENV::
c:\program files\iTunes\iTunesHelper .exe

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"smss32.exe"=-

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

so i tried the link for OTL, it doesnt allow me to download the file. i have OldTimer MoveIt2 i'm not sure its the same thing.

ComboFix 10-04-28.04 - Dosah 04/30/2010 11:47:54.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2615 [GMT -7:00]
Running from: c:\users\Dosah\Desktop\ComboFix.exe
Command switches used :: c:\users\Dosah\Desktop\CFScript.txt

FILE ::
"c:\programdata\Hxo7P0qj.exe"
"c:\programdata\Microsoft\Windows Defender\LocalCopy\{156F6708-D01E-1C3E-0566-550328CA8FC5}-smss32.exe"
"c:\programdata\Microsoft\Windows Defender\LocalCopy\{B1264FC6-7871-5B55-D576-451044626532}-smss32.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\programdata\Hxo7P0qj.exe
c:\programdata\Microsoft\Windows Defender\LocalCopy\{156F6708-D01E-1C3E-0566-550328CA8FC5}-smss32.exe
c:\programdata\Microsoft\Windows Defender\LocalCopy\{B1264FC6-7871-5B55-D576-451044626532}-smss32.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-30 18:54 . 2010-04-30 18:56 -------- d-----w- c:\users\Dosah\AppData\Local\temp
2010-04-30 18:54 . 2010-04-30 18:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-30 18:54 . 2010-04-30 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-29 06:37 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-29 06:37 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-29 06:37 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-24 18:52 . 2010-04-24 18:52 -------- d-----w- c:\program files\CCleaner
2010-04-22 21:04 . 2010-04-22 21:04 -------- d-----w- c:\program files\Trend Micro
2010-04-21 20:10 . 2010-04-21 20:11 -------- d-----w- c:\programdata\SITEguard
2010-04-21 20:09 . 2010-04-24 08:47 -------- d-----w- c:\programdata\STOPzilla!
2010-04-21 20:09 . 2010-04-21 20:09 -------- d-----w- c:\program files\Common Files\iS3
2010-04-21 07:39 . 2010-04-21 07:39 75264 ------w- c:\windows\system32\bbcd.sys
2010-04-21 06:24 . 2010-04-21 06:24 -------- d-----w- c:\windows\Sun
2010-04-15 01:36 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 01:36 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 01:36 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 01:36 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 01:36 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 01:36 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:25 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 18:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 21:15 . 2010-04-12 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\Publish Providers
2010-04-08 06:45 . 2010-04-08 06:45 -------- d-----w- c:\users\Dosah\AppData\Roaming\NetMedia Providers
2010-04-08 06:42 . 2010-04-08 06:42 -------- d-----w- c:\users\Dosah\AppData\Local\Sony
2010-04-08 06:20 . 2010-04-08 06:20 -------- d-----w- c:\program files\Sony Setup
2010-04-06 18:33 . 2010-04-13 03:31 -------- d-----w- c:\users\Dosah\AppData\Local\HuluDesktop
2010-04-03 21:19 . 2010-04-03 21:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 05:11 . 2010-04-07 20:42 -------- d-----w- c:\users\Dosah\AppData\Roaming\PrimoPDF
2010-04-01 05:04 . 2010-04-01 05:04 -------- d-----w- c:\program files\Nitro PDF
2010-04-01 05:04 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-04-01 04:57 . 1997-07-15 00:42 314880 ----a-w- c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 18:47 . 2010-03-02 07:49 -------- d-----w- c:\program files\iTunes
2010-04-30 18:27 . 2010-04-23 11:46 112 ----a-w- c:\programdata\Jd0IwcEK.dat
2010-04-29 22:15 . 2010-03-23 02:08 -------- d-----w- c:\program files\DellTPad
2010-04-29 22:15 . 2010-01-09 10:08 -------- d-----w- c:\program files\PowerISO
2010-04-29 22:15 . 2010-01-04 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 22:11 . 2009-12-31 08:45 -------- d-----w- c:\program files\Warcraft III
2010-04-28 03:52 . 2010-04-28 03:52 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-24 18:53 . 2010-03-02 11:10 -------- d-----w- c:\program files\Cakewalk
2010-04-24 16:21 . 2009-12-28 09:37 -------- d-----w- c:\users\Dosah\AppData\Roaming\uTorrent
2010-04-23 23:33 . 2010-04-21 23:01 3848 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-23 11:41 . 2010-04-23 11:41 37376 ----a-w- c:\windows\Fonts\05N2d.com
2010-04-21 22:36 . 2009-12-23 00:08 194115 ----a-w- c:\users\Dosah\AppData\Roaming\nvModes.dat
2010-04-21 20:22 . 2010-03-02 11:10 -------- d-----w- c:\programdata\Cakewalk
2010-04-15 10:03 . 2009-12-23 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-04-03 09:31 . 2010-03-22 09:08 -------- d-----w- c:\program files\Java
2010-04-01 21:39 . 2009-12-23 00:37 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-31 10:17 . 2010-03-03 20:06 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 07:46 . 2010-01-04 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-04 03:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 18:14 . 2010-01-08 09:59 -------- d-----w- c:\programdata\Research In Motion
2010-03-23 19:33 . 2010-03-23 19:33 -------- d-----w- c:\programdata\Blizzard
2010-03-23 02:08 . 2010-03-23 02:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-03-23 02:06 . 2009-12-22 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 02:05 . 2010-03-23 02:02 -------- d-----w- c:\program files\Broadcom
2010-03-23 02:01 . 2010-03-23 02:01 -------- d-----w- c:\program files\CONEXANT
2010-03-23 02:00 . 2010-03-23 02:00 -------- d-----w- c:\program files\Digital Line Detect
2010-03-22 23:38 . 2010-03-22 23:38 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-03-22 23:35 . 2010-03-22 23:35 -------- d-----w- c:\users\Dosah\AppData\Roaming\InstallShield
2010-03-22 23:32 . 2010-03-22 23:32 -------- d-----w- c:\program files\WIDCOMM
2010-03-18 04:40 . 2010-03-18 03:45 -------- d-----w- c:\programdata\Webex
2010-03-18 03:45 . 2010-03-18 03:45 99208 ----a-w- c:\programdata\Webex\ieatgpc.dll
2010-03-18 03:45 . 2010-03-18 03:45 95312 ----a-w- c:\programdata\Webex\atgpcexe.dll
2010-03-18 03:45 . 2010-03-18 03:45 28472 ----a-w- c:\programdata\Webex\atgpcdec.dll
2010-03-18 03:45 . 2010-03-18 03:45 185224 ----a-w- c:\programdata\Webex\atgpcext.dll
2010-03-18 03:45 . 2010-03-18 03:45 151 ----a-w- c:\programdata\Webex\reggpc.bat
2010-03-18 03:45 . 2010-03-18 03:45 111928 ----a-w- c:\programdata\Webex\atstart.exe
2010-03-18 03:45 . 2010-03-18 03:45 103736 ----a-w- c:\programdata\Webex\atmgr.exe
2010-03-10 20:41 . 2010-03-10 20:41 -------- d-----w- c:\users\Dosah\AppData\Roaming\Foxit Software
2010-03-09 11:28 . 2010-03-22 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\users\Dosah\AppData\Roaming\Leadertech
2010-03-08 10:47 . 2010-03-08 10:47 -------- d-----w- c:\program files\EA Sports
2010-03-02 11:35 . 2009-12-22 20:33 109216 ----a-w- c:\users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 11:30 . 2010-03-02 11:30 -------- d-----w- c:\users\Dosah\AppData\Roaming\Cakewalk
2010-03-02 07:50 . 2010-03-02 07:50 -------- d-----w- c:\program files\iPod
2010-03-02 07:49 . 2009-12-31 21:40 -------- d-----w- c:\program files\Common Files\Apple
2010-03-02 07:37 . 2010-03-02 07:37 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 17:16 . 2009-12-22 13:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 00:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-02 07:45 . 2010-02-24 00:15 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-02 20:29 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.exe

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-28 691696]
S1 bbcd;bbcd;c:\windows\system32\bbcd.sys [2010-04-21 75264]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EC5738BF-72C3-416F-9D09-24A21222BE58}]
fycwdn11.dll [N/A]
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\At1.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At10.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At11.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At12.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At13.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At14.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At15.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At16.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-29 c:\windows\Tasks\At17.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At18.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At19.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At2.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At20.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At21.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At22.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At23.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At24.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At3.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At4.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At5.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At6.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At7.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At8.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]

2010-04-30 c:\windows\Tasks\At9.job
- c:\windows\Fonts\05N2d.com [2010-04-23 11:41]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Dosah\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,fc,83,4e,0c,fe,89,45,8d,a7,48,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2160)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-04-30 12:01:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-30 19:01
ComboFix2.txt 2010-04-29 22:29
ComboFix3.txt 2010-04-29 05:21

Pre-Run: 22,139,039,744 bytes free
Post-Run: 22,114,074,624 bytes free

- - End Of File - - 16DA18DFC7113E2B2A767590CADB3D9E


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:27:55 PM, on 4/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dosah\Desktop\OTMoveIt2.exe
C:\Users\Dosah\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4139 bytes

i searched for the file, but it says that i need the permission of the admin.

thanks for OTL, heres the report
OTL logfile created on: 4/30/2010 3:17:15 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Users\Dosah\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 20.66 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.95 Gb Free Space | 69.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 74.52 Gb Total Space | 13.10 Gb Free Space | 17.58% Space Free | Partition Type: NTFS

Computer Name: DOSAH-PC
Current User Name: Dosah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/01 04:39:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
PRC - [2010/04/04 22:10:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/01 04:39:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/28 01:37:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 00:39:51 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\bbcd.sys -- (bbcd)
DRV - [2009/12/28 01:39:39 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/08 20:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/14 17:25:00 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/26 14:52:22 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/06 17:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 15:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 15:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 18:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 18:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 78 B4 D8 8D E1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 22:10:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 10:17:00 | 000,000,000 | ---D | M]

[2009/12/22 06:41:37 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Mozilla\Extensions
[2010/04/30 00:54:44 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\extensions
[2010/04/13 02:59:30 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/04/13 02:59:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dosah\AppData\Roaming\Mozilla\Firefox\Profiles\uxl7anj7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/30 15:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/12 02:48:46 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/04/30 11:56:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 19:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/04/30 15:13:57 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
[2010/04/30 11:56:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/30 11:54:48 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Local\temp
[2010/04/30 11:46:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/28 22:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/28 21:49:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/28 21:49:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/28 21:49:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/28 21:48:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/28 21:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/28 11:24:59 | 000,291,840 | ---- | C] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTMoveIt2.exe
[2010/04/28 11:21:19 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dosah\Desktop\HiJackThis.exe
[2010/04/24 11:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/22 14:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/21 13:19:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/04/21 13:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/04/21 13:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/04/21 13:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/04/21 10:35:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/20 23:24:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/12 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/12 00:37:19 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Documents\Fax
[2010/04/07 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Publish Providers
[2010/04/07 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\NetMedia Providers
[2010/04/07 23:42:18 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Local\Sony
[2010/04/07 23:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2010/04/06 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Local\HuluDesktop
[2010/04/03 14:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/03 14:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/31 22:11:51 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\PrimoPDF
[2010/03/31 22:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/03/31 03:18:35 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/03/31 03:18:34 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/03/23 12:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/03/22 19:09:29 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/03/22 19:09:28 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/03/22 19:09:28 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/03/22 19:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/03/22 19:06:59 | 000,042,496 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010/03/22 19:06:59 | 000,039,936 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010/03/22 19:06:59 | 000,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2010/03/22 19:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/03/22 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/03/22 19:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2010/03/22 16:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2010/03/22 16:35:47 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\InstallShield
[2010/03/22 16:34:51 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Bluetooth Software
[2010/03/22 16:34:51 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Documents\Bluetooth Exchange Folder
[2010/03/22 16:32:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2010/03/22 16:32:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2010/03/22 16:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/03/22 02:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/17 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\2009 Tax Return
[2010/03/17 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\webex
[2010/03/17 20:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Webex
[2010/03/10 13:41:22 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Foxit Software
[2010/03/08 05:13:39 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Documents\FIFA 10
[2010/03/08 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Leadertech
[2010/03/08 03:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2010/03/06 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\Hawaii
[2010/03/03 13:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/03/02 04:30:36 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Cakewalk
[2010/03/02 04:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
[2010/03/02 04:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
[2010/03/02 04:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/03/02 00:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/02 00:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/28 01:37:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/02/25 16:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/25 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Office Genuine Advantage
[2010/02/21 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\Mass Slides
[2010/02/16 04:07:37 | 000,000,000 | ---D | C] -- C:\Users\Dosah\Desktop\Music
[2010/02/12 02:48:53 | 000,000,000 | ---D | C] -- C:\Users\Dosah\AppData\Roaming\Foxit
[2010/02/12 02:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/01 04:39:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTL.exe
[2010/04/30 15:18:59 | 002,359,296 | -HS- | M] () -- C:\Users\Dosah\NTUSER.DAT
[2010/04/30 15:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/30 14:17:34 | 000,000,112 | ---- | M] () -- C:\ProgramData\Jd0IwcEK.dat
[2010/04/30 14:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/30 13:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/30 12:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/30 12:04:07 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 12:04:07 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 12:01:12 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/30 12:01:12 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/30 12:01:12 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/30 11:56:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/30 11:56:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/30 11:55:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/30 11:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/30 11:55:32 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/30 11:24:55 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/30 11:24:55 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/30 11:24:55 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/30 08:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/30 07:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/30 06:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/30 05:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/30 04:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/30 03:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/30 02:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/30 01:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/30 00:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/29 23:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/29 22:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/29 21:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/29 20:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/29 19:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/29 18:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/29 17:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/29 16:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/29 03:15:54 | 000,962,876 | -H-- | M] () -- C:\Users\Dosah\AppData\Local\IconCache.db
[2010/04/28 21:45:01 | 003,923,257 | R--- | M] () -- C:\Users\Dosah\Desktop\ComboFix.exe
[2010/04/28 11:25:08 | 000,291,840 | ---- | M] (OldTimer Tools) -- C:\Users\Dosah\Desktop\OTMoveIt2.exe
[2010/04/28 11:21:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dosah\Desktop\HiJackThis.exe
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/26 10:38:50 | 000,011,538 | -HS- | M] () -- C:\ProgramData\0jf5835bS5a
[2010/04/24 11:58:19 | 000,194,115 | ---- | M] () -- C:\Users\Dosah\AppData\Roaming\nvModes.001
[2010/04/24 11:52:38 | 000,022,162 | ---- | M] () -- C:\Users\Dosah\Documents\cc_20100424_115231.reg
[2010/04/23 16:33:58 | 000,003,848 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/04/21 15:36:32 | 000,194,115 | ---- | M] () -- C:\Users\Dosah\AppData\Roaming\nvModes.dat
[2010/04/21 00:39:51 | 000,075,264 | ---- | M] () -- C:\Windows\System32\bbcd.sys
[2010/04/20 16:43:51 | 000,003,519 | ---- | M] () -- C:\Windows\System32\gzdjl
[2010/04/19 11:41:18 | 000,003,584 | ---- | M] () -- C:\Users\Dosah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 21:58:28 | 000,028,672 | ---- | M] () -- C:\Users\Dosah\Documents\Sacred Silence Meditation.doc
[2010/04/17 10:01:17 | 000,001,878 | ---- | M] () -- C:\Users\Dosah\Documents\Music Team Stuff - Shortcut.lnk
[2010/04/11 02:59:07 | 000,023,552 | ---- | M] () -- C:\Users\Dosah\Documents\Silent Activities.doc
[2010/04/08 15:44:19 | 000,051,712 | ---- | M] () -- C:\Users\Dosah\Documents\Chat with Victoria.doc
[2010/04/07 15:40:11 | 000,028,160 | ---- | M] () -- C:\Users\Dosah\Documents\Petition.doc
[2010/04/07 14:49:47 | 000,031,744 | ---- | M] () -- C:\Users\Dosah\Desktop\Philip s. Suk Resume.doc
[2010/04/06 16:29:37 | 000,030,208 | ---- | M] () -- C:\Users\Dosah\Documents\Petition Sheet.xls
[2010/04/05 14:20:25 | 000,055,724 | ---- | M] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.pdf
[2010/04/05 11:55:53 | 000,030,720 | ---- | M] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.doc
[2010/03/31 22:52:24 | 000,019,968 | ---- | M] () -- C:\Users\Dosah\Desktop\Workout Progress.xls
[2010/03/31 22:04:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/31 22:04:28 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/22 19:08:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/03/22 16:36:57 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/03/07 12:11:51 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/02 14:37:49 | 000,028,672 | ---- | M] () -- C:\Users\Dosah\Documents\Permission Agreement ETL.doc
[2010/03/02 04:35:01 | 000,109,216 | ---- | M] () -- C:\Users\Dosah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/13 11:57:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/28 21:49:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/28 21:49:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/28 21:49:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/28 21:49:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/28 21:49:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/28 21:44:12 | 003,923,257 | R--- | C] () -- C:\Users\Dosah\Desktop\ComboFix.exe
[2010/04/26 10:36:53 | 000,011,538 | -HS- | C] () -- C:\ProgramData\0jf5835bS5a
[2010/04/24 11:52:35 | 000,022,162 | ---- | C] () -- C:\Users\Dosah\Documents\cc_20100424_115231.reg
[2010/04/23 04:46:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\Jd0IwcEK.dat
[2010/04/23 04:42:07 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/23 04:42:06 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/23 04:42:06 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/23 04:42:05 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/23 04:42:04 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/23 04:42:03 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/23 04:42:03 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/23 04:42:02 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/23 04:42:01 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/23 04:42:00 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/23 04:41:59 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/23 04:41:58 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/23 04:41:57 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/23 04:41:56 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/23 04:41:55 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/23 04:41:53 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/23 04:41:52 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/23 04:41:51 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/23 04:41:50 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/23 04:41:49 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/23 04:41:48 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/23 04:41:47 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/23 04:41:45 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/23 04:41:44 | 000,037,376 | ---- | C] () -- C:\Windows\Fonts\05N2d.com
[2010/04/23 04:41:44 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/21 16:01:31 | 000,003,848 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/04/21 00:39:51 | 000,075,264 | ---- | C] () -- C:\Windows\System32\bbcd.sys
[2010/04/20 16:43:51 | 000,003,519 | ---- | C] () -- C:\Windows\System32\gzdjl
[2010/04/19 11:41:18 | 000,003,584 | ---- | C] () -- C:\Users\Dosah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 10:01:17 | 000,001,878 | ---- | C] () -- C:\Users\Dosah\Documents\Music Team Stuff - Shortcut.lnk
[2010/04/14 19:31:32 | 000,028,672 | ---- | C] () -- C:\Users\Dosah\Documents\Sacred Silence Meditation.doc
[2010/04/11 02:59:06 | 000,023,552 | ---- | C] () -- C:\Users\Dosah\Documents\Silent Activities.doc
[2010/04/08 14:44:32 | 000,051,712 | ---- | C] () -- C:\Users\Dosah\Documents\Chat with Victoria.doc
[2010/04/07 13:42:33 | 000,031,744 | ---- | C] () -- C:\Users\Dosah\Desktop\Philip s. Suk Resume.doc
[2010/04/05 14:20:25 | 000,055,724 | ---- | C] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.pdf
[2010/04/03 17:41:29 | 000,030,208 | ---- | C] () -- C:\Users\Dosah\Documents\Petition Sheet.xls
[2010/04/03 17:40:23 | 000,028,160 | ---- | C] () -- C:\Users\Dosah\Documents\Petition.doc
[2010/03/31 22:04:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/31 22:04:28 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/03/22 19:08:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/03/22 19:01:22 | 000,144,360 | ---- | C] () -- C:\Windows\System32\drivers\del1028.cty
[2010/03/22 16:36:57 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/03/02 14:37:48 | 000,028,672 | ---- | C] () -- C:\Users\Dosah\Documents\Permission Agreement ETL.doc
[2010/02/22 13:25:12 | 000,019,968 | ---- | C] () -- C:\Users\Dosah\Desktop\Workout Progress.xls
[2010/02/22 13:08:11 | 000,030,720 | ---- | C] () -- C:\Users\Dosah\Desktop\Philip Suk Resume.doc
[2010/02/13 11:57:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/23 13:07:24 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll
[2009/12/22 15:22:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/22 15:22:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/22 15:22:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/22 15:22:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/22 15:22:52 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/22 15:22:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/20 23:32:42 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Ableton
[2010/03/02 04:30:43 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Cakewalk
[2010/01/12 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/30 06:44:14 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\DAEMON Tools Pro
[2010/02/12 02:48:53 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Foxit
[2010/03/10 13:41:22 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Foxit Software
[2010/01/22 04:16:02 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\ImgBurn
[2010/03/08 05:11:38 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Leadertech
[2010/04/07 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\NetMedia Providers
[2010/04/07 13:42:53 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\PrimoPDF
[2010/04/07 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Publish Providers
[2010/01/08 03:01:08 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\Research In Motion
[2010/04/24 09:21:47 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\uTorrent
[2010/03/17 20:47:10 | 000,000,000 | ---D | M] -- C:\Users\Dosah\AppData\Roaming\webex
[2010/04/30 00:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/30 11:24:55 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/30 11:24:55 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/30 11:24:55 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/30 12:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/30 13:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/30 14:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/30 15:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/29 16:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/29 17:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/04/29 18:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/30 01:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/29 19:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/04/29 20:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/04/29 21:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/04/29 22:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/29 23:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/30 02:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/30 03:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/30 04:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/30 05:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/30 06:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/30 07:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/30 08:15:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/27 15:54:29 | 000,018,666 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/28 23:43:22 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Files - Unicode (All) ==========
[2010/04/07 12:46:41 | 000,013,393 | ---- | M] ()(C:\Users\Dosah\Desktop\?? ???.docx) -- C:\Users\Dosah\Desktop\상민 서명서.docx
[2010/04/07 11:48:08 | 000,013,393 | ---- | C] ()(C:\Users\Dosah\Desktop\?? ???.docx) -- C:\Users\Dosah\Desktop\상민 서명서.docx

< End of report >

OTL Extras logfile created on: 4/30/2010 3:17:15 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Users\Dosah\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 20.66 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.95 Gb Free Space | 69.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 74.52 Gb Total Space | 13.10 Gb Free Space | 17.58% Space Free | Partition Type: NTFS

Computer Name: DOSAH-PC
Current User Name: Dosah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = secfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 6:46:38 PM | Computer Name = Dosah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 6.0.190.4, time stamp:
0x4b960e06 Faulting module name: java.dll, version: 6.0.190.4, time stamp: 0x4b963ed1
Exception
code: 0xc0000005 Fault offset: 0x00005875 Faulting process id: 0x5d8 Faulting application
start time: 0x01cae65b7e95432e Faulting application path: C:\Program Files\Java\jre6\bin\java.exe
Faulting
module path: C:\Program Files\Java\jre6\bin\java.dll Report Id: bccbf74d-524e-11df-a315-001dd9e545bb

Error - 4/27/2010 6:47:51 PM | Computer Name = Dosah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: fycwdn11.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4bccb595 Exception code: 0xc0000005 Fault offset: 0x10007701 Faulting
process id: 0x1160 Faulting application start time: 0x01cae65ba1873d3c Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: fycwdn11.dll
Report
Id: e85a8192-524e-11df-a315-001dd9e545bb

Error - 4/27/2010 6:48:19 PM | Computer Name = Dosah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: fycwdn11.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4bccb595 Exception code: 0xc0000005 Fault offset: 0x10007701 Faulting
process id: 0xf74 Faulting application start time: 0x01cae65bb1dfe572 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: fycwdn11.dll
Report
Id: f8d81773-524e-11df-a315-001dd9e545bb

Error - 4/27/2010 6:49:13 PM | Computer Name = Dosah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: fycwdn11.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4bccb595 Exception code: 0xc0000005 Fault offset: 0x10007701 Faulting
process id: 0x9c4 Faulting application start time: 0x01cae65bc2ad713e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: fycwdn11.dll
Report
Id: 19160aee-524f-11df-a315-001dd9e545bb

Error - 4/27/2010 6:49:23 PM | Computer Name = Dosah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: fycwdn11.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4bccb595 Exception code: 0xc0000005 Fault offset: 0x10007701 Faulting
process id: 0xcac Faulting application start time: 0x01cae65ba9b07083 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: fycwdn11.dll
Report
Id: 1f8d903c-524f-11df-a315-001dd9e545bb

Error - 4/28/2010 4:27:08 AM | Computer Name = Dosah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.45.0.0, time stamp:
0x4bb10678 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0xe06d7363 Fault offset: 0x00009617 Faulting process id:
0xf24 Faulting application start time: 0x01cae6aaf3d400ab Faulting application path:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: d5072744-529f-11df-9156-001dd9e545bb

Error - 4/28/2010 6:21:50 AM | Computer Name = Dosah-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/29/2010 6:15:12 AM | Computer Name = Dosah-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/30/2010 1:05:32 AM | Computer Name = Dosah-PC | Source = Application Hang | ID = 1002
Description = The program mpc-hc.exe version 1.3.1405.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ddc Start
Time: 01cae8229487cb50 Termination Time: 98 Application Path: C:\Program Files\K-Lite
Codec Pack\Media Player Classic\mpc-hc.exe Report Id: fe60a107-5415-11df-ada6-001dd9e545bb


Error - 4/30/2010 3:30:32 AM | Computer Name = Dosah-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 1/9/2010 5:01:50 AM | Computer Name = Dosah-PC | Source = MCUpdate | ID = 0
Description = 1:01:37 AM - Error connecting to the internet. 1:01:37 AM - Unable
to contact server..

Error - 1/30/2010 12:50:05 PM | Computer Name = Dosah-PC | Source = MCUpdate | ID = 0
Description = 8:50:05 AM - Error connecting to the internet. 8:50:05 AM - Unable
to contact server..

Error - 2/18/2010 7:09:59 AM | Computer Name = Dosah-PC | Source = MCUpdate | ID = 0
Description = 3:09:59 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

[ System Events ]
Error - 4/29/2010 6:23:23 PM | Computer Name = Dosah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:21:48 PM on ?4/?29/?2010 was unexpected.

Error - 4/29/2010 6:23:27 PM | Computer Name = Dosah-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/29/2010 6:23:30 PM | Computer Name = Dosah-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/30/2010 2:47:26 PM | Computer Name = Dosah-PC | Source = Service Control Manager | ID = 7034
Description = The XAudioService service terminated unexpectedly. It has done this
1 time(s).

Error - 4/30/2010 2:47:39 PM | Computer Name = Dosah-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/30/2010 2:47:51 PM | Computer Name = Dosah-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/30/2010 2:55:41 PM | Computer Name = Dosah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:54:42 AM on ?4/?30/?2010 was unexpected.

Error - 4/30/2010 2:57:06 PM | Computer Name = Dosah-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 4/30/2010 2:57:07 PM | Computer Name = Dosah-PC | Source = DCOM | ID = 10005
Description =

Error - 4/30/2010 2:57:07 PM | Computer Name = Dosah-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053


< End of report >

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    c:\windows\Fonts\05N2d.com
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:39 on 01/05/2010 by Dosah (Administrator - Elevation successful)

========== file ==========

c:\windows\Fonts\05N2d.com - File found and opened.
MD5: E85826969E3131DB0550F4EF1E2F2091
Created at 11:41 on 23/04/2010
Modified at 11:41 on 23/04/2010
Size: 37376 bytes
Attributes: --a---
No version information available.

-=End Of File=-